AI Tool Authentication

Set up tokens before connecting to avoid login issues on mobile.

Why Tokens?

AI coding tools (Claude Code, Copilot, Codex, etc.) require authentication on the remote server. Their browser-based /login flows don't work from mobile SSH — opening a browser causes Android/iOS to kill the terminal app, dropping your SSH session.

The solution: generate a token on your computer once, add it to your TerminaLLM connection profile as an environment variable, and never deal with /login again.

How to add env vars: Long-press a saved connection profile → Edit → scroll to Environment Variables. Tokens are exported automatically on every connect.

Setup by Tool

Claude Code

Anthropic • Token lasts 1 year

▶

Generate a long-lived OAuth token on any machine with a browser:

# One-time setup (lasts 1 year)
claude setup-token

# Add to TerminaLLM env vars:
CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...

Alternative (requires API billing, not Pro/Max subscription):
ANTHROPIC_API_KEY — generate at console.anthropic.com

Never run /logout — it permanently revokes the token. If you need to switch accounts, generate a new token with claude setup-token.

GitHub Copilot CLI

GitHub • Configurable expiry

▶

Generate a fine-grained personal access token:

# github.com/settings/tokens
# > Fine-grained token
# > Permission: Copilot Requests

# Add to TerminaLLM env vars:
COPILOT_GITHUB_TOKEN=github_pat_...

Also accepts: GH_TOKEN, GITHUB_TOKEN
Alternative: gh auth login on the server (device code flow, works in terminal)

OpenAI Codex CLI

OpenAI • No expiry

▶

# Generate at: platform.openai.com/api-keys
# > Create new secret key

# Add to TerminaLLM env vars:
OPENAI_API_KEY=sk-...

Requires OpenAI API billing. Keys don't expire until manually revoked.

Google Gemini CLI

Google • No expiry • Free tier available

▶

# Generate at: aistudio.google.com/apikey
# > Create API key

# Add to TerminaLLM env vars:
GEMINI_API_KEY=AI...

Free tier available with rate limits. Also accepts GOOGLE_API_KEY.

Amazon Q Developer

AWS • IAM Identity Center or Builder ID

▶

Authenticate directly on the server (recommended):

# SSO / device code flow (works in terminal)
aws configure sso

For programmatic access, add to TerminaLLM env vars:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN (if using STS)

Aider

Uses your LLM provider's key

▶

Aider doesn't have its own auth — it uses your LLM provider's API key:

# Add your provider's key to TerminaLLM env vars:
ANTHROPIC_API_KEY=sk-ant-...  # Claude
OPENAI_API_KEY=sk-...         # GPT
DEEPSEEK_API_KEY=...          # DeepSeek

If the key is set, Aider works. No /login needed.

Cursor CLI

Cursor • Expires after 90 days

▶

# Generate at: cursor.com dashboard
# > Integrations > User API Keys

# Add to TerminaLLM env vars:
CURSOR_API_KEY=...

Keys expire after 90 days. Regenerate and update the env var when expired.

Amp

Sourcegraph • Until revoked

▶

# Generate at: ampcode.com/settings

# Add to TerminaLLM env vars:
AMP_API_KEY=...

OpenCode

Uses your LLM provider's key

▶

# Add your provider's key to TerminaLLM env vars:
ANTHROPIC_API_KEY=sk-ant-...  # Claude
OPENAI_API_KEY=sk-...         # GPT

# Or authenticate on server:
# opencode auth login