Keychain is a section in Termius, where you can import and generate SSH keys and create identities. It is also where you can see, edit and remove all your imported or generated keys and identities. Additionally, Termius for iOS, macOS, and Android allows you to generate keys inside isolated hardware subsystems.

In the desktop app, the keychain can be found in Preferences > Keychain. In the mobile apps, select Keychain in the app's main menu.

If you're interested in certificate-based authentication, see About certificate-based authentication.

Note: To authenticate using a key, link the key with the host in the host's properties.

Import a key

You can import a key by selecting a file containing the key or pasting the key from clipboard.

  1. In Preferences, choose Keychain.
  2. Click New and then Import or paste a key.
  3. In the Label field, provide a name for the key.
  4. Choose one of the following:
    • To select a file with the key, click Import from key file and select it.
    • To paste the key that is a PEM/Open SSH key, copy and paste the key into the Private Key field. Make sure you copy the key along with the BEGIN and END tags.
    • To paste a Putty (.ppk) key, copy and paste the contents of the file into the Private Key field.
      ezgif-5-d8c7cc4ddd.gif
  5. If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
  6. Your key has been saved  🎉  Click  ➔  at the top right to hide the key details.
  1. Choose Keychain in the app's main menu.
  2. Tap + at the top right and then choose one of the following:
    • To select a file with the key, tap Import key and select the file.
      ezgif-2-7fc042ecdc.gif
    • To paste the key from clipboard, tap Paste key, then paste it to the Private field.
      ezgif-1-ee6a05e8b3.gif
  3. In the Name field, provide a name for the key.
  4. If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
  5. Tap Save at the top right.
  1. Choose Keychain in the app's main menu.
  2. Tap + at the top right and then choose one of the following:
    • To select a file with the key, tap Import key and select the file.
    • To paste the key from clipboard, tap Paste key, then paste it to the Private key field.
      16603108828317398899548875805922_2_.gif
  3. In the Name field, provide a name for the key.
  4. If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
  5. Tap ✔️ at the top right.

Note: If the key is protected by a passphrase, specify it in the Passphrase field in the key entry. If you don't, you'll be asked to provide the passphrase during connection.

About certificate-based authentication

SSH certificates are tools for managing SSH access at a large scale. Recent versions of Termius, both mobile and desktop, support SSH user certificates. SSH host certificates are not yet supported.

Let us know, if you want host certificates to be supported.

More information about user certificates can be found in this article.

Use SSH certificates in Termius

Connecting to a host using a certificate requires that you import / link the certificate with the associated private key in Termius, as shown below, and then attach the key to the host's entry.

  1. In Preferences, choose Keychain.
  2. Right-click the key that is associated with the certificate, then click Edit.
  3. Paste the certificate contents to the Certificate field.
  4. Click  ➔  at the top right.
    ezgif-3-305bebe251.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the key that is associated with the certificate, then tap Edit.
  3. Paste the certificate contents to the Certificate field.
  4. Tap Save.
    ezgif-4-1e040ab2b9.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the name of the key that is associated with the certificate, then tap  Vector.png
  3. Paste the certificate contents to the Certificate field.
  4. Tap ✔️
    16619584379845706397902543326172.gif

Generate a key

  1. In Preferences, choose Keychain.
  2. Click New and then Generate new key.
  3. Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
  4. Click Generate & save.
    ezgif-5-5ac51e34b0.gif
  5. Click  ➔  in the top right corner.
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate Key.
  3. Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
  4. Tap Save.
  5. k-ezgif-5-8b1ade2ece.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate Key.
  3. Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
  4. Tap ✔️
  5. k-16476278004043555116428890729780.gif

Note: On iOS, macOS and Android you can generate a key inside an isolated hardware subsystem. The private part of such a key cannot be accessed by Termius or the OS.

Once a key is generated, you can export it to a remote machine without leaving Termius, as described below.

Export a key to a host

Exporting keys means adding its public part to an authorized_keys file, which is stored on the server. On iOS and Android, the key will be automatically attached to that host's entry.

  1. In Preferences, choose Keychain.
  2. Right-click the key you'd like to export and then click Export to host.
  3. Click Select host and select the host to which you want to upload the key.
  4. Check Attach to host, if you'd like the key to be linked with the host you've selected.
  5. Adjust other parameters, if desired.
  6. Click Export at the bottom.
    ezgif-3-f8974f2ecd.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then tap Share and Export to host.
  3. Select the required host.
  4. Adjust the parameters of export, if desired.
  5. Tap Export.
  6. k-ezgif-1-53c1209a55.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then tap ⋮ and Export to host.
  3. Tap Select host, then select the host to which you want to upload the key.
  4. Adjust the parameters of export, if desired.
  5. Tap ✔️ at the top right.
  6. k-16474624840117756254125691112475.gif

Identities

Identities contain authentication details and can save you valuable time, if some of your servers require providing the same set of credentials. Those credentials can be quickly added as an identity and linked with the host entries. When the credentials change, you won't have to update every single one of the hosts – just the identity.

