In the following article, we’re going to run through the process of creating a public/private SSH key-pair in OS X 10.9.
To generate a Certificate Signing Request (CSR) for Apple Mac OS x 10.6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses. Ssh-keygen The utility prompts you to select a location for the keys. By default, the keys are stored in the /.ssh directory with the filenames idrsa for the private key and idrsa.pub for the public key. This will step you through the process of generating a SSH keypair on Mac OS X. Begin by opening your Terminal, generally found in the 'Utilities' subdirectory of your 'Applications' directory. Generating a keypair Before you generate your keypair, come up with a passphrase. The rules for good passwords also apply here: mix of upper and lower case, numbers, spaces and punctuation.
This will create and store both your public and private keys in your /.ssh directory. It will overwrite any existing keys as well. To generate these keys, simply type ssh-keygen -t rsa -b 2048 and follow the prompts. To install the keys to the default location, just press enter when prompted for a file name. To convert the key, see Steps 2 and 3 of the Linux/Mac OS X key creation instructions. If the key was created on a Windows machine, you may need to edit the public key so that it does not contain Windows line endings using a text editor that can convert Windows line endings to UNIX line endings.
Once this is done, we’ll configure our GitHub account to use the public key, create a new repository and finally pull this repository down onto our machine via SSH.
Before setting up an SSH key on our system we first need to install GIT. If you’ve already installed GIT please proceed to the next section - otherwise lets get started.
To install GIT on Mac OS X 10.9, please navigate to the following URL (http://git-scm.com/downloads) and click the “Download for Mac” button.
Fig 1: Download options available at http://git-scm.com/downloads.
Once the *.dmg file has downloaded, double-click the file to mount it and in the new finder window that pops up, double-click on the file “git-1.9.2-intel-universal-snow-leopard.pkg” (the file will have likely changed name somewhat by the time you read this article, but aside from the version number, it should still be quite similar).
If you get the error highlighted in “Fig 2” when trying to open the file simply right-click on the *.pkg file and click “Open”. You should then see a new dialogue window similar to the one displayed in “Fig 3”, which will allow you to continue on to the installation process.
Fig 2: The error an end-user will see when trying to open a non-identified file if the “Allow apps downloaded from” section of “Security & Privacy” is set to “Mac App Store and identified developers” within “System Preferences”.
Fig 3: When right-clicking the *.pkg file and clicking “Open” the end-user is given a soft warning but now, unlike “Fig 2” we're able to bypass this dialogue by clicking “Open”.
The installation process for Git is fairly self explanatory, so I won’t go into too much detail - In a nutshell you will be asked to install Git for all users of the computer (I suggest leaving this at it’s default value) and you’ll be asked if you want to change the location of the installer (unless you have good reason to change the Git install location this should be left to the default value).
Finally, as part of the installation process you’ll be prompted to enter your system password to allow the installer to continue as shown in - type your password and click “Install Software”. If all goes well at the end of the installation process you should see the message “The installation was successful.”. At this stage you can click “Close” to close the installer.
Fig 4: Prior to installation, the GIT installer will require you to enter your system password to allow it to write files to the specified locations.
After the Git installation process we need to open a new instance of the Terminal application. This can be accomplished by opening the finder, clicking the “Applications” shortcut in the sidebar, scrolling to the bottom of the applications listing in the main window, double-clicking “Utilities” and finally double-clicking on “Terminal”.
Pro tip: A much quicker way of accessing the Terminal is by pressing “Cmd+Space” to bring up Spotlight, typing “Terminal” and hitting the enter key. Once you become familiar with Spotlight it becomes indispensable!
Once the Terminal window is open, type “git --version” and hit enter. If you’re running a fresh install of Mac OS X 10.9 at this stage you will likely be shown a message telling you that Developer Tools was not found and a popup will appear requesting that you install the tools. Click “Install” on the first dialogue window and when the next popup is displayed, click “Agree”.
Fig 5: The message most users will receive with a fresh install of OS X 10.9 when typing “git --version” into the terminal.
