Keychain

Last updated 6 days ago

The Keychain screen is where you can manage your keys and identities. The latter is a combination of a user name, password and key and handy when you have multiple hosts with the same credentials and/or key. Once you add a key or identity, they become available in the host settings.

Termius stores keys locally and encrypts them for more safety, before syncing it across your devices.

Key based authentication keeps your data safe, because a key is far safer than a password, as it is much longer, harder to obtain via input logging, and generally more secure.

The public part of your key is not a secret, and is required by a remote server. The private part of your key should never be shared with anyone, or otherwise it can be used to connect to any host with your public key. To help mitigate against this risk, consider adding a passphrase to your key.

Key Generation / Import

Termius can generate an SSH key for you if you don't already have one, or import an existing key.

To access the keychain, select Keychain from the primary menu. On desktop devices, click your account name in the top left corner and click Keychain .

Generate a New Key
Import Existing Key

Mobile Users

  • Tap +

  • Tap Generate Key

You can customise the key generation options, such as specifying a passphrase. Using passphrase will help you out if your key is ever lost or stolen. To avoid having to enter your key passphrase repeatedly, you can opt to save the passphrase.

A new key becomes available in the settings for a desired host. Don’t forget to upload the public key to the host before connecting. For that, tap and hold the key on the Keychain screen and:

  • tap (on iOS), or

  • choose Export to Host from the key settings (on Android).

Desktop Users

New keys can only be generated with the mobile version of Termius, but you can generate a new key with PuTTY or OpenSSH on the desktop and add it into Termius as described on the next tab.

Windows

To generate a new key in Windows, use PuTTY.

macOS and Linux

On Linux and macOS, use the ssh-keygen command, e.g.:

ssh-keygen -t ed25519

The private key will be saved in ~/.ssh/id_ed25519 whereas the public key will be located in~/.ssh/id_ed25519.pub.

Mobile Users

Termius Mobile can import keys stored in plain text (txt), key, PEM, or PPK files.

iOS

Install and launch iTunes on your Windows or macOS desktop, connect your phone, then click on the device in the side panel. Scroll to the File Sharing section, then choose Termius from Apps, then drag and drop your key files into iTunes.

Then, in Termius, tap Add Key on the Keychain and select Import Key.

Android

Android users can use a file manager to copy files from an SD card to your local storage, then import into Termius.

Desktop Users

Since new keys can only be generated on the mobile versions of Termius, you'll need to import an existing key, which could be in the PEM, OpenSSH or PPK format.

Importing a PEM/OpenSSH key

To import a PEM/OpenSSH key:

  1. Launch or switch to Termius.

  2. From the top left menu choose Keychain.

  3. Click Add Key.

  4. Copy and paste the private key into the Private Key field. Make sure you copy the complete key, that is along with BEGIN and END tags. The Key Examples section below will help, if you're not sure what to copy.

  5. (Optionally) Copy and paste the public key into the Public Key field. Make sure you copy the key completely, that is beginning with the words ssh-rsa. The Key Examples section below will help, if you're not sure what to copy.

  6. Click Save.

Importing a Putty (.ppk) key

To import a key generated with Putty:

  1. Launch or switch to Termius.

  2. From the top left menu choose Keychain.

  3. Click Add Key.

  4. Copy and paste the full contents of the ppk file into the Private Key field. The Key Examples section below includes the contents of an example ppk file.

  5. Click Save.

Presently, it is not possible to specify file paths or URLs in the Private/Public fields

Adding an Identity

Identities are great for when you have several hosts requiring the same credentials/key. Once a user name, password or key for those hosts is changed, you’ll only have to edit the identity instead of every single host.

Mobile
Desktop

To add an identity on iOS or Android:

  1. From the home screen choose Keychain.

  2. Tap + at the top right and choose New Identity.

  3. (Optionally) In the Name field, provide a name for the identity.

  4. Fill in the rest of the form, as required.

  5. Tap Save or ✓.

To add an identity on desktop platforms:

  1. From the top left menu choose Keychain.

  2. Click Add Identity.

  3. (Optionally) In the Label field, provide a name for the identity.

  4. Fill in the rest of the form, as required. .

  5. Click Save.

Key Examples

Public Key
Private key (PEM)
Private key (OpenSSH)
PPK

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7sjK625IlQyhQ1zFP4Fli3Ra7qt0amEJe+HO6TjEvkIO4a 2MInSYGy6ujuSVEjzWuTC89KikcWlPsgwY6evbDiyCExubai+yWRxZL8Vyr9v3fWTcoUWPbW5yvdAS S6QKaCRtOKV4dCl6xG2RTh3BiYuWKFOQb6AS0HdiGElKBLsQNjRGpxAWQ5a64ZiLEKDwCIDyN5w NCMp4Naa7Zv1vzWIOdm8D/yl/PmckealSZimKo0+/tfRKV03rQi2a1ANEPxJM5wmnFKQe4InLzs2x +HUlpfoi1bvecBgJvnN9Kr04sa03NUvy4UABQrmg/haM+PEq5EnXS4Bfh93SJin8J

