Keychain is a section in Termius, where you can import and generate ssh keys and create identities. It is also where you can see, edit and remove all your imported or generated keys and identities.
In the desktop app, the keychain can be found in Preferences > Keychain. In the mobile apps, select Keychain in the app's main menu.
Note: To authenticate using a key, link the key with the host in the host's properties.
Import a key
You can import a key by selecting the file containing the key or pasting the key from the clipboard.
- In Preferences, choose Keychain.
- Click + New Key and then Import or paste a key.
- In the Set a label... field, provide a name for the key.
- Choose one of the following:
- To select the file with the key, click Import from key file and select it.
- To paste the key from the clipboard that is a PEM/Open SSH key, copy and paste the key into the Private Key field. Make sure you copy the key along with
BEGIN
andEND
tags. - To paste a Putty (.ppk) key from the clipboard, copy and paste the contents of the file into the Private Key field.
- Your key has been saved π Click β at the top right to hide the key details.
- Choose Keychain in the app's main menu.
- Tap + and choose how you want to add a key.
- To select the file containing the key, tap Import Key, select the file, then tap βοΈ.
- To paste the key from the clipboard:
- Tap Paste Key.
- In the Name field, provide a name for the key.
- For a PEM/Open SSH key, copy and paste the private key into the Private Key field. For a Putty (.ppk) key, copy / paste the full file contents into the Private Key field. Then, tap βοΈ.
Note: If the key is protected by a passphrase, specify the passphrase in the Passphrase field. If you don't specify the passphrase, you'll be asked for it upon connection.
Import a key on iOS
You can import a key by selecting the file containing the key or pasting the key from the clipboard.
- Make sure the file extension is text, txt, pem, key or ppk.
- Transfer the file the preferred way, e.g. downloading, iCloud Drive, Finder or AirDrop. If youβre going to download it or use iCloud Drive, place the file in Files > On my... > Termius. When using AirDrop, you may see the Paste Key form - if you do, skip to step 6.
- In Termius, choose Keychain in the app's main menu.
- Tap + at the top right and then Import Key.
- Select the key.
- (Optionally) in the Name field, provide a name for the key.
- If the key is protected by a passphrase, specify the passphrase in the Passphrase field.
- Tap Save.
- Choose Keychain in the app's main menu.
- Tap + at the top right and then Paste Key.
- In the Name field, provide a name for the key.
- If the key is protected by a passphrase, specify the passphrase in the Passphrase field.
- For a PEM/OpenSSH key, copy and paste the private key into the Private Key field.
For a Putty (.ppk) key, copy / paste the full file contents into the Private Key field. - Tap Save.
Generate a key
- In Preferences, choose Keychain.
- Click + New Key and then Generate new key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Click Generate & save.
- Click β in the top right corner.
- Choose Keychain in the app's main menu.
- Tap + and then Generate Key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Tap Save.
- Choose Keychain in the app's main menu.
- Tap + and then Generate Key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Tap βοΈ.
Note: On iOS and macOS, you can generate and store a key in Secure Enclave. In such a case, the key will never leave the device and it will be protected by Touch ID or Face ID.
Once a key is generated, you can export it to a remote machine without leaving Termius, as described below.
Export a key to a host
Exporting keys means adding its public part to the authorized_keys file, which is stored on the server. On iOS and Android, the key will be automatically attached to that host's entry.
- In Preferences, choose Keychain.
- Right-click the key and then Export to host.
- Click Select host and select the host to which you want to upload the key.
- Check Attach to host, if you'd like the key to be linked with the host you've selected.
- Adjust other parameters, if desired.
- Tap the required host and then Export.
- Click Export key at the top.
- Choose Keychain in the app's main menu.
- Tap and hold the required key, then choose Share and Export to host.
- Adjust the parameters of export, if desired.
- Tap the required host and then Export.
- Choose Keychain in the app's main menu.
- Tap and hold the required key, then choose Share and Export to host.
- Adjust the parameters of export, if desired.
- Tap the required host and then Export.
