If you use the Terminal for any amount of work, sooner or later you will probably come across the need to use SSH. SSH is a transfer protocol used to send data securely over the internet. It stands for Secure Shell. SSH has the ability to use keys, which will allow one computer to access another computer using really long encrypted password. Keys are considered more secure than passwords because they are much longer in length and can not be easily broken via brute force methods, like most passwords can.
Mac OS X is built on UNIX, and has SSH installed on all versions of Mac OS X by default. No extra software is necessary to use SSH on Mac OS X. But to generate an SSH key on Mac OS X takes a few steps.
Step 1: Open Terminal
First, open the Terminal app on your computer. The Terminal app resides in /Applications/Utilities. The easiest way to launch it is to open Spotlight with Command-Spacebar, and then start typing Terminal. You should see the app as the top selection. Click enter to launch it.
The Terminal should open using your home directory as the default directory, but in case it doesn’t, do this:
Step 2: Check for existing keys
Now, inside your home directory, let’s see if you have any SSH keys already created:
ls -al ~/.ssh
If this is a brand new installation of Mac OS X, the .ssh directory might not even exist. (Pro Tip: Directories that have a period in front of them are hidden by default, meaning, you won’t see them listed in the Finder.)
If you have any keys already created, most likely they would be files listed with a “.pub” extension. Some default key file names are:
If you don’t have any keys already created, go to the next step to create one.
Step 3: Generate a new SSH key
In the terminal, enter this command:
ssh-keygen -t rsa -C "firstname.lastname@example.org"
Substitute your email address for the one listed above.
Hit enter, and you should see the following message returned:
# Creates a new ssh key, using the provided email as a label # Generating public/private rsa key pair. # Enter file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter] Press enter to create a key using the default settings.
Next, you will be asked to enter a passphrase. A passphrase is essentially a password that will be used every time the key itself is used. It’s another layer of security. You can hit enter and bypass using a passphrase, but you are effectively limiting how secure your connection will be. Keys can be stolen, and without a passphrase, someone could use your keys without any consequence. If you forgo using the passphrase, be warned.
Enter passphrase (empty for no passphrase): [Type a passphrase] # Enter same passphrase again: [Type passphrase again]
Once you enter your passphrase (or click enter to bypass entering a passphrase) you should see a confirmation that your key has been created, which will look something like this:
Your identification has been saved in /Users/you/.ssh/id_rsa. # Your public key has been saved in /Users/you/.ssh/id_rsa.pub. # The key fingerprint is: # 01:0f:f4:3b:ca:85:d6:17:a1:7d:f0:68:9d:f0:a2:db email@example.com
Step 4: Move key to remote server
Now that you have created a key, let’s move it to a remote server so we can connect to it.
First you will need to know the username of the account on the remote machine you will be connecting to, and you will need to know the remote machines address (either a fully qualified domain name, or an IP address).
Now, in the terminal, you will issue this command:
cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
If you are on a Linux system, you can try the following shortened command that does the same thing.
To test that everything worked correctly, try to initiate an SSH session from your machine to the remote machine via the terminal. If it works, you should be prompted for your passphrase (unless you opted not to enter one) and once entered correctly, be looking at the prompt for a shell on the remote machine.