After the installation of Developer Tools, restart the Terminal application and type the command “git --version” followed by hitting enter. This time you should see the version number of the Git application installed.
Fig 6: Terminal displaying the version number of the installed Git application.
Finally, for the installation and configuration of Git we’re going to configure some user-level settings (specifically your name and email address). These configuration settings will be stored in your home directory in a file named “.gitconfig”.
To configure these settings type the following into the terminal (replacing my name and email address with your own obviously!).
git config --global user.name “Craig Perks”
git config --global user.email “[email protected]”
Once done, type “git config --list' and you should see a list of user configuration settings analogous to those shown in “Fig 7”.
Fig 7: A Terminal instance showing the configuration settings for the logged-in user.
Now that we have Git successfully installed, in the next section, let’s create our public/private key-pair and add them to our GitHub account.
In the Terminal, let’s ensure we’re in our home directory. We can navigate to it by typing the following command in the Terminal:
cd ~/
From here we want to create a folder to store our SSH keys in. My preference here is to store them in a hidden folder called ‘ssh’.
Pro tip: By prefixing a folder or a file name with a dot the you’re essentially saying to the system “Hide this” by default.
To create our SSH directory, type the following command into the Terminal window: mkdir .ssh Next, type the command “cd .ssh“ and hit enter followed by command “pwd”. At this point you should see that you’ve now successfully navigated into the “ssh” folder.
Fig 8: By typing “pwd” into the Terminal we’re shown a literal path to our present working directory, which as displayed is /Users//.ssh.
Now, let’s create our public/private key-pair. Type “ssh-keygen” into the Terminal and hit enter. At this point you’ll be asked to enter a name for your public/private key-pair. This name can be anything, but for this tutorial, I’ll use my first name with a suffix of _rsa.
Fig 9: Creation of a public/private key-pair with the name “craig_rsa.pub/craig_rsa”.
The creation of a passphrase is an optional step, but a recommended one. Enter a passphrase (a short password of your choosing), hit enter and enter the same passphrase again. One your public/private key-pair has been generated, you’ll see a message similar to the one highlighted in “Fig 10”.
Fig 10: The message shown to an end-user upon successful creation of a public/private key-pair.
Now we have a public/private key-pair, we want to add our newly created key to the ssh-agent. This can be achieved by typing the following command (remembering to amend the private key file name with your own file):
ssh-add -K ~/.ssh/craig_rsa
If you created a passphrase in the previous step, you’ll be prompted to enter your passphrase now. If you successfully add your key to the agent you’ll see a message similar to the following “Identity added: /Users/craigperks/.ssh/craig_rsa (/Users/craigperks/.ssh/craig_rsa)”.
Once your key is added to the ssh-agent, type the command “ssh-add -l” into the Terminal and you’ll see it displayed in the list of known keys.
Fig 11: Our newly created key listed in the ssh-agent.
Now we have our public/private key-pair successfully created, let’s add our public key to our GitHub account, create a repository and clone the repository.
I’m not going to go through the GitHub registration in this guide. If you haven’t already done so, register an account on http://github.com and log-in.
Before we do anything on the GitHub website, we want to copy our public key. To do so, type the following command in the Terminal window (again substituting “craig_rsa” for whatever name you decided to give your key-pair”): pbcopy < ~/.ssh/craig_rsa.pub
Once done, navigate over to GitHub and click the “Account Settings” icon in the toolbar as pictured.
Fig 12: The “Account Settings” icon as shown to logged-in GitHub users.
On the “Account Settings” page “SSH keys” should be listed in the left-hand sidebar. Click it and on the next page that loads click “Add SSH key”.
Fig 13: The “Add SSH key” button, which allows you to add public keys to your GitHub account.
On the next page, give your key a name and paste the contents of your key (that we previously copied with the pbcopy command) into the “Key” field.
Note: Although I’m showing the contents of a public key here, it’s a dummy key and will be deleted upon completion of this guide. You should only share your public key with trusted sources.
Fig 14: Form displayed to GitHub account holders when adding a new key to the site.
