Biometrics Keys: Store SSH Keys in Android Keystore
Biometric SSH Keys are securely stored on your device in a trusted execution environment and protected by biometric authentication. They never leave your device and are inaccessible to others, even with unauthorized access to your device.
Termius for Android allows you to generate Biometric SSH keys within the Keystore. It's an isolated hardware subsystem that generates and stores private keys. No one, including Termius or Android, can export, copy, or access these private keys directly.
To establish an SSH connection, Termius requests Keystore to sign data using the private key. Whenever this happens, Android prompts you to authorize access to a key stored in Keystore with biometric authentication.
Biometric keys don't synchronize with other devices as regular SSH keys because they can't be copied by Termius.
Generate Biometric Key
To generate a Biometric SSH Key, follow these steps:
Choose
Keychain
in the app's main menu.Tap
+
and selectNew biometric key
from the context menu.Specify the Label
Export Key to Host
Tap
Export or share a public key
,In the context menu, select
Export to…
Select a host from the list.
If your authorized keys are stored in a custom directory, update the folder path in the
SSH Keys location
field and specify theFile containing public keys
.Tap
Export
.
Connect with Biometric Key
Once your key is exported, it attaches to your host in Termius. To connect, go to the Hosts
screen and tap your host.