# What is SSH ID

<figure><img src="/files/ixLzdyayWl3lGrPEqGZP" alt=""><figcaption></figcaption></figure>

SSH ID is an easy-to-use system for managing SSH passkeys. It generates and aggregates `device-bound` passkeys, including FIDO2 and biometric keys, so you can connect to servers without copying or sharing private keys.

## How it works

When setting up an SSH ID, you create a unique public handle (@username) that lets anyone fetch all your public keys at once.

### **On your device**

* Termius generates a unique set of `device-bound` SSH keys (passkeys)
* The set includes ECDSA-SK (hardware key protected with biometrics), ECDSA, ED25519, and RSA (for legacy devices)
* Each key is signed by your unique certificate and can be verified

{% hint style="info" %}
The private parts of the keys generated with SSH ID never leave your device.
{% endhint %}

{% hint style="info" %}
Public parts are pushed to the server and are `publicly` available via your handle, along with certificates at [sshid.io/\<your\_handle>](https://sshid.io/%3Cyour_handle%3E).
{% endhint %}

### **On your servers**

Once the SSH ID is set up, you can add all your public keys from all devices using one single command.

`curl https://sshid.io/<your_handle> >> ~/.ssh/authorized_keys`

This allows you to connect from all your devices using device-bound keys.

***

Proceed to [Setup & usage](/ssh-id-passkeys-for-ssh/setup-and-usage.md) to enable SSH ID for your Termius account.

See [SSH ID Security](/ssh-id-passkeys-for-ssh/ssh-id-security.md) for the security model and verification details.

***

## FAQ

<details>

<summary>Why do I need a Termius account to use SSH ID?</summary>

An account is required because SSH ID relies on your Termius account to sync public keys securely across all your devices. Without it, SSH ID can't make your identity available from multiple devices.

Your private keys never leave your device, only the latest public keys are synchronized.

</details>

<details>

<summary>Why the public keys are accessible online publicly?</summary>

Only the `public keys` are accessible online via the handle that you specified during the SSH ID setup.

The corresponding private keys never leave devices where they were generated.

</details>

<details>

<summary>Can I remove a particular key from the SSH ID profile?</summary>

The keys in your profile are device-bound. New keys are generated every time you login with your Termius account on a new device.

To remove particular keys, you need to log out from your account on the corresponding devices.

</details>

<details>

<summary>How can I regenerate the keys generated for SSH ID?</summary>

To regenerate the keys, you need to log out and then log back in on your devices.

The new public keys should be then provisioned to the affected servers.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.termius.com/ssh-id-passkeys-for-ssh/what-is-ssh-id.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.