Authentication

DR-Terminal supports three auth methods: password, private key, and FIDO2 (YubiKey) security key.

Password

The simplest route. A password entered on a saved connection lands in the platform's secure store — never in JSON config. If the password field is empty the app asks every time you connect.

Public-key → password fallback: when the server rejects a public key (e.g. it isn't in authorized_keys), DR-Terminal automatically asks for the password for the same user instead of dropping the connection.

Private key

PEM (OpenSSH) format is supported. You can:

• Paste the key directly into the connection form.
• Use the key manager (Settings → Security → SSH keys) and select a stored key.

If the key is encrypted with a passphrase, DR-Terminal asks for it at connect time. We support many algorithms — RSA, ECDSA (P-256, P-384, P-521), Ed25519, Ed25519-SK, ECDSA-SK (FIDO).

Key generator

Settings → Security has a Generate SSH key wizard. Pick the type (e.g. ed25519), set a passphrase (optional — it protects the key even inside the secure store), and the key is saved locally. The default key comment is ${user}@${host}@DR-Terminal — handy for spotting the key on the server. The public key can be copied to the clipboard for ~/.ssh/authorized_keys on the server.

Keys in the list can be renamed in-place; if the name you pick collides with an existing one, the app appends (2) automatically.

Windows Hello: on Windows the key generator invokes the native Windows Hello dialog (PIN / fingerprint / face) instead of an in-app dialog — the passphrase is then TPM-backed.

Key converter

If you have a key in a non-portable format (e.g. PuTTY .ppk), use the converter — it produces an OpenSSH PEM file.

Security key (FIDO2 / YubiKey)

DR-Terminal handles ed25519-sk and ecdsa-sk keys — and you can generate them from inside the app. No external ssh-keygen needed.

Generate a YubiKey-backed key in DR-Terminal

1. Settings → Security → SSH keys → Generate SSH key.
2. Flip the Security key switch on. Pick the algorithm — Ed25519-SK (recommended) or ECDSA-SK.
3. Touch your YubiKey when prompted. The app asks the token to create a new credential and signs the public key.
4. The key is stored in DR-Terminal's key manager. Copy the public key and paste it into ~/.ssh/authorized_keys on the target server.

Resident keys (stored on the YubiKey itself) eliminate the need to carry the key file — the entire secret lives on the token. The generator offers this as an option.

Using an existing SK key

If you already have an id_ed25519_sk / id_ecdsa_sk generated elsewhere (e.g. via ssh-keygen -t ed25519-sk), import it via the same key manager — DR-Terminal treats imported and generated SK keys the same way.

At connect time

DR-Terminal requests a touch on your key. The indicator blinks — tap it. iOS supports NFC and USB-C (YubiKey 5Ci and later). Android — NFC + USB (OTG). Desktop uses native FIDO2 APIs (Windows Hello, macOS, Linux via libfido2).