Now we have our public key loaded into Git, let’s create a new repository, by clicking the “+” icon displayed next to our username (located in the top-right of the toolbar when logged in). From the menu that pops-up, click “New repository” and you’ll be directed to https://github.com/new.
From here, give the repository a name of “test” and ensure “Initialize this repository with a README” is checked.
Fig 15: Page displayed to GitHub account holders when creating a new repository.
Finally click the “Create repository” button.
In the right-hand sidebar that is displayed on your newly created repository, “SSH clone URL” should be visible.
Fig 16: SSH clone URL link, which allows users to clone the Git repository.
Click the “copy to clipboard” icon under “SSH clone URL” and return to the Terminal application.
Type the command “cd ~/Desktop” into the Terminal window and hit enter. Now that we’re in the Desktop folder in the Terminal type the command “mkdir git” and hit enter. If you go to your Mac OS X desktop at this point you’ll see that a folder called “git” has been created.
Back in the Terminal window type “cd git” to move into this directory. Finally type “git clone” followed by pasting the code copied from the GitHub repository “SSH clone URL” into the Terminal window (for me this would be: git clone [email protected]:craigweb/test.git). Hit enter when you’re ready and the repository will begin to clone.
If you’ve never cloned a repository from GitHub before, you may receive the message “The authenticity of the host ‘github.com (192.30.252.129)’ can’t be established” to continue type “yes” and hit enter and GitHub.com will be added to the list of known hosts.
Finally once the cloning is complete, type “cd test” to navigate into the newly created repository directory and finally type “ls -la” to display a listing of the folder (including hidden files).
To then obtain the matching public key, you need to use openssl rsa, supplying the same passphrase with the -passin parameter as was used to encrypt the private key: openssl rsa -passin file:passphrase.txt -pubout (This expects the encrypted private key on standard input. The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. A password-less RSA private key in server.key. Openssl req -nodes -new -x509 -keyout server.key -out server.cert Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. Openssl generate key no passphrase registration.
If you see README.md listed, you’ve just successfully cloned your Git repository!!
Fig 17: Our successfully cloned Git repository displaying its contents.
--
If you spot an error in this tutorial, or have any questions, please feel free to get in touch with me on Twitter at @craigperks.
How do I generate ssh keys under Linux / UNIX / Mac OS X and *BSD operating systems for remote login?The ssh-keygen command generates, manages and converts authentication keys for ssh client and server usage. Type the following command to generate ssh keys (open terminal and type the command):$ ssh-keygen
Generate SSH keys looks as follows:
The above command creates ~/.ssh/ directory. So if your user name is vivek, than all files are stored in /home/vivek/.ssh/ or $HOME/.ssh/ directory as follows:
Please note that the passphrase must be different from your current password and do not share keys or passphrase with anyone. Also, make sure you have correct and secure permissions on $HOME/.ssh/ directory:
You need to copy $HOME/.ssh/id_rsa.pub file to remote server so that you can login using keys instead of the password. Use any one of the following command to copy key to remote server called vpn22.nixcraft.net.in for vivek user:ssh-copy-id [email protected]
On some *nix system such as OS X ssh-copy-id command may not be installed, use the following commands (when prompted provide the password for remote user account called vivek) to install/append the public key on remote host:ssh [email protected] 'umask 077; mkdir .ssh'
cat $HOME/.ssh/id_rsa.pub ssh [email protected] 'cat >> .ssh/authorized_keys'
To login simply type:ssh [email protected]
The following command will help to remember passphraseexec ssh-agent $SHELL
ssh-add
ssh [email protected]
The following syntax specifies the 4096 of bits in the RSA key to creation (default 2048):ssh-keygen -t rsa -b 4096 -f ~/.ssh/aws.key -C 'My AWs cloud key'
Where,
Now install the ~/.ssh/aws.key, run:ssh-copy-id -i ~/.ssh/aws.key user@aws-server-ip
Test it with the ssh command:ssh -i ~/.ssh/aws.key ec2-user@aws-server-ip
See “How To Set up SSH Keys on a Linux / Unix System” for more info.
You learned how to create and generate ssh keys using the ssh-keygen command.
ADVERTISEMENTS