Normally, when authenticating with public-key authentication, the SSH client generates an authentication packet and signs it with your private key. This is passed to the server and is verified against the public keys you have configured in your authorized_keys file. If the public key corresponding to the private key is an authorized key AND the signature of the payload can be verified with that public key, then you are granted access to the system and public key authentication completes.

Private keys typically reside on the computer you are using in your .ssh folder. To secure these keys so they are not easily readable by other users they can be encrypted with a passphrase. When you connect to a server and your private key is encrypted then the SSH client prompts you for the passphrase.

The ssh-agent process is a standard part of the OpenSSH distribution that helps to cut down the number of times you have to enter your passphrase. It is a separate process that runs for each user which allows them to add their private keys and keep them in memory. Every time a user connects to an SSH server using the client it consults the agent process first. If a suitable key is loaded then the agent performs the signing operation on behalf of the SSH client. The Personal Key Agent solution is a direct replacement for ssh-agent and allows you to place your private keys on your mobile phone instead of your desktop computer.

The solution consists of a mobile application, an application that replaces ssh-agent on your desktop and our Gateway Service that provides the bridge between the desktop and mobile applications.

When the user connects to an SSH server the client contacts the Desktop Agent to see if it has any suitable keys for authentication. If the remote server you are connecting to is configured with any of your device keys then authentication proceeds, proxied through the Desktop Agent and Gateway Service to your mobile phone.

When the mobile phone receives an authentication request you are prompted to authorize the request on your phone. Once authorized the phone signs the authentication packet and returns it through the Gateway Service via the Desktop Agent to your SSH client, and the authentication process proceeds onwards.

The following steps outline the basic steps needed to get started with the Personal Key Agent. If you need further help then you can take a look at our Manpage or if you get really stuck contact our support team by emailing support@jadaptive.com.

Install Mobile App

First step is to install the app from your devices app store.

When you first open the app you will be asked to register an account. This account is created on our SSH Gateway Service (see How it Works above) and is required for both the key authentication process but also allows you to manage device authorizations and import existing keys to your phone.

Install Desktop Agent

The next step is to download and install the SSH Desktop Agent for your preferred operating system:

Windows x86
Windows x64
Mac OSX DMG
Linux x64

Import your Keys

You can generate new keys on the phone directly but if you want to use any of your existing keys then you need to import them to the device. Login to the Gateway Service at https://gateway.sshtools.com with the account you created in Step 1. and import your key in the Authorized Keys section.

You can find more information in our article Setting up your Keys.

Start Authenticating

Now you have the apps installed and have setup your keys you can start authenticating. If you imported existing keys then go ahead and try to connect to any server configured for the keys. Alternatively as a quick test you can login to our Gateway Service via SSH which is automatically configured with any key you have generated or imported on your device.

ssh -l <email> gateway.sshtools.com

You can find more information in the articles Configuring Servers to use Device Keys and Authenticating with your Keys.