Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Best practices setup for SSH client in OS X
# generates SSH key, if none
# TODO: suggests "good" key comment
# converts to encrypted key, in case existing key is not an encrypted one
# TODO: ensures that ~/.ssh/config defines that keys are added to agent upon (successfull) connection, and keychain is used for storing key password
# optionally, "fixes" Filezilla by auto-loading keys to SSH agent (otherwise only option is to run "ssh-add" manually or connecting to server in SSH first)
if [ ! -f ~/.ssh/config ]; then
cat << EOF > ~/.ssh/config
UseKeychain yes
AddKeysToAgent yes
chmod 0600 ~/.ssh/config
if [ ! -f ~/.ssh/id_rsa ]; then
echo "SSH key was not found. No worries, we are going to walk you through the generation of the SSH key."
ssh-keygen -t rsa -f ~/.ssh/id_rsa
echo "Now we are going to check if your key is encrypted..."
if ssh-keygen -p -P '' -N '' -f ~/.ssh/id_rsa > /dev/null 2>&1; then
echo "Your SSH key ~/.ssh/id_rsa does not appear to be encrypted. We are going to encrypt it now."
ssh-keygen -p -f ~/.ssh/id_rsa
echo "Your SSH key is an encrypted one. So far so good."
read -p "Do you want to encrypt with a different passphrase? [y|n] " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
# do dangerous stuff
ssh-keygen -p -f ~/.ssh/id_rsa
read -p 'Do you want to "fix" FileZilla by loading SSH keys with passphase already in keychain, to your SSH agent? [y|n] ' -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then
mkdir -p ~/Library/LaunchAgents/
cat << EOF > ~/Library/LaunchAgents/ssh.add.a.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
rm -rf ~/Library/LaunchAgents/ssh.add.a.plist
echo "That's all, folks"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment