Introduction
Now you can generate public or private key pair using PuTTYgen. Download PuTTYgen for Mac. Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go. There are many options of running the SSH on Macs, however we recommend running this from the terminal command line as this is the easiest. To get started, you need to open the Terminal application which is found in Applications Utilities Directory, but you can also launch this by hitting cmd+spacebar and typing “Terminal” into the search box and then return. So far in this series of posts on ssh on macOS. Quick Introduction to ssh for Mac Admins; SSH Keys, Part 1: Host Verification; SSH Keys, Part 2: Client Verification; Transferring files with ssh (this post); SSH Tunnels (upcoming); Please consider supporting Scripting OS X by buying one of my books! In the previous posts we looked how to connect with ssh to a remote computer (host) and how to.
Setting up SSH based security to access your server is a much more effective way than the use of a manual root password. Cracking the security system of a node depending on SSH keys is nearly impossible since it secures your node in a more sophisticated way by the use of encoded keys.
Why is a password-based authentication vulnerable?
A server can authenticate & grant access to the users with different access methods. The most basic of these is a password-based authentication, which is easy to use but isn’t the most secure.
Modern processing power combined with automated scripts make brute forcing a password-protected account very possible since passwords generally are not complex. SSH keys prove to be a reliable and secure alternative.
What are SSH Keys?
SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. Each key pair consists of a public key and a private key.
The private key is retained by the client on his local machine and should be kept absolutely secret. Any compromise of the private key will allow the attacker to log into servers that are configured with the associated public key without additional authentication. As an additional precaution, the key can be encrypted on disk with a passphrase.
The public key is uploaded onto the remote server that you want to be able to log into with SSH.
When a client attempts to authenticate using SSH keys, the server can test the client on whether they are in possession of the private key. If the key-pair matches then a shell session is spawned or the requested command is executed.
When a client attempts to authenticate using SSH keys, the server can test the client on whether they are in possession of the private key. If the key-pair matches then a shell session is spawned or the requested command is executed.
How do SSH keys work
- A key pair will be generated on your local PC.
- Generating a key pair provides you with two long string of characters: a public and a private key.
- The public key will be added to your node.
- The corresponding private key pair will be saved on your local PC.
- Every time you access your node, the SSH system will look up for the private key pair of the public key added to it. The system will unlock only when the two keys match.
- You can also disable the root password after the SSH keys are set up.
Make sure that you add the public key to the servers and the private key is saved in a secure location on your PC.
Setup SSH keys – macOS
The following outlines the process of setting up key-based SSH login on Mac OS X and Mac OS X Server. To set up key-based SSH, you must generate the keys the two computers will use to establish and validate the identity of each other.
This doesn’t authorize all users of the computer to have SSH access. Keys must be generated for each user account.
Step 1 – Verification of .ssh directory
Verify that an .ssh folder exists in your home folder by entering the command-
If .ssh is listed in the output, move to next step.
If .ssh is not listed in the output, run
mkdir ~/.ssh
Change directories in the shell to the hidden .ssh directory by entering the following command:
Step 2 – Create the RSA Key Pair
Generate the public and private keys by entering the following command:
ssh-keygen -b 1024 -t rsa -f id_rsa
(The -b flag sets the length of the keys to 1,024-bits, -t indicates to use the RSA hashing algorithm, -f sets the file name as id_rsa.)
View Ssh Key Mac
The above command will follow up with some confirmation messages
[root@e2e ~]# ssh-keygen -b 1024 -t rsa -f id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
press Enter to set the passprase to null
Two files will be generated after this step.
- id_rsa (Private Key)
- id_rsa.pub (public key)
Note: Keys are equivalent to passwords so you should keep them private and protected.DO NOT SHARE YOUR PRIVATE KEY (id_rsa)
Prior to scp/ssh we have to add the identity to the user for whom we generated the key, by running
Step 3 – Copy the Public Key to your node
Now you can copy and add your public key id_rsa.pub file, to set up SSH on your node under MyAccount.
You can usually get this key by copying the results of:
Paste the results generated from id_rsa.pub to the SSH section under MyAccount.
You may add multiple SSH keys & can provide a label to each SSH key for easy identification & management purpose.
Copy the public key directly to a server (Alternate Approach)
The command
ssh-copy-id
can be used to install an authorized key on the server.Get Ssh Key Mac
If you don’t have SSH access to the server then it will require a root password which is shared with you in the email.
Once the key has been authorized for SSH, it grants access to the server without a password.
Use a command like the following to copy SSH key:
Enter the following command to copy your public key to your Node:
This will copy your public key to the authorized_keys file on your server.
Make sure to replace xxx.xx.xx.xx with your actual Ip address and replace user with your actual username in the above command.
