Secure Administration Of Servers And IoT With SSH

Phishing attacks and lack of two-factor authentication (2FA) are among the most common reasons for successful attacks on corporate networks. System administrators use either passwords or keys to access servers via SSH. Keys cannot be guessed, but key files can be stolen as easily as passwords (e.g. by malware). When using Nitrokey, SSH keys are securely stored in the Nitrokey instead.

Manage your servers, critical infrastructures and the Internet of Things (IoT) not only securely, but also more easily. Your administrators no longer need to synchronize key files between their desktops or enter complex passwords. Nitrokey acts as a physical key for SSH access to your servers and can be used flexibly on any desktop.


  • High security of your infrastructure through two-factor authentication
  • Easier to use as passwords and as synchronization of key files
  • No long passwords required; a short PIN or finger press is sufficiently secure.
  • Like an office or front door key, the Nitrokey is always there and can be used on Windows, macOS and Linux.
  • Compatible with all SSH servers without software changes.

Central User and Key Management

The distribution of the public SSH keys to your servers can be carried out unchanged using established methods (e.g. Puppet, Chef, Ansible). Alternatively we recommend Theo and PrivacyIDEA. Theo is a lightweight system specially designed for SSH. PrivacyIDEA is a comprehensive two-factor authentication system. Both systems consist of a central server and decentralized agents, which are installed on the servers to be administered. Users and public keys are managed centrally. The agents are responsible for distributing this information.

PrivacyIDEA also simplifies the personalization (key generation and configuration) of a large number of Nitrokeys. The nitrokeys are personalized one after the other without user interaction. PrivacyIDEA can be operated as a dedicated roll-out station for this purpose.


This video shows how easy it is to setup and use SSH with FIDO2 2FA.


Contact  Shop  Documentation