Termius for iOS and macOS allows you to generate a key inside Secure Enclave (SEP), an isolated hardware subsystem that comes with most Apple devices, and use it for SSH connections. The private part of such a key cannot be accessed by Termius or the operating system.
Before generating a key in Secure Enclave, you'll need to protect your device with a passcode, Touch ID, or Face ID. You will be asked to authenticate with one of these methods during connection.
As of now, it is possible to generate only 256-bit ECDSA keys.
Important: Resetting the passcode, Touch ID or Face ID will make all previously generated keys unusable.
Generate a biometric key
- In Preferences, choose Keychain.
- Click + New Key and then Generate new biometric key.
- (Optionally) in the Set a label... field, provide a name for the key.
- Click Generate.
- Choose Keychain in the app's main menu.
- Tap + and then Generate Secure Enclave key.
- In the Name field, provide a name for the key, and tap Generate.
Important: Since the private part of a biometric key cannot be accessed by Termius, it will not be synchronized with your Termius account.
Export a biometric key
As with other kinds of keys, you can use Termius to add a key's public part to the authorized_keys file stored on a host. On iOS, the key will be automatically attached to that host's entry.
- In Preferences, choose Keychain.
- Right-click the key and then Export to host.
- Click Select host and select the host to which you want to upload the key.
- Check Attach to host, if you'd like the key to be linked with the host you've selected.
- Adjust other parameters, if desired.
- Tap the required host and then Export.
- Click Export key at the top.
- Choose Keychain in the app's main menu.
- Tap and hold the required key, then choose Share and Export to host.
- Adjust the parameters of export, if desired.
- Tap the required host and then Export.
Add comment
Please sign in to leave a comment.