Keychain is a section in Termius, where you can import and generate SSH keys and create identities. It is also where you can see, edit and remove all your imported or generated keys and identities. Additionally, Termius for iOS, macOS, and Android allows you to generate keys inside isolated hardware subsystems.
In the desktop app, the keychain can be found in Preferences > Keychain. In the mobile apps, select Keychain in the app's main menu.
If you're interested in certificate-based authentication, see About certificate-based authentication.
Note: To authenticate using a key, link the key with the host in the host's properties.
Import a key
You can import a key by selecting a file containing the key or pasting the key from clipboard.
- In Preferences, choose Keychain.
- Click New and then Import or paste a key.
- In the Label field, provide a name for the key.
- Choose one of the following:
- To select a file with the key, click Import from key file and select it.
- To paste the key that is a PEM/Open SSH key, copy and paste the key into the Private Key field. Make sure you copy the key along with the
BEGIN
andEND
tags. - To paste a Putty (.ppk) key, copy and paste the contents of the file into the Private Key field.
- If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
- Your key has been saved 🎉 Click ➔ at the top right to hide the key details.
- Choose Keychain in the app's main menu.
- Tap + at the top right and then choose one of the following:
- To select a file with the key, tap Import key and select the file.
- To paste the key from clipboard, tap Paste key, then paste it to the Private field.
- To select a file with the key, tap Import key and select the file.
- In the Name field, provide a name for the key.
- If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
- Tap Save at the top right.
- Choose Keychain in the app's main menu.
- Tap + at the top right and then choose one of the following:
- To select a file with the key, tap Import key and select the file.
- To paste the key from clipboard, tap Paste key, then paste it to the Private key field.
- In the Name field, provide a name for the key.
- If you'd like to use the key together with an SSH certificate, add it to the appropriate field.
- Tap ✔️ at the top right.
Note: If the key is protected by a passphrase, specify it in the Passphrase field in the key entry. If you don't, you'll be asked to provide the passphrase during connection.
About certificate-based authentication
SSH certificates are tools for managing SSH access at a large scale. Recent versions of Termius, both mobile and desktop, support SSH user certificates. SSH host certificates are not yet supported.
Let us know, if you want host certificates to be supported.
More information about user certificates can be found in this article.
Use SSH certificates in Termius
Connecting to a host using a certificate requires that you import / link the certificate with the associated private key in Termius, as shown below, and then attach the key to the host's entry.
- In Preferences, choose Keychain.
- Right-click the key that is associated with the certificate, then click Edit.
- Paste the certificate contents to the Certificate field.
- Click ➔ at the top right.
- Choose Keychain in the app's main menu.
- Tap and hold the key that is associated with the certificate, then tap Edit.
- Paste the certificate contents to the Certificate field.
- Tap Save.
- Choose Keychain in the app's main menu.
- Tap and hold the name of the key that is associated with the certificate, then tap
- Paste the certificate contents to the Certificate field.
- Tap ✔️
Generate a key
- In Preferences, choose Keychain.
- Click New and then Generate new key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Click Generate & save.
- Click ➔ in the top right corner.
- Choose Keychain in the app's main menu.
- Tap + and then Generate Key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Tap Save.
- Choose Keychain in the app's main menu.
- Tap + and then Generate Key.
- Specify key parameters. Add a passphrase, if desired, and check Save passphrase to save the passphrase in the key entry that you are creating.
- Tap ✔️
Note: On iOS, macOS and Android you can generate a key inside an isolated hardware subsystem. The private part of such a key cannot be accessed by Termius or the OS.
Once a key is generated, you can export it to a remote machine without leaving Termius, as described below.
Export a key to a host
Exporting keys means adding its public part to an authorized_keys file, which is stored on the server. On iOS and Android, the key will be automatically attached to that host's entry.
- In Preferences, choose Keychain.
- Right-click the key you'd like to export and then click Export to host.
- Click Select host and select the host to which you want to upload the key.
- Check Attach to host, if you'd like the key to be linked with the host you've selected.
- Adjust other parameters, if desired.
- Click Export at the bottom.
- Choose Keychain in the app's main menu.
- Tap and hold the required key, then tap Share and Export to host.
- Select the required host.
- Adjust the parameters of export, if desired.
