Biometric Keys (Touch ID, Face ID, Windows Hello, Keystore) Biometric Keys (Touch ID, Face ID, Windows Hello, Keystore)

Biometric Keys (Touch ID, Face ID, Windows Hello, Keystore)

Dmitry Babinsky Dmitry Babinsky

Termius for iOS, Windows, macOS, and Android allows you to generate an SSH key inside an isolated hardware subsystem and use it for SSH connections. The key is generated inside Secure Enclave (SEP) on iOS and macOS, Windows Hello on Windows, and Keystore on Android. The private part of such a key cannot be accessed by Termius or the OS.

Before generating a key in Secure Enclave, Windows Hello, and Keystore, you'll need to protect your device with Touch ID / fingerprint, Face ID / face recognition, or passcode, if you're using iOS or macOS or Windows. You'll be asked to authenticate using one of these methods during a connection.

ezgif-4-0f9aef03d4.gif

As of now, it is possible to generate only 256-bit ECDSA keys.

Note: Connections with Windows Hello keys require the Host to run OpenSSH 8.2 and later versions. Generating a biometric key requires Android 9 or a newer version. For Windows Hello, Windows 11 is required.

Important: Resetting the protection of your device will make all previously generated keys unusable.

Generate a biometric key

  1. In Preferences, choose Keychain.
  2. Click Touch ID or Windows Hello and then Generate.
  3. (Optionally) in the Label field, provide a name for the key.
  4. Click Generate.Touch ID export.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate biometric key.
  3. In the Name field, provide a name for the key, and tap Generate.
  4. ezgif-1-2516bf3fcb.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate biometric key.
  3. In the Name field, provide a name for the key, and tap ✔️.
    16606710177233467091094884614823.gif

Important: Since the private part of a biometric key cannot be accessed by Termius, it will not be synchronized to your other devices with Termius.

Export a biometric key

As with other kinds of keys, you can use Termius to add a key's public part to an authorized_keys file stored on a host. On iOS, the key will be automatically attached to that host's entry.

  1. In Preferences, choose Keychain.
  2. Right-click the key in question and click Export to host.
  3. Click Select host and select the host to which you want to upload the key.
  4. Uncheck Attach to host, if you don't want the key to be linked with the selected host.
  5. Adjust the other parameters, if desired.
  6. Click Export key.
    ezgif-4-d31681dd61.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then choose Share and Export to host.
  3. Adjust the export parameters, if desired.
  4. Tap the required host and then Export.
  5. hk-ezgif-1-53c1209a55.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then tap and Export to host.
  3. Adjust the export parameters, if desired.
  4. Tap the required host and then Export.
    16606715391283890497656996004251.gif

Add comment

Please sign in to leave a comment.