Add an identity

There are two ways to add one: on the Keychain screen, as described below, and when adding / editing a host.

  1. In Preferences, choose Keychain.
  2. Click New and then New identity.
  3. (Optionally) in the Label field, provide a name for the identity.
  4. Fill in the rest of the form.
  5. Click ➔ at the top right.
    ezgif-3-339c56cb84.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then New Identity.
  3. (Optionally) in the Name field, provide a name for the identity.
  4. Fill in the rest of the form.
  5. Tap Save / ✔️
  6. k-ezgif-5-1c122c2830.gif

Link an identity and a host

You can link an identity with a host in the host's properties. To do so, in the desktop app, click Set an identity; in the mobile apps, tap 👤 next to the Username field.

In the desktop Termius app, you will be suggested to create and use an identity, if the username or password you're typing resembles that from another host entry.

ezgif-5-7afa7a6cd5.gif

Key examples

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7sjK625IlQyhQ1zFP4Fli3Ra7qt0amEJe+HO6TjEvkIO4a2MInSYGy6ujuSVEjzWuTC89KikcWlPsgwY6evbDiyCExubai+yWRxZL8Vyr9v3fWTcoUWPbW5yvdASS6QKaCRtOKV4dCl6xG2RTh3BiYuWKFOQb6AS0HdiGElKBLsQNjRGpxAWQ5a64ZiLEKDwCIDyN5wNCMp4Naa7Zv1vzWIOdm8D/yl/PmckealSZimKo0+/tfRKV03rQi2a1ANEPxJM5wmnFKQe4InLzs2x+HUlpfoi1bvecBgJvnN9Kr04sa03NUvy4UABQrmg/haM+PEq5EnXS4Bfh93SJin8J
-----BEGIN RSA PRIVATE KEY----- 
Proc-Type: 4,ENCRYPTED 
DEK-Info: DES-EDE3-CBC,393C44619C5B62FB 
g7l6jpFKUWqiU+7wvS+CRCpYygAchVIJTHmR9mTQwxQD6XUMMBfmLO+K6EgB
GOt6HxqTxQsAIAYtHQD370qQVC9aKF4Du2TkMiAlAiET6lyw7yEZeipkY46l
Jm74SvFJxo3dLERKJBcDfNDoBJK/zjJN9I2zfUT2DgPodJwzWCfnk4g+/wWD
6wNOSGM57XjRPOQi4kJWI8zxX6v2REhybrfWwFxFaTpxMausotKa9R0hC+16
9DXGjnfXMPg6va6dMUVPHKhoNzUInRWA1FPF+Vt9z5X2jQMGf4AJN7W65QE7
Q0Boao+aOERKDVTzP1FftRL6X0+BgXMjetqKGP0tJydiAVuP6vXEy1n8Yreh
UJSqNHJXT23o6kry/s7tMqzoke96suSNyQKmPPjFq4MKe+v+/9mQzA4UUcVW
gCi2dqZxPhNsAzBXTyIrnFcPykOYQPmdLMjpxeavbj8F5qZ8pREqDw+WpL8o
nI64udLFL3kjN5tCC9l3wHKDUJd6Q9y95gTKBnVcCRNvlKuLXbb7O5Z1hYKh
pdqVJv8pLAhg2/BtTthseV8MjMnLEnbW6nSPSPLlev76vk/QK6PIR9hQrJGr
zXJDvcYEpXJ2YBcgvEIbKR/eFAsPeM4Gin00M6RjcDSO6p2ymxpiZ4AdDvgj
kTkAx7ZXkxwrr7rRTOgyZZvuY/CpJbW4gs9a+zej5U77RtWIHj+XZWvTQDPX
5VcqDtE/C/bcsM9OQB019rkEcgDjKDtu9uWfDscSCxzMwfCixHrpJwudVCF3
M6WAvfuB0SLc6UCBALHbln2SksaC+7teUwJP9XD8hg== 
-----END RSA PRIVATE KEY-----
-----BEGIN OPENSSH PRIVATE KEY----- 
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAA
BAxBix87dJvVrEotmWsbAZwAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AA
AAIPKKmhHgVw5SM8IHuo2XalsMHXvDwBxA7vL+TG/CACK9AAAAkNWU8rq/Tox
IgS2BXVJNJI8SI8qHehGmUGEmMIA+w+bpKwhfWj/Z24DHXrtdPpeTbUT7KHOD
lBu+StJpN1vtW5kNSuMpE9fL+0GEIasIDsEY9xD1sLtGAy0pMR6yzB3EW2OEZ
E8NoTCKJ0Xq18km8Uo1KG8naT2DeSEDzuHSP6NQWkJx5kBmP6jMW98HAsSIQA
== 
-----END OPENSSH PRIVATE KEY-----
PuTTY-User-Key-File-2: ssh-rsa 
Encryption: none 
Comment: imported-openssh-key 
Public-Lines: 6 
AAAAB3NzaC1yc2EAAAADAQABAAABAQDY3ZZzql+hnn8TpOHUk96KiX2pk8
ND5p+cEqLbFnpi5+5iqx1hdJbZo0oW69Gx3wcWD3RVT8fVJDPmtsXlZkRh
jGAOiz8VFpKJu2i2dyLZiX3xLzDI76aHIVW7Xehf3NE3ugHFjBiV41XaN6
MSE+xeP3U7Mp16Ee3lQZ8BJ5ujC5ZGhEgd27GIyV+yndee/T9YHms0tpYh
6AC039QFWot5LlHnz2FlvTqUmIvdn99KZSERlZ1sATceHxFHauJN6M0tFm
N1h/KfNBTflI5IUevOwpbEWnSBXOVM3pCFyftu9j7oQydtozE4G5T5Goxi
JJ5DbznnEcdW8lKAX7lMznvR 
Private-Lines: 14 
AAABADpl8U3UY0wyUiYIEIgeCZ9kxuITWFHAmNp+ajx1IR/hNOB9E7w+l6
CjyB/EAQPU+yOFpd4TTcynoxJNxZywnVlnY7aG6MXU/kD4pon8KvZJgBCi
lJCHeGCLKXr7HsgxvmUzQabgwv4Z6dSJhvAnTU9T5025o45rpZRGx3qYH+
EXjrG17tIog45xp3pk9qWo46ZdCMKNfa2LwNcibbVUPMvgLZah6b/atPI3
qXAqnoE4PWrVnNbgwP2vNnaYj/QK2gESc4nNkr0QEDZaLiYlUGJYmOKi7T
zVUVIRirwK4jAmFXyHcBiRNAwBonnIdIQKNgnZkdVuFKWjNvKPROTycQEA
AACBAPTa7XG7ko6aWE334HGGLLGRdtsgqePJfMl8hIm1wOsLkVZ7gLJH6T
0fhyR32oWnYNcvpgp/xVMpDdSp+tIJhTSlAAz+1jQAC5aNr/CXu6vQow6z
FSnoQIYtnr619JzRITs2kZlm8Sp/i709f+FXj47RJXGBTkOUfBtfgaVbIx
sVAAAAgQDivIXjCCbv4sLpomvrKjp8YTgrlmVadCIhIRsLxVwXQkFmUdsY
djD9gH1kCN/UAsYba0qs99+ih4QQM2KBz30nj5DREFMZrjQjPvFQ3KJ0zI
6KsIxQZ2fUOPhhg2SY8brwKQjfBuieFj7dI5kXBBoi4inQ/+Al8IjVGdCC
IK2czQAAAIB++WLFsz1J/zqskCM4Dyf927m00pmL99KuyaDK5Gad2Vmuj9
Ky4i9+TSVusm52h0HA6GHt0s2wLbdLJszVZwhB7sTIYI8unAhgN4mC9Z7z
ObvijFX3Z/h5gne771r0UAWUmFSU4g5Sd+kz4is5i8Ig1/Q5vR/sdWV/RO
cHkhUlCA==
Private-MAC: 91b6b2cd0050a2d8c5cf9920b9baf568c28cb16b

Add comment

Please sign in to leave a comment.

Comments

1 comment

  • Alex Balcanquall

    This was really helpful, the export to host feature + keygen in the app just pushed me over the edge to start using keys for the first time (been meaning to do it for years).  Couple of comments.

    1. please add export to window app :-)
    2. export requires the home directory to exist for the user, on NAS systems like synology the admin will need to enable home dirs in the UI - might be worth calling out
    3. it would be nice to batch export to a group of hosts
    4. the export UI is odd on iOS - why do I have to click the apple share icon?

    thanks!

     

    Alex Balcanquall
    0