- Tap Export.
- Choose Keychain in the app's main menu.
- Tap and hold the required key, then tap ⋮ and Export to host.
- Tap Select host, then select the host to which you want to upload the key.
- Adjust the parameters of export, if desired.
- Tap ✔️ at the top right.
Identities
Identities contain authentication details and can save you valuable time, if some of your servers require providing the same set of credentials. Those credentials can be quickly added as an identity and linked with the host entries. When the credentials change, you won't have to update every single one of the hosts – just the identity.
Add an identity
There are two ways to add one: on the Keychain screen, as described below, and when adding / editing a host.
- In Preferences, choose Keychain.
- Click New and then New identity.
- (Optionally) in the Label field, provide a name for the identity.
- Fill in the rest of the form.
- Click ➔ at the top right.
- Choose Keychain in the app's main menu.
- Tap + and then New Identity.
- (Optionally) in the Name field, provide a name for the identity.
- Fill in the rest of the form.
- Tap Save / ✔️
Link an identity and a host
You can link an identity with a host in the host's properties. To do so, in the desktop app, click Set an identity; in the mobile apps, tap 👤 next to the Username field.
In the desktop Termius app, you will be suggested to create and use an identity, if the username or password you're typing resembles that from another host entry.
Key examples
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7sjK625IlQyhQ1zFP4Fli3Ra7qt0amEJe+HO6TjEvkIO4a2MInSYGy6ujuSVEjzWuTC89KikcWlPsgwY6evbDiyCExubai+yWRxZL8Vyr9v3fWTcoUWPbW5yvdASS6QKaCRtOKV4dCl6xG2RTh3BiYuWKFOQb6AS0HdiGElKBLsQNjRGpxAWQ5a64ZiLEKDwCIDyN5wNCMp4Naa7Zv1vzWIOdm8D/yl/PmckealSZimKo0+/tfRKV03rQi2a1ANEPxJM5wmnFKQe4InLzs2x+HUlpfoi1bvecBgJvnN9Kr04sa03NUvy4UABQrmg/haM+PEq5EnXS4Bfh93SJin8J
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,393C44619C5B62FB g7l6jpFKUWqiU+7wvS+CRCpYygAchVIJTHmR9mTQwxQD6XUMMBfmLO+K6EgB GOt6HxqTxQsAIAYtHQD370qQVC9aKF4Du2TkMiAlAiET6lyw7yEZeipkY46l Jm74SvFJxo3dLERKJBcDfNDoBJK/zjJN9I2zfUT2DgPodJwzWCfnk4g+/wWD 6wNOSGM57XjRPOQi4kJWI8zxX6v2REhybrfWwFxFaTpxMausotKa9R0hC+16 9DXGjnfXMPg6va6dMUVPHKhoNzUInRWA1FPF+Vt9z5X2jQMGf4AJN7W65QE7 Q0Boao+aOERKDVTzP1FftRL6X0+BgXMjetqKGP0tJydiAVuP6vXEy1n8Yreh UJSqNHJXT23o6kry/s7tMqzoke96suSNyQKmPPjFq4MKe+v+/9mQzA4UUcVW gCi2dqZxPhNsAzBXTyIrnFcPykOYQPmdLMjpxeavbj8F5qZ8pREqDw+WpL8o nI64udLFL3kjN5tCC9l3wHKDUJd6Q9y95gTKBnVcCRNvlKuLXbb7O5Z1hYKh pdqVJv8pLAhg2/BtTthseV8MjMnLEnbW6nSPSPLlev76vk/QK6PIR9hQrJGr zXJDvcYEpXJ2YBcgvEIbKR/eFAsPeM4Gin00M6RjcDSO6p2ymxpiZ4AdDvgj kTkAx7ZXkxwrr7rRTOgyZZvuY/CpJbW4gs9a+zej5U77RtWIHj+XZWvTQDPX 5VcqDtE/C/bcsM9OQB019rkEcgDjKDtu9uWfDscSCxzMwfCixHrpJwudVCF3 M6WAvfuB0SLc6UCBALHbln2SksaC+7teUwJP9XD8hg== -----END RSA PRIVATE KEY-----
