SSH is used to connect remote systems in a secure way via the command-line interface. Apple operating system MacOSX supports SSH as a built-in function. MacOSX is a Unix derivative like the Linux distributions and provides similar commands and command-line usage. SSH keys are used to authenticate remote systems without a password. In this tutorial, we will learn how to create different types and sizes of SSH keys in MacOSX for passwordless authentication and login for SSH.
Open Terminal
As the ssh-keygen is a command-line tool we will first open the command line interface which is provided via terminal. In order to open the terminal follow these steps.
- Click on the Finder
- Click on the Applications
- Select Utilities
- Click on the Terminal
Then the terminal is opened it will provide you the command prompt with your computer name and user name.
Generate SSH Key with ssh-keygen
SSH uses 2 keys called Public Key and Private Key. The keys are related to each other and the data encrypted with the Public Key can be decrypted with its Private Key. The ssh-keygen command will create both of these keys. The following command will generate the Public and Private SSH key pair.
$ ssh-keygen -t rsaWhen this command is executed the SSH key generation process will start and ask us some questions about the keys like below.
Generating public/private rsa key pair. Enter file in which to save the key (/home/ismail/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ismail/.ssh/id_rsa Your public key has been saved in /home/ismail/.ssh/id_rsa.pub The key fingerprint is: SHA256:5oS6IpD7+2vP7LR0C4SAdJonOAPhdhDzDbNYK1IjxLo ismail@ubuntu The key's randomart image is: +---[RSA 3072]----+ |B+= | |==X. | |BO.* . | |+o=. . . | | o . o S | |E o + | |.. . + o | |o . .* + . | | oo=++* . | +----[SHA256]-----+
- “Enter file in which to save the key (/home/ismail/.ssh/id_rsa):” ask the location where the SSH keys are saved.
- “Enter passphrase (empty for no passphrase):” ask password to encrypt generated keys which will be more secure but a bit less practical. If you have disk encryption do not use it and provide a password.
- “Your identification has been saved in /home/ismail/.ssh/id_rsa” is the Private SSH key location and name.
- “Your public key has been saved in /home/ismail/.ssh/id_rsa.pub” is the Public SSH key location and name.
Generate RSA SSH Key
The ssh-keygen can be used to generate different types of keys like ECDSA, RSA, etc. The RSA is the default key type which is generated automatically but you can also specify this key type explicitly if it does not default in your case. The -t option is used with the rsa parameter like below.
$ ssh-keygen -t rsaGenerate DSA SSH Key
ECDSA is another popular cryptographic protocol that is used as an SSH key type. The ssh-keygen command can be used to create the ECDSA SSH key by providing the -t option with the ecdsa parameter like below.
$ ssh-keygen -t ecdsaGenerate 4096 Bit SSH Key
By default, the key size is 2048. The size of the key sets the security of the communication but a higher key size means more security and less performance. We can also create 4096 bit SSH key by using the -b option and specifying the size as 4096.
$ ssh-keygen -b 4096The SSH key size parameter can be also used with the key type parameter like below. In the following examples, we generate 4096-bit RSA and ECDSA keys using the ssh-keygen command.
$ ssh-keygen -b 4096 -t rsa
$ ssh-keygen -b 4096 -t ecdsaCopy SSH Key Remote Server For Passwordless Login
The generated key can be copied to the remote system in order to use passwordless authentication or key-based authentication without typing the password again and again. The ssh-copy-id command is used to copy our current key to the remote SSH system. In the following example, we provide the remote system IP address and username we want to copy our public SSH key. Keep in mind that the SSH public key is copied for the specified user, not another user. To copy SSH public key we should provide the password of the specified user in the remote system for one time but after copy, we do not need to use the password as expected.
$ ssh-copy-id ismail@192.168.200.150Alternatively, the hostname of the remote system can be used instead of the IP address.
$ ssh-copy-id ismail@srv1.linuxtect.comNow you can use the ssh command in order to log in to the remote system without a password like below.
$ ssh ismail@192.168.200.150Remove SSH Key
Sometimes we may need to generate new SSH public and private keys with their default names. But if there are SSH keys with the same names we should remove them. As the SSH keys are just files we can use the rm command in order to remove public and private SSH keys. In the following example, we remove the public and private RSA SSH keys.
$ rm ~/.ssh/rsa*Use the following command to remove ECDSA public and private keys.
$ rm ~/.ssh/ecdsa*