Manage SSH Keys
With SSH, data transmissions between TinyTERM and the server are encrypted. Even if someone manages to hack into the connection, the information won't be readable. This helps protect valuable information from unauthorized access.
SSH keys provide an additional layer of security for your server. With password access disabled, brute-force attempts to login to the server will fail, as only an authorized key pair will allow a login.
Create an SSH Key Pair
To create an SSH public/private key pair, touch the Manage SSH Keys button. It's available either from the Global Options, or in the settings for any configuration. This brings up the "Private/Public Keys" dialog.
As with general connection settings, key generation requires that you have certain information in advance: whether the server uses the RSA or DSA Key type, and the server's preferred Key size in bits.
For key generation, TinyTERM for iOS also requires that you enter a password for the key, which must be entered in both the Password and Password Again fields. This does not need to be an actual password for the server. It can include spaces, punctuation or any other characters you like.
If you choose to Save password, you won't need to enter the password when connecting. Otherwise TinyTERM will ask for that password every time you make an SSH connection.
When all the required information is entered, touch the Generate key button. Its background will switch from white to blue briefly. The larger the Key size, the longer this will take. When it returns to white, your key has been generated.
Using an SSH Key
There are now two ways to move the key to another system:
- Email public key
This opens an email with the public key as both plain text and as an attachment.
- Copy public key to clipboard
This copies the public key as text to the iPad clipboard. It can then be pasted into any other iPad application.
Once the public key has been copied to a server, it needs to be added to the list of authorized keys. This command is common for an RSA key:
cat id_rsa.pub >> ~/.ssh/authorized_keys
Adjust the command as needed to match the host requirements. The private key remains stored securely on the device, available only to TinyTERM.
Note that if you turn on the Use public key option, all SSH connections in TinyTERM will attempt to use the key. If the host doesn't recognize the key, TinyTERM will automatically fall back to password, then keyboard-response authentication. This will happen whether or not either is enabled on the host.