Skip to main content

SSH Keys

KoreShell has a built-in SSH key manager — generate, store, and deploy keys to servers without touching the terminal.

Overview

There are two types of keys in KoreShell:

TypeDescription
Local keypairsKeys generated by or imported into KoreShell — stored in the vault
Authorized keysPublic keys installed on a server's ~/.ssh/authorized_keys

Generating a New Key

  1. Go to Settings → SSH Keys → Generate Key (or click + GENERATE in the SSH Keys manager)
  2. Choose:
OptionDescription
TypeEd25519 (recommended) or RSA 4096
NameLabel for this key
PassphraseOptional — stored encrypted in vault
  1. Click GENERATE — the keypair is created and stored locally

The public key is immediately available to copy. Use it to authorize access on any server.

Importing an Existing Key

Click IMPORT and paste the private key (PEM or OpenSSH format), or use the file picker to load from disk.

Supported formats:

  • -----BEGIN OPENSSH PRIVATE KEY----- (Ed25519, ECDSA, RSA)
  • -----BEGIN RSA PRIVATE KEY----- (RSA PKCS#1)
  • -----BEGIN EC PRIVATE KEY----- (ECDSA)

If the key has a passphrase, enter it when prompted — it's stored encrypted in the vault.

Deploying a Key to a Server

After generating or importing a key:

  1. Open the SSH Keys tab on a connected server
  2. Select the local key to deploy
  3. Select the remote user (default: the SSH user for this server)
  4. Click AUTHORIZE — KoreShell appends the public key to ~/.ssh/authorized_keys on the server and sets correct permissions (600)

This is equivalent to running ssh-copy-id but without leaving KoreShell.

Viewing Authorized Keys on a Server

The SSH Keys tab on a connected server lists all public keys in ~/.ssh/authorized_keys for the current user, plus any other users you have permission to inspect.

You can REVOKE any key from this list — KoreShell removes the matching line from authorized_keys.

Using a Key for Server Auth

When adding or editing a server, set Auth Method → SSH Key and select the key from the dropdown. KoreShell uses the stored private key automatically on every connection.

Key Security

  • Private keys are stored in the AES-256-GCM vault — never written to disk in plaintext
  • On macOS, the vault master key is stored in the system Keychain
  • Keys are never transmitted to any server or network endpoint
  • Private key data is zeroed from memory after the SSH handshake completes

Exporting a Key

Right-click a key in the manager → Export Private Key to save to a file. You'll be prompted to confirm — the file is written in OpenSSH format.

caution

Exported key files are unencrypted. Protect them with appropriate file permissions (chmod 600) and do not share them.