Copy ssh key mac os

Ssh-copy-id for copying SSH keys to servers

ssh-copy-id installs an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.

The ssh-copy-id tool is part of OpenSSH .

Contents

Setting up public key authentication

Key based authentication in SSH is called public key authentication . The purpose of ssh-copy-id is to make setting up public key authentication easier. The process is as follows.

Generate an SSH Key

With OpenSSH , an SSH key is created using ssh-keygen . In the simplest form, just run ssh-keygen and answer the questions. The following example illustates this.

Creating a key pair (public key and private key) only takes a minute. The key files are usually stored in the

Copy the key to a server

Once an SSH key has been created, the ssh-copy-id command can be used to install it as an authorized key on the server. Once the key has been authorized for SSH, it grants access to the server without a password.

Use a command like the following to copy SSH key:

This logs into the server host, and copies keys to the server, and configures them to grant access by adding them to the authorized_keys file. The copying may ask for a password or other authentication for the server.

Only the public key is copied to the server. The private key should never be copied to another machine.

Test the new key

Once the key has been copied, it is best to test it:

The login should now complete without asking for a password. Note, however, that the command might ask for the passphrase you specified for the key.

Troubleshooting

There are a number of reasons why the test might fail:

The server might not be configured to accept public key authentication. Make sure /etc/ssh/sshd_config on the server contains PubkeyAuthentication yes . Remember to restart the sshd process on the server.

If trying to login as root , the server might not be configured to allow root logins. Make sure /etc/sshd_config includes PermitRootLogin yes , PermitRootLogin prohibit-password , or without-password . If it is set to forced-commands-only , the key must be manually configured to use a forced command (see command= option in

Make sure the client allows public key authentication. Check that /etc/ssh/config includes PubkeyAuthentication yes .

Try adding -v option to the ssh command used for the test. Read the output to see what it says about whether the key is tried and what authentication methods the server is willing to accept.

OpenSSH only allows a maximum of five keys to be tried authomatically. If you have more keys, you must specify which key to use using the -i option to ssh .

How ssh-copy-id works

ssh-copy-id uses the SSH protocol to connect to the target host and upload the SSH user key. The command edits the authorized_keys file on the server. It creates the .ssh directory if it doesn’t exist. It creates the authorized keys file if it doesn’t exist. Effectively, ssh key copied to server.

It also checks if the key already exists on the server. Unless the -f option is given, each key is only added to the authorized keys file once.

It further ensures that the key files have appropriate permissions. Generally, the user’s home directory or any file or directory containing keys files should not be writable by anyone else. Otherwise someone else could add new authorized keys for the user and gain access. Private key files should not be readable by anyone else.

Some best practices for SSH keys

SSH keys are very useful, but can lead to problems if they are not properly managed. They are access credentials just like user names and passwords. If they are not properly removed when people leave or systems are decommissioned, no-one may any longer know who really has access to which systems and data. Many large organizations have ended up having millions of SSH keys.

Use a passphrase when possible

It is recommended that keys used for single sign-on have a passphrase to prevent use of the key if it is stolen or inadvertatly leaked. The ssh-agent and ssh-add programs can be used to avoid having to enter the passphrase every time the key is used.

Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes. They allow shell scripts, programs, and management tools to log into servers unattended. This is often used for backups and data transfers between information systems.

Add a command restriction when possible

The copy-id tool does not automatically add command restrictions to keys. Using command restrictions is highly recommended when the key is used for automating operations, such as running a report for fetching some files. A command restriction is basically a command=»

» option added to the beginning of the line in the server’s authorized_keys file.

Managing SSH keys

Anyone having more than a few dozen servers is strongly recommended to manage SSH keys . Not managing the keys exposes the organization to substantial risks, including loss of confidentiality, insertion of fraudulent transactions, and outright destruction of systems.

The copy-id tool can be dangerous. It can easily accidentally install multiple keys or unintended keys as authorized. The logic for choosing which key to install is convoluted. Extra authorized keys grant permanent access. They can later be used to spread attacks host-to-host, and the more keys there are, the higher the risk. It also violates all regulatory compliance requirements .

The Universal SSH Key Manager is a widely used product for managing SSH keys.

Command-line options

The sample below presents ssh-copy-id command line syntax:

The options have the following meaning:

-f Don’t check if the key is already configured as an authorized key on the server. Just add it. This can result in multiple copies of the key in authorized_keys files.

-i Specifies the identity file that is to be copied (default is

/.ssh/id_rsa ). If this option is not provided, this adds all keys listed by ssh-add -L . Note: it can be multiple keys and adding extra authorized keys can easily happen accidentally! If ssh-add -L returns no keys, then the most recently modified key matching

/.ssh/id*.pub , excluding those matching

/.ssh/*-cert.pub , will be used.

-n Just print the key(s) that would be installed, without actually installing them.

-o ssh_option Pass -o ssh_option to the SSH client when making the connection. This can be used for overriding configuration settings for the client. See ssh command line options and the possible configuration options in ssh_config .

-p port Connect to the specifed SSH port on the server, instead of the default port 22.

-h or -? Print usage summary.

Ssh-copy-id on Mac

While MacOS includes SSH, it does not include ssh-copy-id out of the port. However, according to some sources MacOS 10.12.4 includes it, and presumably newever versions include it as well.

You can test whether your Mac has it by opening a terminal window (Finder / Go / Utilities / Terminal) and typing ssh-copy-id .

If your system does not have it, there are many ways to install ssh-copy-id Mac version.

Installation using Homebrew

To install it using Homebrew, use the following command. You need to have the brew command installed.

Installation from MacPorts

The following command will install it using MacPorts. You need to have the port command installed.

Installation using Curl

The following command can be used to install a Mac version directly. Note that as a general rule we do not recommend piping any commands from the network to the shell, like this does. Only use this method if you fully trust the source. The advantage of this method is that it does not need any special software — curl comes preinstalled.

Together with our customers, our mission is to secure their digital business on on-premises, cloud, and hybrid ecosystems cost-efficiently, at scale, and without disruptions to their operations or business continuity.

Источник

Manually generating your SSH key in macOS

You generate an SSH key through macOS by using the Terminal application. Once you upload a valid public SSH key, the Triton Compute Service uses SmartLogin to copy the public key to any new SmartMachine you provision.

Joyent recommends RSA keys because the node-manta CLI programs work with RSA keys both locally and with the ssh agent. DSA keys will work only if the private key is on the same system as the CLI, and not password-protected.

About Terminal

Terminal is the terminal emulator which provides a text-based command line interface to the Unix shell of macOS.

To open the macOS Terminal, follow these steps:

1. In Finder, choose Utilities from the Applications folder.
2. Find Terminal in the Utilities listw.
3. Open Terminal.

The Terminal window opens with the commandline prompt displaying the name of your machine and your username.

Generating an SSH key

An SSH key consists of a pair of files. One is the private key, which should never be shared with anyone. The other is the public key. The other file is a public key which allows you to log into the containers and VMs you provision. When you generate the keys, you will use ssh-keygen to store the keys in a safe location so you can bypass the login prompt when connecting to your instances.

To generate SSH keys in macOS, follow these steps:

Enter the following command in the Terminal window.

This starts the key generation process. When you execute this command, the ssh-keygen utility prompts you to indicate where to store the key.

Press the ENTER key to accept the default location. The ssh-keygen utility prompts you for a passphrase.

Type in a passphrase. You can also hit the ENTER key to accept the default (no passphrase). However, this is not recommended.

You will need to enter the passphrase a second time to continue.

After you confirm the passphrase, the system generates the key pair.

Your private key is saved to the id_rsa file in the .ssh directory and is used to verify the public key you use belongs to the same Triton Compute Service account.

	Never share your private key with anyone!

Your public key is saved to the id_rsa.pub ;file and is the key you upload to your Triton Compute Service account. You can save this key to the clipboard by running this:

Importing your SSH key

Now you must import the copied SSH key to the portal.

1. After you copy the SSH key to the clipboard, return to your account page.
2. Choose to Import Public Key and paste your SSH key into the Public Key field.
3. In the Key Name field, provide a name for the key. Note: although providing a key name is optional, it is a best practice for ease of managing multiple SSH keys.
4. Add the key. It will now appear in your table of keys under SSH.

Troubleshooting

You may see a password prompt like this:

This is because:

• You did not enter the correct passphrase.
• The private key on your Macintosh ( id_rsa ) does not match the public key stored with your Triton Compute Service account.
• The public key was not entered correctly in your Triton account.

What are my next steps?

In order to use the Terminal to create instances, set up triton and CloudAPI as well as the triton-docker commandline tool.

Источник

How do I get an SSH Public Key on Mac?

11th April 2019 by Ricki Larkin

.So you have been to asked for your Public SSH Key? We are here with a quick guide into getting hold of one on your Mac!

Step 1 – Open Terminal

There are many options of running the SSH public key on Macs. However we recommend running this from the terminal command line as this is the easiest.

To get started, you need to open the Terminal application which is found in Applications > Utilities > Directory, but you can also launch this by hitting cmd+spacebar and typing “Terminal” into the search box and then return.

Once open you will be greeted with a window where your cursor is just after a $ symbol. This means you are ready to go!

Step 2 – Generate Your SSH Keys

Now you are ready to type, enter the following command and hit enter:

ssh-keygen -t rsa -b 4096

If this works, you will be asked where to save your keys, the default location is fine so you can just hit enter again. Please be aware that if you enter a location other than default then the code in Step 3 will change to the location you specified.

Next you will be prompted to enter a passphrase. This can be anything you wish but please remember it as you will need to confirm it immediately after.

That’s it! Your keys have been generated, now how to you get hold of them? You’ll still need this Terminal window, so keep it open for now.

Step 3 – Save your Private Key, send your Public Key

Your Private Key will live forever at location you specified in Step 2. You should NEVER share your Private Key, so keep it a secret!

Your Public Key needs to be sent over to us so we can set you up with access. In order to copy your Public Key so you can paste it into an email, simply enter the following command in your Terminal window and hit enter:

You should now have your Public Key on your clipboard. Now head over to your email client, paste into the email content and send it over.

Once we’ve received your Public Key, our server technicians can set you up with access to the server and talk you through how to connect.

If you need any further assistance, please contact your account manager by raising a support ticket or calling the office on 01785 279920.

Источник