35
submitted 5 months ago* (last edited 5 months ago) by irotsoma@piefed.blahaj.zone to c/selfhosted@lemmy.world

I've been using Termius for a few years for an SSH client. Have have a lot of self-hosted servers both in my home lab and on VPSs. I'm looking to cut some costs since it's $120/year and really the main thing I use it for is syncing my SSH accounts and credentials between a laptop, a desktop, and my Android phone. So I'm looking for a new method to sync these things.

I'd prefer a single application, but I'd settle for a good, secure way to sync the credentials and recommendations for applications on Fedora and Android.

Edit: I'm OK with a one time payment application, but prefer open source or a solution I can self-host the sync server. And I don't want a subscription.

you are viewing a single comment's thread
view the rest of the comments
[-] farcaller@fstab.sh 3 points 5 months ago

Let's untangle those problems. I have a similar setup so I just want to share some ideas to show that you don’t need to copy keys.

If I'm traveling or I wipe my device or get a new one, I would have to add the new key to many servers as authorized keys

If you oftentimes access ssh from untrusted systems you’re kind of in a bad spot to begin with. The best thing you can have is a yubikey on a keychain. Everything else means you leak secret material (a password or a key) to a machine you don’t inherently trust.

Also, I want a key backed up in case of disaster since all of my devices are in my home most of the time

Again, something that you can easily solve with a hardware key [in a safe]. But realistically, in case of a disaster a local shell password login should be good enough?

I'd recommend you to think about what attacks are you trying to prevent by using a shared private key. I’m not saying it's a bad concept, inherently having it in your password manager (like 1Password that even has ssh-agent support) is pretty common. The problem with just the keys is that it's non-trivial to expire them if needed. You might be indeed better off with some web based authentication that you can access from any place which would ask you secret questions/send you a text message or do whatever 2FA you deem sufficient and mint you a short-lived certificate for ssh.

this post was submitted on 07 Feb 2026
35 points (94.9% liked)

Selfhosted

60587 readers
1539 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the link in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post. )

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS