MultiKey is a collection of SSH keys that Termius generates for your team according to specified requirements. The keys are generated on the team members' devices, one per device, when a team member logs in. When a team member logs out, the key generated on the device in use is removed. The private part of a key never leaves the device and is hidden, while the public part is synchronized and can be viewed by everyone in the team.

ezgif-2-089f0b66ff.gif

When viewing the contents of MultiKey, which you can do on the Keychain screen, you'll see a list of devices where the team members are currently logged in and the time when a key pair for a device was generated, and other options.

The team's public keys can be exported as an authorized_keys file or uploaded to a server, right from Termius, with the help of the key export option or a special snippet. The snippet, unlike the key export option, does not simply insert new data into an authorized_keys file: it replaces the file's existing content. On mobile devices, the snippet can be used to add keys to many servers at once.

After you set up MultiKey (as described further below) and place the team's public keys on the servers, the team will be able to successfully authenticate on the remote machines by selecting MultiKey during connection.

ezgif-4-fae4fd7551.gif

When to use MultiKey

Different teams might find different use cases for MultiKey. Below is one of the scenarios of when you might find MultiKey useful.

Daniel's team, consisting of three engineers, will be logging in to several remote machines. Daniel is not going to create separate accounts for each team member – they will be logging in to the same admin account. He wants his teammates to use their personal ssh keys because it would allow him to see who logs in to a server and when.

Daniel doesn't have to ask the team to generate ssh keys and provide him with the public parts. For each of the team members' devices, a key has already been generated by Termius, and its public part can be found in MultiKey. Any changes in the team's devices are instantly reflected in MultiKey: a login on a new device results in its public key being added, and when someone logs out, one of the public keys disappears.

To avoid manually updating the authorized_keys files, when a new server is added or a person joins or leaves the team, Daniel uses a pre-made Termius snippet (script), which replaces the existing content of a file with the team's current public keys and which can be run in a few clicks or taps.

Set up MultiKey

Setting up MultiKey means specifying the name of the account(s) where the public keys are going to be placed. You can do it in the Team username section of MultiKey, if you have the Owner or Editor role.

ezgif-2-f3ca79d16f.gif

Important: To be able to connect to a host using MultiKey, the host's Username property must be empty.

Upload MultiKey to a host

You can add the team's public keys to a server by using the key export option (currently, only in the desktop app) or a special snippet. The snippet, unlike the key export option, does not simply insert new data to the end of an authorized_keys file: it replaces the file's existing content. On mobile devices, the snippet can be used to add keys to many servers at once.

Note: The export snippet can be modified before it is executed.

Upload MultiKey using the key export option

  1. In MultiKey's properties, click Export to host.
  2. Click Select host and select the host to which you want to upload the key.
  3. Uncheck Attach to host, if you don't want the key to be linked with the host you've selected.
  4. In the Advanced section, adjust the export script, if desired.
  5. Click Export key at the top.
    ezgif-5-3e8986fbbf.gif

Upload MultiKey using a snippet

  1. In MultiKey's properties, click Create export snippet or Update export snippet. An 'Export MultiKey' snippet will be created, which places the keys in the authorized_keys file on a server, or, if the snippet with that name already exists, it will be replaced.
  2. Connect to the server where you want to place the keys and run the 'Export MultiKey' snippet.
    ezgif-5-96b86ab413.gif
  1. In MultiKey's properties, click Create export snippet or Update export snippet. An 'Export MultiKey' snippet will be created, which places the keys in the authorized_keys file on a server, or, if the snippet with that name already exists, it will be replaced.
  2. Connect to the server where you want to place the keys and run the 'Export MultiKey' snippet.
  3.  ezgif-5-b096d70ad3.gif  
  4. See this instruction to learn how to run snippets on many servers at once.
  5. ezgif-5-61afffae01.gif

Was this article helpful?

4 out of 5 found this helpful

Add comment

Please sign in to leave a comment.