SSH to a server with Face ID or Touch ID

March 26, 2020

What if your SSH keys can’t be stolen from your personal device? Termius just added support of Secure Enclave(SEP) on iOS to enable using keys that can’t be copied for SSH and Mosh connections.

SEP is a hardware-based key manager embedded into your iPhone or iPad. Keys generated inside SEP can NOT be directly accessed, which is the best part about using Secure Enclave Processor on iPhone or iPad. Instead, apps have to use an API of the embedded hardware device for data decryption. An app can only access keys that it has generated previously. Successful Face or Touch ID authentication has to happen to authorize access to SEP keys.

Generating a SEP key with Termius

With Termius, you can generate a pair of keys with the private part inside SEP and use them to log in to a server. The public key, though, is accessible for copying or export. Every time you connect using a key from SEP, the Face or Touch ID dialog pops up, which feels like you are authenticating on a server using your biometric information. You can generate and use SEP keys using Termius for free. SEP keys don’t synchronize as regular keys as they are not copyable. Our team is working on a more comprehensive solution based on SEP keys for Premium and Team plans.

← all posts