Identities
You may find them useful when you have several host entries requiring the same credentials. You can save those credentials in an identity and link the identity with the hosts or a group. When the credentials need to be updated, you won't have to update every one of those hosts β just the identity.
Add an identity
- In Preferences, choose Keychain.
- Click + New Identity.
- (Optionally) in the Set a label... field, provide a name for the identity.
- Fill in the rest of the form, as required.
- Click β at the top right.
- Choose Keychain in the app's main menu.
- Tap + and choose New Identity.
- (Optionally) in the Name field, provide a name for the identity.
- Fill in the rest of the form, as required.
- Tap Save / βοΈ.
You can link an identity with one of your hosts in the host properties. For that, in the desktop app, click Identities next to Username, and in the mobile apps, click π€ button next to Username.
Key examples
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7sjK625IlQyhQ1zFP4Fli3Ra7qt0amEJe+HO6TjEvkIO4a2MInSYGy6ujuSVEjzWuTC89KikcWlPsgwY6evbDiyCExubai+yWRxZL8Vyr9v3fWTcoUWPbW5yvdASS6QKaCRtOKV4dCl6xG2RTh3BiYuWKFOQb6AS0HdiGElKBLsQNjRGpxAWQ5a64ZiLEKDwCIDyN5wNCMp4Naa7Zv1vzWIOdm8D/yl/PmckealSZimKo0+/tfRKV03rQi2a1ANEPxJM5wmnFKQe4InLzs2x+HUlpfoi1bvecBgJvnN9Kr04sa03NUvy4UABQrmg/haM+PEq5EnXS4Bfh93SJin8J
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,393C44619C5B62FB g7l6jpFKUWqiU+7wvS+CRCpYygAchVIJTHmR9mTQwxQD6XUMMBfmLO+K6EgB GOt6HxqTxQsAIAYtHQD370qQVC9aKF4Du2TkMiAlAiET6lyw7yEZeipkY46l Jm74SvFJxo3dLERKJBcDfNDoBJK/zjJN9I2zfUT2DgPodJwzWCfnk4g+/wWD 6wNOSGM57XjRPOQi4kJWI8zxX6v2REhybrfWwFxFaTpxMausotKa9R0hC+16 9DXGjnfXMPg6va6dMUVPHKhoNzUInRWA1FPF+Vt9z5X2jQMGf4AJN7W65QE7 Q0Boao+aOERKDVTzP1FftRL6X0+BgXMjetqKGP0tJydiAVuP6vXEy1n8Yreh UJSqNHJXT23o6kry/s7tMqzoke96suSNyQKmPPjFq4MKe+v+/9mQzA4UUcVW gCi2dqZxPhNsAzBXTyIrnFcPykOYQPmdLMjpxeavbj8F5qZ8pREqDw+WpL8o nI64udLFL3kjN5tCC9l3wHKDUJd6Q9y95gTKBnVcCRNvlKuLXbb7O5Z1hYKh pdqVJv8pLAhg2/BtTthseV8MjMnLEnbW6nSPSPLlev76vk/QK6PIR9hQrJGr zXJDvcYEpXJ2YBcgvEIbKR/eFAsPeM4Gin00M6RjcDSO6p2ymxpiZ4AdDvgj kTkAx7ZXkxwrr7rRTOgyZZvuY/CpJbW4gs9a+zej5U77RtWIHj+XZWvTQDPX 5VcqDtE/C/bcsM9OQB019rkEcgDjKDtu9uWfDscSCxzMwfCixHrpJwudVCF3 M6WAvfuB0SLc6UCBALHbln2SksaC+7teUwJP9XD8hg== -----END RSA PRIVATE KEY-----
