Free Personal SSH Key Security
Secure your SSH keys with our innovative solution for SSH authentication and key management. Store your private keys on your mobile phone and authenticate using our Desktop Agent. Get started today and use for free.
Mobile Key Agent
Our Mobile Key Agent is a solution that enables users to securely store SSH keys on their mobile phones. Keys stored on a mobile device can be used for authentication in conjunction with our Desktop Agent, a direct replacement for ssh-agent which is available for all major platforms. When a key is used for authentication the user is prompted to authorize the operation on the device to complete the operation.
SSH public key authentication provides a strong authentication factor for any organisation to secure access to privileged accounts on vital server resources; however the management of SSH keys has become an increasing burden on the SSH administrator.
One of the major risks of managing SSH keys is that they need to be present on any system where a user regularly uses SSH so its not uncommon for keys to be copied across a network in several locations.
With the Personal Key Agent solution you can reduce the risk of SSH keys getting into the wrong hands by securing them on the user’s phone. The keys will then travel with them and are easily accessible from any computer that has been authorized to access them.
The app uses push notifications to request authorization from the user each time they use their SSH key. To complete authentication the user simply clicks on the notification and authorizes the request.
Normally, when authenticating with public key authentication, the SSH client generates an authentication packet and signs it with your private key. This is passed to the server and is verified against the public keys you have configured in your authorized_keys file. If the public key corresponding to the private key is an authorized key AND the signature of the payload can be verified with that public key, then you are granted access to the system and public key authentication completes.
Private keys typically reside on the computer you are using in your .ssh folder. To secure these keys so they are not easily readable by other users they can be encrypted with a passphrase. When you connect to a server and your private key is encrypted then the SSH client prompts you for the passphrase.
The ssh-agent process is a standard part of the OpenSSH distribution that helps to cut down the number of times you have to enter your passphrase. It is a separate process that runs for each user which allows them to add their private keys and keep them in-memory. Every time a user connects to an SSH server using the client it consults the agent process first. If a suitable key is loaded then the agent performs the signing operation on behalf of the SSH client. The Personal Key Agent solution is a direct replacement for ssh-agent and allows you to place your private keys on your mobile phone instead of your desktop computer.
The solution consists of a mobile application, an application that replaces ssh-agent on your desktop and our Gateway Service that provides the bridge between the desktop and mobile applications.
When the user connects to an SSH server the client contacts the Desktop Agent to see if it has any suitable keys for authentication. If the remote server you are connecting to is configured with any of your device keys then authentication proceeds, proxied through the Desktop Agent and Gateway Service to your mobile phone.
When the mobile phone receives an authentication request you are prompted to authorize the request on your phone. Once authorized the phone signs the authentication packet and returns it through the Gateway Service via the Desktop Agent to your SSH client, and the authentication process proceeds onwards.
The following steps outline the basic steps needed to get started with the Personal Key Agent. If you need further help then you can take a look at our Manpage or if you get really stuck contact our support team by emailing email@example.com.
Install Mobile App
First step is to install the app from your devices app store.
When you first open the app you will be asked to register an account. This account is created on our SSH Gateway Service (see How it Works above) and is required for both the key authentication process but also allows you to manage device authorizations and import existing keys to your phone.
Install Desktop Agent
The next step is to download and install the SSH Desktop Agent for your preferred operating system:
Import your Keys
You can generate new keys on the phone directly but if you want to use any of your existing keys then you need to import them to the device. Login to the Gateway Service at https://gateway.sshtools.com with the account you created in Step 1. and import your key in the Authorized Keys section.
You can find more information in our article Setting up your Keys.
Now you have the apps installed and have setup your keys you can start authenticating. If you imported existing keys then go ahead and try to connect to any server configured for the keys. Alternatively as a quick test you can login to our Gateway Service via SSH which is automatically configured with any key you have generated or imported on your device.
ssh -l <email> gateway.sshtools.com