-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,393C44619C5B62FB g7l6jpFKUWqiU+7wvS+CRCpYygAchVIJTHmR9mTQwxQD6XUMMBfmLO+K6EgBGOt6 HxqTxQsAIAYtHQD370qQVC9aKF4Du2TkMiAlAiET6lyw7yEZeipkY46lJm74SvFJ xo3dLERKJBcDfNDoBJK/zjJN9I2zfUT2DgPodJwzWCfnk4g+/wWD6wNOSGM57XjR POQi4kJWI8zxX6v2REhybrfWwFxFaTpxMausotKa9R0hC+169DXGjnfXMPg6va6d MUVPHKhoNzUInRWA1FPF+Vt9z5X2jQMGf4AJN7W65QE7Q0Boao+aOERKDVTzP1Ff tRL6X0+BgXMjetqKGP0tJydiAVuP6vXEy1n8YrehUJSqNHJXT23o6kry/s7tMqzo ke96suSNyQKmPPjFq4MKe+v+/9mQzA4UUcVWgCi2dqZxPhNsAzBXTyIrnFcPykOY QPmdLMjpxeavbj8F5qZ8pREqDw+WpL8onI64udLFL3kjN5tCC9l3wHKDUJd6Q9y9 5gTKBnVcCRNvlKuLXbb7O5Z1hYKhpdqVJv8pLAhg2/BtTthseV8MjMnLEnbW6nSP SPLlev76vk/QK6PIR9hQrJGrzXJDvcYEpXJ2YBcgvEIbKR/eFAsPeM4Gin00M6Rj cDSO6p2ymxpiZ4AdDvgjkTkAx7ZXkxwrr7rRTOgyZZvuY/CpJbW4gs9a+zej5U77 RtWIHj+XZWvTQDPX5VcqDtE/C/bcsM9OQB019rkEcgDjKDtu9uWfDscSCxzMwfCi xHrpJwudVCF3M6WAvfuB0SLc6UCBALHbln2SksaC+7teUwJP9XD8hg== -----END RSA PRIVATE KEY-----

-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABAxBix87d JvVrEotmWsbAZwAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPKKmhHgVw5SM8IH uo2XalsMHXvDwBxA7vL+TG/CACK9AAAAkNWU8rq/ToxIgS2BXVJNJI8SI8qHehGmUGEmMI A+w+bpKwhfWj/Z24DHXrtdPpeTbUT7KHODlBu+StJpN1vtW5kNSuMpE9fL+0GEIasIDsEY 9xD1sLtGAy0pMR6yzB3EW2OEZE8NoTCKJ0Xq18km8Uo1KG8naT2DeSEDzuHSP6NQWkJx5k BmP6jMW98HAsSIQA== -----END OPENSSH PRIVATE KEY-----

PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: imported-openssh-key Public-Lines: 6 AAAAB3NzaC1yc2EAAAADAQABAAABAQDY3ZZzql+hnn8TpOHUk96KiX2pk8ND5p+c EqLbFnpi5+5iqx1hdJbZo0oW69Gx3wcWD3RVT8fVJDPmtsXlZkRhjGAOiz8VFpKJ u2i2dyLZiX3xLzDI76aHIVW7Xehf3NE3ugHFjBiV41XaN6MSE+xeP3U7Mp16Ee3l QZ8BJ5ujC5ZGhEgd27GIyV+yndee/T9YHms0tpYh6AC039QFWot5LlHnz2FlvTqU mIvdn99KZSERlZ1sATceHxFHauJN6M0tFmN1h/KfNBTflI5IUevOwpbEWnSBXOVM 3pCFyftu9j7oQydtozE4G5T5GoxiJJ5DbznnEcdW8lKAX7lMznvR Private-Lines: 14 AAABADpl8U3UY0wyUiYIEIgeCZ9kxuITWFHAmNp+ajx1IR/hNOB9E7w+l6CjyB/E AQPU+yOFpd4TTcynoxJNxZywnVlnY7aG6MXU/kD4pon8KvZJgBCilJCHeGCLKXr7 HsgxvmUzQabgwv4Z6dSJhvAnTU9T5025o45rpZRGx3qYH+EXjrG17tIog45xp3pk 9qWo46ZdCMKNfa2LwNcibbVUPMvgLZah6b/atPI3qXAqnoE4PWrVnNbgwP2vNnaY j/QK2gESc4nNkr0QEDZaLiYlUGJYmOKi7TzVUVIRirwK4jAmFXyHcBiRNAwBonnI dIQKNgnZkdVuFKWjNvKPROTycQEAAACBAPTa7XG7ko6aWE334HGGLLGRdtsgqePJ fMl8hIm1wOsLkVZ7gLJH6T0fhyR32oWnYNcvpgp/xVMpDdSp+tIJhTSlAAz+1jQA C5aNr/CXu6vQow6zFSnoQIYtnr619JzRITs2kZlm8Sp/i709f+FXj47RJXGBTkOU fBtfgaVbIxsVAAAAgQDivIXjCCbv4sLpomvrKjp8YTgrlmVadCIhIRsLxVwXQkFm UdsYdjD9gH1kCN/UAsYba0qs99+ih4QQM2KBz30nj5DREFMZrjQjPvFQ3KJ0zI6K sIxQZ2fUOPhhg2SY8brwKQjfBuieFj7dI5kXBBoi4inQ/+Al8IjVGdCCIK2czQAA AIB++WLFsz1J/zqskCM4Dyf927m00pmL99KuyaDK5Gad2Vmuj9Ky4i9+TSVusm52 h0HA6GHt0s2wLbdLJszVZwhB7sTIYI8unAhgN4mC9Z7zObvijFX3Z/h5gne771r0 UAWUmFSU4g5Sd+kz4is5i8Ig1/Q5vR/sdWV/ROcHkhUlCA== Private-MAC: 91b6b2cd0050a2d8c5cf9920b9baf568c28cb16b