SSH Signing with iPhone
Authenticate SSH connections from Vision Pro with keys stored in your iPhone's Secure Enclave.
What This Is
SSH key authentication usually means putting a private key file on whichever device you are connecting from. That works on a Mac. It does not work on Apple Vision Pro, where there is no filesystem you can drop a key into and no good way to mediate access.
Remote signing solves that. You generate the SSH key on your iPhone, in its Secure Enclave, and leave it there forever. When vmux on your Vision Pro needs to authenticate, it sends the signing challenge to your iPhone over the local network. You approve the request with Face ID. The iPhone signs the challenge and sends back the signature. The headset never sees the private key.
This works even if the headset is wiped, reset, or replaced. The key is bound to your iPhone's hardware, not to vmux.
Setup Prerequisites
This page covers the visionOS side of the flow. The iPhone setup — installing the RemoteSignerPhone app, generating the key, and getting the public key into your server's authorized_keys — is covered separately.
Before you can connect from Vision Pro, make sure:
- RemoteSignerPhone is installed and configured on your iPhone. See the RemoteSignerPhone manual for the iPhone-side setup, including key generation and adding the public key to your servers.
- Both devices are on the same Wi-Fi network, or close enough for Bluetooth peer-to-peer. vmux uses Apple's Multipeer Connectivity to find the iPhone — the same transport iOS uses for AirDrop. There is no internet hop.
- The RemoteSignerPhone app is in the foreground or recently used. When backgrounded, iOS may suspend it, and the headset will not be able to reach it until the app wakes again. (vmuxAgent on Mac wakes the iPhone via push for SSH connections from there; on Vision Pro the iPhone needs to be awake when you initiate the connect.)
Configuring a Host to Use Remote Signing
In the connection form (or when editing a saved host):
- Set the authentication method to Remote Signer.
- Tap Connect.
There is no extra configuration on the headset. vmux discovers the first available iPhone running RemoteSignerPhone and uses whichever signing key the iPhone offers for the destination host.
What Happens When You Connect
The full sequence, end to end, on the first connect of a session:
- You tap Connect in the headset.
- vmux begins the SSH handshake with your remote server.
- The server asks for an authentication signature.
- vmux looks for a paired iPhone via Multipeer Connectivity. This usually takes under a second on a good network.
- vmux sends the signing challenge to your iPhone over an encrypted Multipeer session.
- The iPhone shows a sheet describing the request: source device name (your headset), destination host, key fingerprint.
- You approve with Face ID.
- The iPhone signs the challenge inside the Secure Enclave and returns the signature.
- vmux passes the signature back to the SSH server. The server verifies it. The connection completes.
On follow-up reconnects within the same session, the Multipeer link stays open and pairing happens instantly. Each individual signing request still requires Face ID — there is no silent auto-approve mode.
What You See on the Headset
While vmux is waiting for your phone, the connection overlay shows a status message such as "Waiting for iPhone signer…". If you do not approve within ten seconds, the connection times out with the error "No iPhone signer found." You can tap Reconnect to try again.
The headset itself never displays a Face ID prompt — Vision Pro uses Optic ID, not Face ID, and the prompt happens on the iPhone. Look at your phone when you see the waiting status.
Multiple Identities
If your iPhone holds more than one identity in RemoteSignerPhone, the iPhone advertises them all. vmux on the headset will use whichever identity is appropriate for the destination host, based on which public keys the server has in its authorized_keys file. There is no per-host identity picker on the headset side yet — manage which identities are enabled from the iPhone app.
Troubleshooting
| Problem | Likely cause | Fix |
|---|---|---|
| "No iPhone signer found" appears immediately | RemoteSignerPhone is not running or not on the same network. | Open RemoteSignerPhone, leave it foregrounded, retry. |
| "No iPhone signer found" after about 10 seconds | iPhone is reachable but did not advertise an identity in time. | Confirm at least one identity is enabled in RemoteSignerPhone, then retry. |
| Face ID prompt never appears on iPhone | The Multipeer Connectivity invite was not delivered. | On the iPhone, cycle Wi-Fi off and back on, or reopen the RemoteSignerPhone app. |
| Connection succeeds but disconnects after a minute | The iPhone went to sleep and the link dropped before the next signing challenge. | Keep RemoteSignerPhone foregrounded for the duration of the session, or use Mosh, which only signs once at startup. |
| "Permission denied (publickey)" on the server | The public key is not in the server's authorized_keys. | Re-copy the public key from RemoteSignerPhone and append it to the server. |
| The iPhone shows the request but you tap "Deny" | Manual deny — the connect fails by design. | Approve next time. |
| Multiple iPhones on the same network | vmux auto-connects to whichever iPhone responds first. | Close RemoteSignerPhone on devices you do not want to be the signer. |
Privacy and Security
- The private key is generated inside the iPhone's Secure Enclave and is hardware-bound. Apple's framework returns no API for exporting it. If your iPhone is wiped, the key is gone and you have to regenerate.
- Multipeer Connectivity uses required encryption — sessions are encrypted point-to-point with no plaintext on the local network.
- The headset never receives, caches, or stores the private key. The only key material that touches Vision Pro is the signed challenge response, which is only valid for that one SSH handshake.
- Every signing request requires biometric approval. There is no "always approve from this device" toggle.
Related
- Authentication Methods — overview of all auth methods
- Companion Apps — full architecture of the Mac agent + iPhone signer pair
- RemoteSignerPhone manual — iPhone setup, key generation, identity management