What is SSH ID
This page explains how SSH ID works in Termius, how it manages device-bound SSH passkeys, and how to use it to securely connect to servers without sharing private keys.
SSH ID is an easy-to-use system for managing SSH passkeys. It generates and aggregates device-bound passkeys, including FIDO2 and biometric keys, so you can connect to servers without copying or sharing private keys.
How it works
When setting up an SSH ID, you create a unique public handle (@username) that lets anyone fetch all your public keys at once.
On your device
Termius generates a unique set of
device-boundSSH keys (passkeys)The set includes ECDSA-SK (hardware key protected with biometrics), ECDSA, ED25519, and RSA (for legacy devices)
Each key is signed by your unique certificate and can be verified
The private parts of the keys generated with SSH ID never leave your device.
Public parts are pushed to the server and are publicly available via your handle, along with certificates at sshid.io/<your_handle>.
On your servers
Once the SSH ID is set up, you can add all your public keys from all devices using one single command.
curl https://sshid.io/<your_handle> >> ~/.ssh/authorized_keys
This allows you to connect from all your devices using device-bound keys.
Proceed to Setup & usage to enable SSH ID for your Termius account.
See SSH ID Security for the security model and verification details.
FAQ
Why do I need a Termius account to use SSH ID?
An account is required because SSH ID relies on your Termius account to sync public keys securely across all your devices. Without it, SSH ID can't make your identity available from multiple devices.
Your private keys never leave your device, only the latest public keys are synchronized.
Why the public keys are accessible online publicly?
Only the public keys are accessible online via the handle that you specified during the SSH ID setup.
The corresponding private keys never leave devices where they were generated.
Last updated
Was this helpful?