Mac OS X: How To Generate SSH Keys

If you use the Terminal for any amount of work, sooner or later you will probably come across the need to use SSH. SSH is a transfer protocol used to send data securely over the internet. It stands for Secure Shell. SSH has the ability to use keys, which will allow one computer to access another computer using really long encrypted password. Keys are considered more secure than passwords because they are much longer in length and can not be easily broken via brute force methods, like most passwords can.

Mac OS X is built on UNIX, and has SSH installed on all versions of Mac OS X by default. No extra software is necessary to use SSH on Mac OS X. But to generate an SSH key on Mac OS X takes a few steps.

Step 1: Open Terminal

First, open the Terminal app on your computer. The Terminal app resides in /Applications/Utilities. The easiest way to launch it is to open Spotlight with Command-Spacebar, and then start typing Terminal. You should see the app as the top selection. Click enter to launch it.

Screen Shot 2014 12 14 at 9.50.40 AM Mac OS X: How To Generate SSH Keys

The Terminal should open using your home directory as the default directory, but in case it doesn’t, do this:

cd ~/

Step 2: Check for existing keys

Now, inside your home directory, let’s see if you have any SSH keys already created:

ls -al ~/.ssh

If this is a brand new installation of Mac OS X, the .ssh directory might not even exist. (Pro Tip: Directories that have a period in front of them are hidden by default, meaning, you won’t see them listed in the Finder.)

If you have any keys already created, most likely they would be files listed with a “.pub” extension. Some default key file names are:

  • id_dsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub
  • id_rsa.pub

If you don’t have any keys already created, go to the next step to create one.

Step 3: Generate a new SSH key

In the terminal, enter this command:

ssh-keygen -t rsa -C "your_email@example.com"

Substitute your email address for the one listed above.

Hit enter, and you should see the following message returned:

# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
# Enter file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

Press enter to create a key using the default settings.

Next, you will be asked to enter a passphrase. A passphrase is essentially a password that will be used every time the key itself is used. It’s another layer of security. You can hit enter and bypass using a passphrase, but you are effectively limiting how secure your connection will be. Keys can be stolen, and without a passphrase, someone could use your keys without any consequence. If you forgo using the passphrase, be warned.

Enter passphrase (empty for no passphrase): [Type a passphrase] # Enter same passphrase again: [Type passphrase again]

Once you enter your passphrase (or click enter to bypass entering a passphrase) you should see a confirmation that your key has been created, which will look something like this:

Your identification has been saved in /Users/you/.ssh/id_rsa.
# Your public key has been saved in /Users/you/.ssh/id_rsa.pub.
# The key fingerprint is:
# 01:0f:f4:3b:ca:85:d6:17:a1:7d:f0:68:9d:f0:a2:db your_email@example.com

Step 4: Move key to remote server

Now that you have created a key, let’s move it to a remote server so we can connect to it.

First you will need to know the username of the account on the remote machine you will be connecting to, and you will need to know the remote machines address (either a fully qualified domain name, or an IP address).

Now, in the terminal, you will issue this command:

cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

If you are on a Linux system, you can try the following shortened command that does the same thing.

ssh-copy-id user@123.45.56.78

To test that everything worked correctly, try to initiate an SSH session from your machine to the remote machine via the terminal. If it works, you should be prompted for your passphrase (unless you opted not to enter one) and once entered correctly, be looking at the prompt for a shell on the remote machine.


Category: OS X,Tutorial,UNIX,Web Development

Lion: Present and Future Tense

Lion has been available to the masses for over 2 months now, and the reception has been generally pretty favorable. Distribution of a commercial OS via a downloadable only option has never been tried before, and I think by all accounts, it has been very successful. Still, with any new release, there are those that don’t find the grass greener in the new pasture. Lion brings a lot to the table to be pleased with, but it also brings a fair amount of change to the table as well.

Depending upon your level of interaction, that change might be as minor as Apple’s decision to switch the default scrolling direction. Or, if you are a developer, it might be as complex as requiring you to have your application sandboxed by November 1st if you wish to continue selling it through the Mac App Store.

Apple has always been a company that isn’t afraid to cut ties to the past in order to forge a path to where they believe the future is. In sports parlance, this is ‘skating to where the puck is going to be’. In many cases, Apple is the entity driving the puck itself. From time to time, this has caused some consternation in the Mac community. Yet Apple forges ahead.

Most of the Mac OS X releases to date have been evolutionary. With Lion, Apple has taken the biggest leap yet. With the Mac App Store, LaunchPad, and Sandboxing, I think it is pretty clear where Apple is headed. I don’t subscribe to the theory that Apple will ‘merge’ iOS and Mac OS X. That seems silly to me, as if Apple had felt on OS was sufficient for all devices, it wouldn’t have created iOS from the underlying OS X technology in the first place.

I do, however, believe that Apple is moving to remake the Mac in the likeness of iOS. With Sandboxing, Launchpad, and the memory management changes that have appeared in Lion, they have already taken some great steps in that direction. I wouldn’t be surprised to see future releases of Mac OS X (nee, now just OS X, which in of itself is perhaps quite telling) become more locked down like iOS.


Category: Apple

Apple already testing Mac OS X 10.6.4

And in other news, Obama already contemplating new taxes.


Category: News

About the author

A user of Macs since they had silly names like Performa and Centris, Theodore Lee is a techie who prides himself on his vast knowledge of all things Apple. OS X Factor was started in 2001 (originally as macosxcentric), and continues to churn out tips, tutorials, reviews and commentary on the tech sector.