If you enable the 'Store on device' option, the SSH key you are generating will be saved on your FIDO2 device. This will allow you to establish connections, in Termius or OpenSSH, without providing the locally stored private key – by selecting the key during the connection process.
Using a key stored on the authenticator is generally less secure than using its local copy. An attacker will need to get access to both the authenticator and the locally stored key, if you're using a locally stored key, and just the authenticator, if you're using a key stored on an authenticator.
Every key on the authenticator must have a unique set of attributes: key type, User ID, application. Any previously created key will be overriden by a key with the same set of attributes.
You can specify User ID in the keygen form, and the application will be automatically set to Termius (ssh:termius).
Why is it disabled for my key?
This option can be disabled if you haven't set a PIN code on your FIDO2 device. To learn more about pin codes and YubiKey, please, take a look at this article.
Note: You can find more info about storing keys on authenticator devices here. (See 'FIDO2 resident keys'.)
Was this article helpful?
Articles in this section
- Does Termius support my Enterprise SSO provider?
- How to get a quote?
- How can I enable Split View?
- How do I cancel the trial period?
- How to copy/paste in the desktop app?
- How to copy/paste on iOS?
- How to adjust text size?
- What happens when my Pro subscription expires?
- Can the mobile Termius keyboard be customized?
- How to change the default shell in local terminal?
Please sign in to leave a comment.