SSH Keys
Use public-key authentication instead of passwords for security and convenience. Secure ShellFish supports ED25519, ECDSA and RSA keys, imports from OpenSSH and PEM formats, and can generate keys on the Secure Enclave of an iPhone, iPad or a Mac with Touch ID so the private key is bound to that device and never extractable.
A YubiKey can authenticate via FIDO2 or PIV — useful if you need a hardware token shared between Secure ShellFish and other clients.
For organisations with a certificate authority, Secure ShellFish supports short-lived SSH certificates: sign in to your CA via the in-app browser and the certificate auto-renews in the background before expiry, with no key material stored on disk.
The public key has to be present on each server. The Install Key tool adds keys to .ssh/authorized_keys on multiple servers in one pass, and can request assistance from another device when a server only accepts password auth.
Secure Enclave keys offer the strongest security guarantees an iPhone, iPad or Touch ID Mac can provide.