-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAA BAxBix87dJvVrEotmWsbAZwAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AA AAIPKKmhHgVw5SM8IHuo2XalsMHXvDwBxA7vL+TG/CACK9AAAAkNWU8rq/Tox IgS2BXVJNJI8SI8qHehGmUGEmMIA+w+bpKwhfWj/Z24DHXrtdPpeTbUT7KHOD lBu+StJpN1vtW5kNSuMpE9fL+0GEIasIDsEY9xD1sLtGAy0pMR6yzB3EW2OEZ E8NoTCKJ0Xq18km8Uo1KG8naT2DeSEDzuHSP6NQWkJx5kBmP6jMW98HAsSIQA == -----END OPENSSH PRIVATE KEY-----
PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: imported-openssh-key Public-Lines: 6 AAAAB3NzaC1yc2EAAAADAQABAAABAQDY3ZZzql+hnn8TpOHUk96KiX2pk8 ND5p+cEqLbFnpi5+5iqx1hdJbZo0oW69Gx3wcWD3RVT8fVJDPmtsXlZkRh jGAOiz8VFpKJu2i2dyLZiX3xLzDI76aHIVW7Xehf3NE3ugHFjBiV41XaN6 MSE+xeP3U7Mp16Ee3lQZ8BJ5ujC5ZGhEgd27GIyV+yndee/T9YHms0tpYh 6AC039QFWot5LlHnz2FlvTqUmIvdn99KZSERlZ1sATceHxFHauJN6M0tFm N1h/KfNBTflI5IUevOwpbEWnSBXOVM3pCFyftu9j7oQydtozE4G5T5Goxi JJ5DbznnEcdW8lKAX7lMznvR Private-Lines: 14 AAABADpl8U3UY0wyUiYIEIgeCZ9kxuITWFHAmNp+ajx1IR/hNOB9E7w+l6 CjyB/EAQPU+yOFpd4TTcynoxJNxZywnVlnY7aG6MXU/kD4pon8KvZJgBCi lJCHeGCLKXr7HsgxvmUzQabgwv4Z6dSJhvAnTU9T5025o45rpZRGx3qYH+ EXjrG17tIog45xp3pk9qWo46ZdCMKNfa2LwNcibbVUPMvgLZah6b/atPI3 qXAqnoE4PWrVnNbgwP2vNnaYj/QK2gESc4nNkr0QEDZaLiYlUGJYmOKi7T zVUVIRirwK4jAmFXyHcBiRNAwBonnIdIQKNgnZkdVuFKWjNvKPROTycQEA AACBAPTa7XG7ko6aWE334HGGLLGRdtsgqePJfMl8hIm1wOsLkVZ7gLJH6T 0fhyR32oWnYNcvpgp/xVMpDdSp+tIJhTSlAAz+1jQAC5aNr/CXu6vQow6z FSnoQIYtnr619JzRITs2kZlm8Sp/i709f+FXj47RJXGBTkOUfBtfgaVbIx sVAAAAgQDivIXjCCbv4sLpomvrKjp8YTgrlmVadCIhIRsLxVwXQkFmUdsY djD9gH1kCN/UAsYba0qs99+ih4QQM2KBz30nj5DREFMZrjQjPvFQ3KJ0zI 6KsIxQZ2fUOPhhg2SY8brwKQjfBuieFj7dI5kXBBoi4inQ/+Al8IjVGdCC IK2czQAAAIB++WLFsz1J/zqskCM4Dyf927m00pmL99KuyaDK5Gad2Vmuj9 Ky4i9+TSVusm52h0HA6GHt0s2wLbdLJszVZwhB7sTIYI8unAhgN4mC9Z7z ObvijFX3Z/h5gne771r0UAWUmFSU4g5Sd+kz4is5i8Ig1/Q5vR/sdWV/RO cHkhUlCA== Private-MAC: 91b6b2cd0050a2d8c5cf9920b9baf568c28cb16b
This was really helpful, the export to host feature + keygen in the app just pushed me over the edge to start using keys for the first time (been meaning to do it for years).Β Couple of comments.
1. please add export to window app :-)
2. export requires the home directory to exist for the user, on NAS systems like synology the admin will need to enable home dirs in the UI - might be worth calling out
3. it would be nice to batch export to a group of hosts
4. the export UI is odd on iOS - why do I have to click the apple share icon?
thanks!
Β