Biometrics Keys: Store SSH Keys in Android Keystore

Biometric SSH Keys are securely stored on your device in a trusted execution environment and protected by biometric authentication. They never leave your device and are inaccessible to others, even with unauthorized access to your device.

Termius for Android allows you to generate Biometric SSH keys within the Keystore. It's an isolated hardware subsystem that generates and stores private keys. No one, including Termius or Android, can export, copy, or access these private keys directly.

To establish an SSH connection, Termius requests Keystore to sign data using the private key. Whenever this happens, Android prompts you to authorize access to a key stored in Keystore with biometric authentication.

Biometric keys don't synchronize with other devices as regular SSH keys because they can't be copied by Termius.

Generate Biometric Key

To generate a Biometric SSH Key, follow these steps:

1. Choose Keychain in the app's main menu.

2. Tap + and select New biometric key from the context menu.

3. Specify the Label

Export Key to Host

1. Tap Export or share a public key,

2. In the context menu, select Export to…

3. Select a host from the list.

4. If your authorized keys are stored in a custom directory, update the folder path in the SSH Keys location field and specify the File containing public keys.

5. Tap Export.

Connect with Biometric Key

Once your key is exported, it attaches to your host in Termius. To connect, go to the Hosts screen and tap your host.