If you enable the 'Store on device' option, the SSH key you are generating will be saved on your FIDO2 device. This will allow you to establish connections, in Termius or OpenSSH, without providing the locally stored private key – by selecting the key during the connection process.
Note: You can find more info about storing keys on authenticator devices here. (See 'FIDO2 resident keys'.)
Using a key stored on the authenticator is generally less secure than using its local copy. An attacker will need to get access to both the authenticator and the locally stored key, if you're using a locally stored key, and just the authenticator, if you're using a key stored on an authenticator.
Every key on the authenticator must have a unique set of attributes: key type, User ID, and application. Any previously created key will be overriden by a key with the same set of attributes.
You can specify User ID in the keygen form, and the application will be automatically set to Termius (ssh:termius).
Why is it disabled for my key?
This option can be disabled if you haven't set a PIN code on your FIDO2 device. To learn more about pin codes and YubiKey, please, take a look at this article.
Was this article helpful?
Articles in this section
- How can I enable Split View?
- How do I cancel the trial period?
- How to copy/paste in the desktop app?
- How to adjust text size?
- What happens when my Pro subscription expires?
- Can the mobile ('strip') keyboard be customized?
- How do I search in the terminal?
- How do I set a default SFTP path?
- How can I request a refund?
- What does "Store on Device" mean in the FIDO2 key generation form?