Once you enter the ssh-copy-id command, you will see information similar to this:
Only the public key is copied to the server. The private key should never be copied to a machine.
Modifying permissions
For an additional layer of security, modify the file permissions.
![Create ssh key mac Create ssh key mac](/uploads/1/1/8/6/118662145/574087087.png)
Directory .ssh should have 700 permissions and authorized_keys file should have 400 or 600 permissions. To change the permissions, use the following commands:
Now log into the remote server using ssh or scp/sftp:
Was this article helpful?
Related Articles
Overview
To use SSH keys on IU Sitehosting, follow the instructions for your OS.
You should not manually edit your
authorized_keys
file in the .ssh
directory in your account. Any manual changes made to this file will be purged.Generate SSH keys on Linux/Mac
- Generate a public/private key pair:
- Log in to the computer you will use to access Sitehost, and then use the command line to generate a key pair. To generate RSA keys, on the command line, enter:
- You will be prompted to supply a filename (for saving the key pair) and a passphrase (for protecting your private key):
- Filename: To accept the default filename and location for your key pair, press
Enter
orReturn
without entering a filename. Alternatively, you can enter a filename (for example,my_ssh_key
) at the prompt, and then pressEnter
orReturn
. - Passphrase: Enter a passphrase that contains at least five characters, and then press
Enter
orReturn
. If you pressEnter
orReturn
without entering a passphrase, your private key will be generated without password protection.
- Filename: To accept the default filename and location for your key pair, press
- Once the key pair has been generated, navigate to the location where you saved the public key.
- Copy the contents of your public key (this is the file with the
.pub
extension). - Once you copy the contents of your public key, see Add a public key to IU Sitehosting below.
Generate SSH keys on Windows
- Install PuTTY. The PuTTY command-line SSH client, the PuTTYgen key generation utility, the Pageant SSH authentication agent, and the PuTTY SCP and SFTP utilities are packaged together in a Windows installer available under The MIT License for free download from the PuTTY development team.
- Launch PuTTYgen.
- In the 'PuTTY Key Generator' window, under 'Parameters':
- For 'Type of key to generate', select RSA. (In older versions of PuTTYgen, select SSH2-RSA.)
- For 'Number of bits in a generated key', leave the default value (
2048
).
- Under 'Actions', click Generate.
- When prompted, use your mouse (or trackpad) to move your cursor around the blank area under 'Key'; this generates randomness that PuTTYgen uses to generate your key pair.
- When your key pair is generated, PuTTYgen displays the public key in the area under 'Key'. In the 'Key passphrase' and 'Confirm passphrase' text boxes, enter a passphrase to passphrase-protect your private key.If you don't passphrase-protect your private key, anyone with access to your computer will be able to SSH (without being prompted for a passphrase) to your account on any remote system that has the corresponding public key.
- Right-click in the 'Public key for pasting into OpenSSH authorized_keys file' text box, choose Select All, and then right-click in the text box again and select Copy.
- Save your private key in a safe place. You'll use the passphrase any time you log into a Sitehost server using SSH keys, and you'll need to copy the public key to your profile on the WebTech website. To save your private key:
- Under 'Actions', next to 'Save the generated key', click Save private key.If you didn't passphrase-protect your private key, the utility will ask whether you're sure you want to save it without a passphrase. Click Yes to proceed or No to go back and create a passphrase for your private key.
- Keep 'Save as type' set to PuTTY Private Key Files (*.ppk), give the file a name (for example,
putty_private_key
), select a location on your computer to store it, and then click Save. - If you wish to connect to a remote desktop system such as Research Desktop (RED), click Conversions > Export OpenSSH key, give the file a name (for example,
putty_rsa
), select a location on your computer to store it, and then click Save.
- Under 'Actions', next to 'Save the generated key', click Save private key.
If you no longer have the public key, or if it is later determined to be invalid, use the following steps to obtain a public key:
- Launch PuTTYgen.
- Click Load.
- Navigate to your private key and click Open.
- In the PuTTYgen pop-up window, enter the passphrase.
- Right-click in the 'Public key for pasting into OpenSSH authorized_keys file' text box, choose Select All, and then right-click in the text box again and select Copy.
- Select File > Exit to close PuTTYgen.
Add a public key to IU Sitehosting
- Go to the IU Sitehosting account management.
- At the top right, click Sign in, and, if prompted, log in with your IU username and passphrase.
- At the top right, click your name. When you see the dropdown menu, click Manage SSH Keys.
- Under 'Manage SSH keys':
- In the 'Note' field, enter a short description.
- In the 'Public Key' field, paste the public key you copied in step 7 above.
- Click Add. If the public key is valid, it will be added to your profile. Within 30 minutes, the public key will be added to all Sitehost-test and Sitehost accounts that you own, or for which you are a proxy or developer.