Skip to content

Instantly share code, notes, and snippets.

@GaryRogers

GaryRogers/MacOSXPublicKeySSH.md

Last active October 22, 2022 04:10
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save GaryRogers/e3c4d1caeac0dc4bca36 to your computer and use it in GitHub Desktop.
Save GaryRogers/e3c4d1caeac0dc4bca36 to your computer and use it in GitHub Desktop.
Download ZIP
Set up public key ssh on Mac OS X
Raw
MacOSXPublicKeySSH.md

Setting up SSH Key Auth on a Mac

Overview

Setting up public key auth allows you to ssh and scp to remote hosts without using your password. It uses encryption keys instead. Typically when you set up a private key it is best practice to set a password on the private key, which would result in a need to enter the private key password every time you want to login to a remote host. Apple has a feature of the MacOS X Keychain that allows you to add this password to your keychain, basically making the unlocking of the private key transparent. You can also change the protection level on this password in Keychain Access to require the keychain password every time it's used.

The gist of what we'll be doing is creating a private key, and then sending the associated public key to the remote host to establish trust between the local system and the remote system.

Procedure

Copy the following code blocks into a terminal window, one after the other. Several will prompt you for passwords, either for your public key password, or for your password on the remote host. At the end of the process you should be able to test your log in without being prompted for your remote host password.

local_host=$(hostname)
remote_host=host.example.com
key_file=id_rsa
# Create the .ssh directory if it doesn't exist.
if [ ! -d ~/.ssh ]; then
  mkdir ~/.ssh
  chmod 700 ~/.ssh
fi

# Create the private key if it doesn't exist.
if [ ! -f ~/.ssh/${key_file} ]; then
  ssh-keygen -q -f ~/.ssh/${key_file} -t rsa
fi
# Add the private key to the Mac OS X Keychain.
# This will unlock the key for you as long as you're logged in and have keychain access.
ssh-add -K ~/.ssh/${key_file}
# Create the ~/.ssh directory on the remote host if it doesn't exist.
ssh ${remote_host} -t 'if [ ! -d ~/.ssh ]; then mkdir ~/.ssh; chmod 700 ~/.ssh; fi'
# Create the ~/.authorized_keys file on the remote host if it doesn't exist.
ssh ${remote_host} -t 'if [ ! -f ~/.ssh/authorized_keys ]; then touch ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys; fi'
# Copy the public key to the remote host (Append local_host name so that we don't over-write a key of the same name)
scp ~/.ssh/${key_file}.pub ${remote_host}:~/.ssh/${key_file}-${local_host}.pub
# Cat the public key into the authorized_keys file.
ssh ${remote_host} -t "cat ~/.ssh/${key_file}-${local_host}.pub >> ~/.ssh/authorized_keys; rm ~/.ssh/${key_file}-${local_host}.pub"
# Cat the public key into the authorized_keys file.
ssh ${remote_host}

See Also

http://micheljansen.org/blog/entry/123 https://wiki.hpcc.msu.edu/display/hpccdocs/Adding+a+Private+Key+to+Your+Mac+OSX+Keychain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment