Since I’m on such a roll with the Mac How-To’s… hell, why not another one?
This one’s aimed at the Mac users who find themselves messing about in the Terminal app doing various things on the command line. Granted, not your average Mac user, but still…
I mentioned public key authentication (PKA) in my previous post, saying that having it “set up is optional, but will make the process a bit more convenient”. But someone who isn’t familiar with PKA won’t know exactly how it makes things convenient.
The simple answer is: You won’t have to type your password when connecting to another machine when doing something over SSH, such as: ssh, sftp, scp, rsync, and secure port forwarding.
The Web offers many explanations of how PKA and SSH encryption in general operate, so I won’t go into the details here… many of which I don’t know. Instead, I’ll simply show you how to do it.
Note that this how-to does not address setting up PKA to work with a remote Windows server. I’ve never done that, and I really don’t plan on ever doing it, so I haven’t bothered to hash out the specifics.
Make sure you’re using a Mac with OS X. Make sure that the remote server you’re going to connect to is running sshd, the ssh daemon (it’s pretty standard nowadays). Also ensure that you have a shell (login) account on that remote machine.
Launch the Terminal application (found in Applications > Utilities).
Start by generating your personal set of keys:
ssh-keygen -b 1024 -t dsa
Then, when prompted, hit enter three times. Check it:
I will leave the explanation of differences between RSA and DSA, as well as the finer points of passphrases, as an exercise for the reader. The above instructions will generate a public and private 1024-bit DSA key with an empty passphrase for you.
It also created a “.ssh” directory in your Home, if you didn’t already have one. Inside, you’ll see two new files: “id_dsa”, and “id_dsa.pub”. You may also see “known_hosts”, but you can ignore that for our purposes here.
Next, you must log into the remote machine using the standard ssh method. In your account’s home directory, create a new directory named “.ssh”, if it doesn’t already exist:
Make sure that directory is accessible only to your account:
chmod 700 ./.ssh
Leave this SSH session connected for the time being.
Open another Terminal window, and navigate to the .ssh directory in your Home. Secure copy your “id_dsa.pub” key file to the remote server, providing the remote server’s user account password when prompted:
scp ./id_dsa.pub username@remoteserver:/path/to/home/.ssh/
You can close that Terminal window once the file has transferred. Now back to your SSH session on that remote server. Drop into your .ssh directory:
There, you’ll see the id_dsa.pub file you just uploaded. Now, add its contents to a file named “authorized_keys”:
cat id_dsa.pub >> authorized_keys
Don’t worry if the “authorized_keys” file doesn’t exist, the command will create one for you. Don’t worry if the “authorized_keys” file already exists, the command will simply add the info from your public key to it. It’ll be fine.
Now, log out of that SSH session, but keep the Terminal window open. Why? Because now you’ll see your new PKA in all its glory.
Connect to that remote machine again using SSH. Boom. Instant authentication.