-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAA BAxBix87dJvVrEotmWsbAZwAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AA AAIPKKmhHgVw5SM8IHuo2XalsMHXvDwBxA7vL+TG/CACK9AAAAkNWU8rq/Tox IgS2BXVJNJI8SI8qHehGmUGEmMIA+w+bpKwhfWj/Z24DHXrtdPpeTbUT7KHOD lBu+StJpN1vtW5kNSuMpE9fL+0GEIasIDsEY9xD1sLtGAy0pMR6yzB3EW2OEZ E8NoTCKJ0Xq18km8Uo1KG8naT2DeSEDzuHSP6NQWkJx5kBmP6jMW98HAsSIQA == -----END OPENSSH PRIVATE KEY-----
PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: imported-openssh-key Public-Lines: 6 AAAAB3NzaC1yc2EAAAADAQABAAABAQDY3ZZzql+hnn8TpOHUk96KiX2pk8 ND5p+cEqLbFnpi5+5iqx1hdJbZo0oW69Gx3wcWD3RVT8fVJDPmtsXlZkRh jGAOiz8VFpKJu2i2dyLZiX3xLzDI76aHIVW7Xehf3NE3ugHFjBiV41XaN6 MSE+xeP3U7Mp16Ee3lQZ8BJ5ujC5ZGhEgd27GIyV+yndee/T9YHms0tpYh 6AC039QFWot5LlHnz2FlvTqUmIvdn99KZSERlZ1sATceHxFHauJN6M0tFm N1h/KfNBTflI5IUevOwpbEWnSBXOVM3pCFyftu9j7oQydtozE4G5T5Goxi JJ5DbznnEcdW8lKAX7lMznvR Private-Lines: 14 AAABADpl8U3UY0wyUiYIEIgeCZ9kxuITWFHAmNp+ajx1IR/hNOB9E7w+l6 CjyB/EAQPU+yOFpd4TTcynoxJNxZywnVlnY7aG6MXU/kD4pon8KvZJgBCi lJCHeGCLKXr7HsgxvmUzQabgwv4Z6dSJhvAnTU9T5025o45rpZRGx3qYH+ EXjrG17tIog45xp3pk9qWo46ZdCMKNfa2LwNcibbVUPMvgLZah6b/atPI3 qXAqnoE4PWrVnNbgwP2vNnaYj/QK2gESc4nNkr0QEDZaLiYlUGJYmOKi7T zVUVIRirwK4jAmFXyHcBiRNAwBonnIdIQKNgnZkdVuFKWjNvKPROTycQEA AACBAPTa7XG7ko6aWE334HGGLLGRdtsgqePJfMl8hIm1wOsLkVZ7gLJH6T 0fhyR32oWnYNcvpgp/xVMpDdSp+tIJhTSlAAz+1jQAC5aNr/CXu6vQow6z FSnoQIYtnr619JzRITs2kZlm8Sp/i709f+FXj47RJXGBTkOUfBtfgaVbIx sVAAAAgQDivIXjCCbv4sLpomvrKjp8YTgrlmVadCIhIRsLxVwXQkFmUdsY djD9gH1kCN/UAsYba0qs99+ih4QQM2KBz30nj5DREFMZrjQjPvFQ3KJ0zI 6KsIxQZ2fUOPhhg2SY8brwKQjfBuieFj7dI5kXBBoi4inQ/+Al8IjVGdCC IK2czQAAAIB++WLFsz1J/zqskCM4Dyf927m00pmL99KuyaDK5Gad2Vmuj9 Ky4i9+TSVusm52h0HA6GHt0s2wLbdLJszVZwhB7sTIYI8unAhgN4mC9Z7z ObvijFX3Z/h5gne771r0UAWUmFSU4g5Sd+kz4is5i8Ig1/Q5vR/sdWV/RO cHkhUlCA== Private-MAC: 91b6b2cd0050a2d8c5cf9920b9baf568c28cb16b
This was really helpful, the export to host feature + keygen in the app just pushed me over the edge to start using keys for the first time (been meaning to do it for years). Couple of comments.
1. please add export to window app :-)
2. export requires the home directory to exist for the user, on NAS systems like synology the admin will need to enable home dirs in the UI - might be worth calling out
3. it would be nice to batch export to a group of hosts
4. the export UI is odd on iOS - why do I have to click the apple share icon?
thanks!