How to Set Up Public Key Authentication (PKA) on your Mac

Since I’m on such a roll with the Mac How-To’s… hell, why not another one?

This one’s aimed at the Mac users who find themselves messing about in the Terminal app doing various things on the command line. Granted, not your average Mac user, but still…

I mentioned public key authentication (PKA) in my previous post, saying that having it “set up is optional, but will make the process a bit more convenient”. But someone who isn’t familiar with PKA won’t know exactly how it makes things convenient.

The simple answer is: You won’t have to type your password when connecting to another machine when doing something over SSH, such as: ssh, sftp, scp, rsync, and secure port forwarding.

The Web offers many explanations of how PKA and SSH encryption in general operate, so I won’t go into the details here… many of which I don’t know. Instead, I’ll simply show you how to do it.

Note that this how-to does not address setting up PKA to work with a remote Windows server. I’ve never done that, and I really don’t plan on ever doing it, so I haven’t bothered to hash out the specifics.

Pre-Flight

Make sure you’re using a Mac with OS X. Make sure that the remote server you’re going to connect to is running sshd, the ssh daemon (it’s pretty standard nowadays). Also ensure that you have a shell (login) account on that remote machine.

Do It

Launch the Terminal application (found in Applications > Utilities).

Start by generating your personal set of keys:

ssh-keygen -b 1024 -t dsa

Then, when prompted, hit enter three times. Check it:

sshkeygen.png

I will leave the explanation of differences between RSA and DSA, as well as the finer points of passphrases, as an exercise for the reader. The above instructions will generate a public and private 1024-bit DSA key with an empty passphrase for you.

It also created a “.ssh” directory in your Home, if you didn’t already have one. Inside, you’ll see two new files: “id_dsa”, and “id_dsa.pub”. You may also see “known_hosts”, but you can ignore that for our purposes here.

Next, you must log into the remote machine using the standard ssh method. In your account’s home directory, create a new directory named “.ssh”, if it doesn’t already exist:

mkdir ./.ssh

Make sure that directory is accessible only to your account:

chmod 700 ./.ssh

Leave this SSH session connected for the time being.

Open another Terminal window, and navigate to the .ssh directory in your Home. Secure copy your “id_dsa.pub” key file to the remote server, providing the remote server’s user account password when prompted:

scp ./id_dsa.pub username@remoteserver:/path/to/home/.ssh/

You can close that Terminal window once the file has transferred. Now back to your SSH session on that remote server. Drop into your .ssh directory:

cd .ssh

There, you’ll see the id_dsa.pub file you just uploaded. Now, add its contents to a file named “authorized_keys”:

cat id_dsa.pub >> authorized_keys

Don’t worry if the “authorized_keys” file doesn’t exist, the command will create one for you. Don’t worry if the “authorized_keys” file already exists, the command will simply add the info from your public key to it. It’ll be fine.

Now, log out of that SSH session, but keep the Terminal window open. Why? Because now you’ll see your new PKA in all its glory.

Connect to that remote machine again using SSH. Boom. Instant authentication.

Advertisements

6 thoughts on “How to Set Up Public Key Authentication (PKA) on your Mac

  1. The process to use multiple private keys (from different user accounts and/or machines) is essentially the same. Upload it to the remote server & append it to the “authorized_keys” file for that user using “cat” as described here.

    As for KeyStore… I have no idea what you’re talking about.

  2. I was using Terminal & Iterm since almost 6months. I use to type my password every time. I followed the steps which you have mentioned. It helped. Thanks you very much for your article. Going forward it will a lot of time for me …. :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s