Support Center

  1. Support
  2. Serial
  3. SSH Identity Management

SSH Identity Management

Overview

Serial manages its own set of SSH identities independent of those stored on your system. This is to maintain compliance with Apple's application sandbox, a requirement for distribution on the Mac App Store, and for improved security. Serial allows you to import, export and create new SSH identities, all without leaving the application and dropping to the command line.

Secure Storage

Identities are stored securely within the macOS keychain. Each identity consists of the private key and a corresponding passphrase. If the passphrase is stored in the keychain the user will not be prompted for one when accessing the key. Otherwise, the user will be prompted the first time the key is accessed. We take great care to handle this information securely within Serial.1

Importing Identities

To import an identity, do the following:

  1. Open the "Public Key Identities" window by choosing "SSH Identities..." from the "Serial" menu.

  2. Click the "+" button and choose "Import Identity...".

  3. Select one or more identity private key files. Usually, these are the files without the ".pub" suffix.

  4. When prompted, enter the passphrase for the identity. Uncheck "Save passphrase in keychain" if you prefer to be manually prompted for the passphrase whenever the key is accessed. The passphrase is required to be able to validate the identity and is also used to automatically generate the corresponding public key.

Creating Identities

To create an identity, do the following:

  1. Open the "Public Key Identities" window by choosing "SSH Identities..." from the "Serial" menu.

  2. Click the "+" button and choose "New Identity...".

  3. Choose the key type and length, and enter a passphrase for the key. For security, Serial enforces the passphrase recommendation so the private key file is encrypted. This protects your key file if it is exported.

Exporting Identities

To export an identity, do the following:

  1. Open the "Public Key Identities" window by choosing "SSH Identities..." from the "Serial" menu.

  2. Select the identity (or identities) you'd like to export and then click the gear button, and choose "Export Identity...". You will be prompted to save a zip archive file containing both the public and private key files making up your identity. This archive will not contain any corresponding passphrases.

  1. Internally, passphrases and private keys are accessed and stored by an independent keychain helper process. When required for a connection, another independent connection helper process requests the private key and passphrase from the keychain helper using asymmetric key encryption. As a result, private keys and passphrases are never visible to the primary Serial process.