Secure Shell (SSH) keys are used on modern networks for computers to identify each other, and to grant secure access from one computer on a network to another. The basic was SSH runs is with keys, you create SSH keys in Mac OS X using the ssh-keygen command in Terminal.
This feature looks at how to generate an SSH key pair in Terminal.
What is an SSH key?
Secure Shell (SSH) keys serve as a means of identification to an SSH server. It works by means of a key pair (two keys). These replace or augment passwords and other traditional means of identification. It is commonly used by services such as Drupal.org and Github as a means of identification.
SSH keys are generated in pairs: one private, and one public. The private key is kept on your computer; the other public key is placed in a remote location. Secure Shell (SSH) communication is only possible with both keys in place. Anybody attempting to intercept the communication cannot intercept the SSH key because it is not transmitted, unlike a password which has to be sent back and forth for identification.
SSH keys are not ideal for everybody. They tend to be a quite complex technology and are typically used by developers, and other high-end users. Typical in sevices like
Github. If you’re asking how to create an SSH key then you probably already know what you’re going to do with it, so this how-to will focus on how to generate the SSH key in Mac OS X.
How to SSH keys work in Mac OS X
SSH keys are generated using the Terminal application (located in /Applications/Utilities/). Terminal enables you to enter Unix commands directly into Mac OS X.
SSH keys are placed in the ‘.ssh’ folder inside your Home folder (it is a hidden folder, signified by the ‘.’ before it. This folder will not exist in your Home folder until you start generating SSH keys.
Inside this folder will be placed two files:
- ‘id_rsa’. This is the private SSH key. You do not share this with anybody
- ‘id_rsa.pub’ this is the matching public key. This is the public key (hence the ‘.pub’ on the end you share with other people so they can access your computer on the network.
You will need to come up with a passphrase (password) when generating your SSH keys. The passphrase should be a reasonably strong password with a mixture of uppercase and lowercase letters, numbers and symbols. You can also add your FTP login. In order to view files you need the public SSH key, and the FTP login and password.
How to generate an SSH key in Mac OS X
Here is how to go about generating your SSH key pair in Mac OS X
- Open the terminal App and enter the text below (replace yourname@yourdomain with your FTP login details):
ssh-keygen -t rsa -C “email@example.com”
- You now choose the location for the keys.It will say “Enter file in which to save the key (/Users/Lou/.ssh/id_rsa)”. If you’re happy with the default location (~/.ssh/) just tap Return.
- It will now say “Enter passphrase (empty for no passphrase):”. Enter your passphrase and press Return. You are asked to re-enter the password to confirm you typed it correctly.
- Terminal will now say “Your identification has been saved in /Users/Lou/.ssh/id_rsa” and “Your public key has been saved in /Users/Lou/.ssh/id_rsa.pub.”
You can find both of these files using Terminal. You will also get a key Fingerprint and Randomart file. The Fingerprint matches the public key and can be used in some situations for authentication, and the Randomart file is designed to match the Fingerprint but be easier to visually identify that it is the right key.
You can view the two files by typing in the following:
How do I copy the SSH public key into Mac OS X clipboard
You can copy the SSH public key into the Mac OS X clipboard. This enables you o paste it into your Drupal.org profile, Github and other places where it is required for identification.
This copies the entire key into the clipboard. You can open TextEdit and choose Edit > Paste to take a look at it if you want. In case you want to stick inside Terminal you can also use the paste command to paste the public key into a file in Terminal:
pbpaste > ~/clipboard.text