Get Moshi
security

Security and sync

Biometric checks, iCloud settings sync, optional credential sync, Keychain storage, and practical safety boundaries.

updated 1 week ago23 min readpage 22 / 23

Moshi stores connection metadata, credentials, and preferences through different paths so you can choose the right balance of convenience and security.

Credential storage

Connection passwords, private keys, key passphrases, and fingerprints are stored separately from the saved connection list. On iOS, Moshi uses secure storage for connection credentials.

Deleting a connection clears its related credential entries.

Biometric checks

Two biometric preferences are available:

  • Biometric for keys: require Face ID or Touch ID before using saved key material by default.
  • Biometric on resume: require a biometric check when returning to Moshi.

Use both if your device is shared or your SSH keys can reach sensitive hosts.

iCloud sync

Moshi can sync settings through iCloud when enabled. Credential sync is a separate toggle and is disabled unless iCloud sync is enabled.

Use settings sync for convenience across devices. Think carefully before enabling credential sync on devices you do not fully control.

Private key handling

When importing a key, prefer a dedicated key for Moshi instead of reusing your main laptop key. Generated Ed25519 keys are a good default.

If you copy a private key out of Moshi, iOS requires biometric confirmation first. Avoid leaving private keys in clipboard history, shared notes, or cloud drives.

moshi-hook secrets

On macOS, moshi-hook pair stores host secrets in Keychain by default. On Linux, and on macOS when --store file is selected, secrets are stored in a file with restrictive permissions.

Use file-backed storage for headless machines where Keychain is unavailable, but protect the host account like any other machine with API credentials.

Practical safety checklist

  • Use a unique SSH key for Moshi.
  • Add the public key only to hosts where mobile access is intended.
  • Keep iOS device passcode and biometrics enabled.
  • Disable credential sync unless you need it.
  • Remove old saved connections when a host is retired.
  • Rotate moshi-hook pairing by pairing again if a host is compromised.