I can't connect using an ed25519-sk or ecdsa-sk key I can't connect using an ed25519-sk or ecdsa-sk key

I can't connect using an ed25519-sk or ecdsa-sk key

Eugene Oskin Eugene Oskin

Screen_Shot_2021-12-30_at_18.20.18.png

Beta version limitations

Support for ed25519-sk or ecdsa-sk SSH key available only on Termius Desktop Beta app 7.31.0 or newer and in the following plans:

  • Trial
  • Team
  • Premium

If the app version is Termius Desktop Beta with version 7.31.0 or higher, but the connection is not yet established, please contact support about the issue. Please attach the video or a screenshot that illustrates the issue.

The usual workflow with ed25519-sk or ecdsa-sk SSH key is the following:

  • adding a new SSH key on the Keychain screen
  • attaching this SSH key to a host and set up a username for the host
  • connecting with SSH or mosh to the host,
  • if the SSH private key is encrypted and the passphrase was not provided, the app will request the ssh key passphrase.
  • If the SK SSH key was created with the option verify-required, the app would request the FIDO2 PIN for the hardware key
  • if the SK SSH key wasn't created with the option no-touch-required, the app would request a user presence.

OS-specific requirements

Termius app requires access to Hardware keys to complete authentication ed25519-sk or ecdsa-sk SSH key. So please make sure you granted permission to the app to use USB devices.

Authenticating with ed25519-sk or ecdsa-sk SSH keys requires a hardware key plugged into your device and recognized respectively by the OS. 

Windows. Using FIDO2 keys may require installing drivers for your hardware keys. Please search for drivers of your hardware key vendor's website. E.g., Yubikey smart card driver.

Linux. You will need to add a udev rule to be able to access the FIDO device. For example, the udev rule may contain the following:

#udev rule for allowing HID access to Yubico devices for FIDO support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
  MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"

Hardware Key Device Support

Termius support the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols. We tested it only on a limited number of devices. If you face connection issues with ed25519-sk or ecdsa-sk SSH keys, please contact support about the issue and describe the model of the hardware key you use. 

 

Add comment

Please sign in to leave a comment.