Supported Protocols

SSH (Secure Shell)

SSH is a protocol for creating encrypted network connections on insecure networks, such as the Internet. It’s a secure replacement for Telnet. When you log in to an SSH server, all credentials are transmitted securely, including your password and private SSH key.

SSH works over TCP, which means that if the network connection is interrupted, the session may be lost. (That’s where Mosh comes in handy.)

Below is a comprehensive list of what SSH capabilities are currently supported in the app and what will be added soon.

Key Exchange Methods

Type

Availability

curve25519-sha256

curve25519-sha256@libssh.org

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

diffie-hellman-group14-sha1

diffie-hellman-group14-sha256

diffie-hellman-group-exchange-sha256

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

All platforms

Host Key Types

Type

Availability

ssh-rsa

ssh-dss

ssh-ed25519

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

rsa-sha2-256 (sign-only)

rsa-sha2-512 (sign-only)

hmac-ripemd160

hmac-ripemd160@openssh.com

All platforms

ssh-rsa-cert-v01@openssh.com

ssh-dss-cert-v01@openssh.com

ssh-ecdsa-sha2-nistp256-cert-v01@openssh.com

ssh-ecdsa-sha2-nistp384-cert-v01@openssh.com

ssh-ecdsa-sha2-nistp521-cert-v01@openssh.com

ssh-ed25519-cert-v01@openssh.com

Coming soon

Ciphers

Type

Availability

chacha20-poly1305@openssh.com

aes128-ctr

aes128-cbc

aes192-ctr

aes192-cbc

aes256-ctr

aes256-cbc

rijndael-cbc@lysator.liu.se

3des-cbc

blowfish-cbc

arcfour

arcrour128

cast128-cbc

aes128-gcm@openssh.com

aes256-gcm@openssh.com

All platforms

MAC Hashes

Type

Availability

hmac-md5 hmac-md5-96 hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-ripemd160 umac-64@openssh.com umac-128@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com

All platforms

Authentication Methods

Type

Availability

Certificate

Coming soon

Password Public key

Keyboard-Interactive

Two-Factor Authentication

All platforms

Supported Keys

Type

Availability

DSA

RSA

ECDSA

ed25519

PuTTY-DSA

PuTTY-RSA

PuTTY-ECDSA

PuTTY-ed25519

All platforms

Proxy

Type

Availability

HTTP

All platforms

SOCKS5

All platforms

SOCKS4

iOS, Android

Mosh (Mobile Shell)

Mosh is a companion protocol to SSH that maintains sessions when TCP is interrupted. It employs a parallel UDP session which can keep the session alive if TCP breaks. That also enables Mosh to maintain its own terminal buffer that intelligently echoes your input, even if the server is slow or the network lags. No more waiting patiently on slow connections to see what you typed.

The enhancements provided by Mosh are really important to reliable mobile connectivity. If your device changes networks or loses connection, Mosh can keep your session alive until your connection is re-established.

The Mosh service is distinct from SSH, and must be installed and configured separately on your host system. Once the service is up and running, you’re free to roam with Termius — just enable Mosh in your host entry, and connect.

Termius uses its own library for Mosh compatibility.

Termius is compatible with Mosh 1.3.0 and above.

Telnet

Telnet is a protocol for establishing unsecured remote terminal connections. It does not encrypt anything, even your password, so it should never be used for transacting sensitive information.

However, Telnet is still useful in some scenarios, such as interfacing at a diagnostic level with network hardware, or watching ASCII art at towel.blinkenlights.nl. Under the hood, Termius relies on this implementation of the protocol.

To create a Telnet connection, enable Telnet in the host entry.