Supported Protocols
SSH is a protocol for creating encrypted network connections on insecure networks, such as the Internet. It’s a secure replacement for Telnet. When you log in to an SSH server, all credentials are transmitted securely, including your password and private SSH key.
SSH works over TCP, which means that if the network connection is interrupted, the session may be lost. (That’s where Mosh comes in handy.)
Below is a comprehensive list of what SSH capabilities are currently supported in the app and what will be added soon.
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
Type | Availability |
ssh-rsa ssh-dss ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 | Available on all platforms |
ssh-rsa-256 (sign-only) ssh-rsa-512 (sign-only) | Not available on Android yet |
ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ssh-ecdsa-sha2-nistp256-cert-v01@openssh.com ssh-ecdsa-sha2-nistp384-cert-v01@openssh.com ssh-ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-ed25519-cert-v01@openssh.com | Coming soon for all platforms |
Type | Availability |
chacha20-poly1305@openssh.com aes128-ctr aes128-cbc aes192-ctr aes192-cbc aes256-ctr aes256-cbc 3des-cbc blowfish-cbc arcfour | Available on all platforms |
arcrour128 cast128-cbc aes128-gcm@openssh.com aes256-gcm@openssh.com | Not available on Android yet |
Type | Availability |
hmac-md5 hmac-md5-96 hmac-sha1 hmac-sha1-96 hmac-sha2-256 | Available on all platforms |
hmac-sha2-512 hmac-ripemd160 umac-64@openssh.com umac-128@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com | Not available on Android yet |
Type | Availability |
Certificate | Coming soon for all platforms |
Public Key Password Keyboard-Interactive Two-Factor Authentication | Available on all platforms |
Type | iOS | Android | Desktop |
DSA | Yes | Yes | Yes |
RSA | Yes | Yes | Yes |
ECDSA | Yes | Yes | Yes |
ed25519 | Yes | Yes | Yes |
Putty-DSA | Yes (1) | Yes | Yes (1) |
Putty-RSA | Yes (1) | Yes | Yes (1) |
Putty-ECDSA | Yes (1) | No | Yes (1) |
Putty-ed25519 | Yes (1) | No | Yes (1) |
1. Converts to OpenSSH format at start of session 2. Unless otherwise prefixed by Putty, all other keys listed are in OpenSSH format.
Type | Availability |
HTTP | Premium Only |
SOCKS5 | Premium Only |
Type | Availability |
Local | Yes |
Remote | Yes |
Dynamic | Yes |
Mosh is a companion protocol to SSH that maintains sessions when TCP is interrupted. It employs a parallel UDP session which can keep the session alive if TCP breaks. That also enables Mosh to maintain its own terminal buffer that intelligently echoes your input, even if the server is slow or the network lags. No more waiting patiently on slow connections to see what you typed.
The enhancements provided by Mosh are really important to reliable mobile connectivity. If your device changes networks or powers down, Mosh can keep your session alive until your connection is re-established.
The Mosh service is distinct from SSH, and must be installed and configured separately on your host system. Once the service is up and running, you’re free to roam with Termius — just enable Mosh in your host entry, and connect.
Termius uses its own library for Mosh compatibility.
Termius is compatible with Mosh 1.3.0 and above.
Telnet is a protocol for establishing unsecured remote terminal connections. It does not encrypt anything, even your password, so it should never be used for transacting sensitive information.
However, Telnet is still useful in some scenarios, such as interfacing at a diagnostic level with network hardware, or watching ASCII art at towel.blinkenlights.nl.
Under the hood, Termius relies on this implementation of the protocol.
To create a Telnet connection, enable Telnet in the host entry.
