Protect your SSH keys using TPM and Windows Hello to enable secure SSH login authentication via fingerprint, facial recognition, or PIN.
A native Windows SSH security authentication app that leverages the computer’s built-in TPM chip and Windows Hello to protect SSH private keys from attacks and theft. The app generates ready-to-use Windows Hello keys to enable password-free SSH authentication via fingerprint or facial recognition.
🔐 Quickly create and generate hardware-protected SSH security keys, eliminating the risk of SSH private keys being stolen when stored on a hard drive.
🔐 Use Windows Hello biometrics for password-less login to an SSH server.
🔐 Private keys are generated entirely by the hardware and can never be exported; external keys cannot be imported (as their security cannot be guaranteed).
🔐 A powerful tool for improving efficiency and security, designed for operations and maintenance staff, developers, network engineers, and others.
🔐 Supports security authentication for OpenSSH, Git, WinSCP, PuTTY, SecureCRT, MobaXterm, and others.
🔐 Supports Windows 11 Performance Mode; when minimized, it runs in low-power, low-priority process mode for more energy-efficient tablet use.
🔐 Supports automatic startup at boot.
🔐 A standalone app that does not upload or sync any data, ensuring complete privacy.
🔐 Native WinUI app, not a web app wrapped in a native shell, so it runs more efficiently.
🔐 Apps packaged by the Microsoft Store; secure apps signed and certified by Microsoft.
🔐 A small installation package of just a few dozen MB, saving hard drive space.
💽 Windows 10 version 1903 (18362.0) and later
-
Q: Do I need to purchase an additional USB hardware key to use this app?
A: No, HelloUKey generates and manages keys using your computer’s built-in TPM hardware; it functions as an authenticator that acts as an SSH agent. -
Q: Does it support importing private keys from external sources?
A: Currently, it only supports generating SSH keys directly from TPM-based Windows Hello and provides hardware-level security authentication. We do not rule out adding an import feature in future updates. -
Q: When using PuTTY or WinSCP on Windows, can I use HelloUKey to replace Pageant for password-less login?
A: Yes, it functions as both an OpenSSH agent and a Pageant agent, so it supports clients like WinSCP that use Pageant as their agent. -
Q: Why does a PIN entry window pop up when I log in to SSH, while others see fingerprint and facial recognition prompts on their computers?
A: Because fingerprint recognition requires a fingerprint reader and Windows Hello configuration. In addition to the computer’s built-in fingerprint reader, you can also connect an external fingerprint reader that supports Windows Hello. -
Q: Does the app support use on Windows tablets such as the Surface?
A: It is ideal for use on such devices. It supports the three native processor architectures: x64, x86, and Arm64. As long as the operating system version is Windows 10 1903 (18362) or later, you can install and use it. -
Q: Can a single HelloUKey key be used for multiple servers?
A: You can certainly use the same private key to manage login authentication for your servers or devices. -
Q: Is the app suitable for SSH authentication with Git code repositories?
A: It’s ideal. Git uses the OpenSSH ssh tool on Windows, which supports direct interaction with proxies to complete authentication. Generating GitHub Authentication Keys with HelloUKey -
Q: Which SSH servers does the application support for authentication?
A: In theory, it supports all servers, network devices, terminals, and other systems that support SSH servers; you simply need to configure the public key on the server.