MultiKey (beta)

MultiKey is a collection of SSH keys that Termius generates for your team according to specified requirements. The keys are generated on the team members' devices, one per device, when a team member logs in. The private part of a key never leaves the device and is hidden, while the public part is synchronized and can be viewed by anyone in the team. When a team member logs out, the key generated on the device in use is removed.

When viewing the contents of MultiKey, which you can do on the Keychain screen, you'll see a list of devices where your team members are currently logged in and the time when the key pair for a device was generated.

The public keys can be saved as an authorized_keys file or uploaded to a server, right from Termius, with the help of the key export option or a special pre-made snippet (script). The snippet, unlike the key export option, does not simply insert new data into the authorized_keys file – it first removes any already existing MultiKey records. On mobile devices, the snippet can be used to add keys to many servers at once.

After you set up MultiKey, as described further below, and place the team's public keys on the servers, the team will be able to successfully authenticate on the remote machines by selecting MultiKey during a connection.

When to use MultiKey

Different teams might find different uses for MultiKey. Here is one of the scenarios of using this feature.

Daniel's team, consisting of three engineers, will be logging in to several remote machines. Daniel is not going to create individual accounts for each team member – they will be logging in to the same admin account. He wants his team members to use their personal keys because it would allow him to see who logs in to a server and when.

Daniel doesn't have to ask the team to generate SSH keys and provide him with the public parts. For each of his team members' devices, a key has already been generated by Termius, and its public part can be found in MultiKey. Any changes in the team's devices are instantly reflected in MultiKey: a login on a new device results in its public key being added, and when someone logs out, one of the public keys disappears.

To avoid manually updating authorized_keys files, when a new server is added or a teammate joins or leaves the team, Daniel uses a pre-made Termius snippet (script), which places the team's current public keys on a server and removes any existing MultiKey records.

Set up MultiKey

Setting up MultiKey means specifying the name of the account(s) where public keys are going to be placed. You can do it in the Team username section of MultiKey, provided you have the Owner or Editor role.

Important: To be able to connect using MultiKey, the Username field in a host entry must be empty.

Upload MultiKey to a host

You can add the team's public keys to a server using the key export option (currently present only in the desktop app) or a snippet. The snippet will remove any MultiKey-related records from an authorized_keys file and add the team's current public keys. On mobile devices, the snippet can be used to add keys to many servers at once.

Note: It is possible to edit the export snippet.

Upload MultiKey using the key export option

Upload MultiKey using a snippet