Altoplace

Connect macOS to Linux via SSH

(Updated: )
Tags:
Sailing ship.
Image by Michelle Maria from Pixabay .

I am going to show you show you how I use SSH to log into a Linux server from macOS. I am going to use my Pair Networks shared host as an example. I like having shell access to my web host, which is one of the great features that Pair offers. In addition to SSH, you can also use scp to transfer files. Once you have set up SSH, scp should work automatically if you so desire to use it. By setup, I mean being able to log in to the server without having to enter a password every time.

If you search the net, you will find a lot of articles about using SSH (Secure Shell Protocol). I am going to try to focus on some nuances when using it between macOS and Linux. Also, my focus includes using the command line via the macOS Terminal App. If this sounds interesting to you, please read on.

This post is for macOS Sonoma (or later). I am using “altopl” as an example Pair Networks user. This is not my real user name.

How to create an ed25519 SSH Key Pair

For “password-less” authentication, we need a pair of keys, one private for macOS and one public for Linux. Many net tutorials will focus on using an RSA pair (which will always work). I like using the newer ed25519 keys. You can search the net, but the ed25519 keys are smaller and more secure. The first step is to create the ed25519 key pair:

$ ssh-keygen -q -t ed25519 -C "altopl1" -f ~/.ssh/altopl1
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

I like creating a unique file for saving the SSH key. The ~/.ssh/altopl1 file stores the private key. You will find the public key in ~/.ssh/altopl1.pub. You can create a unique key pair for each server that you log into. The -C option is just a comment. It can be anything; it should be something that is meaningful like a system name or email address. You will want to create a strong passphrase for an extra level of protection. It can be anything; I like using a password generator to create a long passphrase. Assuming that you have Homebrew installed on your Mac, you can generate a passphrase by doing:

$ brew install pwgen
$ pwgen -s 64 1
G4g7Hr0uERzXh8UZxqsoUI88yjk1s9s2Zlg2uOGtCxYtjR8q30oXqaKSGemDN5Oc

Now, you don’t want to have to enter that passphrase every time you log into your server. You can add it to the macOS keychain:

$ ssh-add --apple-use-keychain ~/.ssh/altopl1
Enter passphrase for /Users/george/.ssh/altopl1:
Identity added: /Users/george/.ssh/altopl (altopl1)

Create a Password-less Login and Server Alias

To ensure that we never have to enter a password again, you can create a macOS SSH config file (~/.ssh/config):

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentitiesOnly yes
  AddressFamily inet

Host altopl1.pairserver.com altopl1
  HostName altopl1.pairserver.com
  Port 22
  User altopl1
  IdentityFile ~/.ssh/altopl1

Lines 1 - 5 are global options for any host, and lines 7 - 11 are for the specific SSH connection that I just created. You can read all about these SSH config options by doing man ssh_config. You can add additional host entries as needed. In addition to specifying the host name on line 7, I also created a short name (altopl), which is an alias for my host. You can list one or more names/aliases on this line. Name them whatever you want to call them. The next line, HostName, specifies the routable name for my Pair Networks host.

Because I did not use the default identity file (id_ed25519), I set the IdentifyFile option.

My Pair Networks host only supports IPv4 SSH access, so I specify that with the AddressFamily inet option.

Install the ed25519 public key on the Linux Server

Now, I am ready to install the public key on my Linux server. Just run this command to install the public key on your Linux server:

$ ssh-copy-id -i ~/.ssh/altopl1 altopl1@altopl1.pairserver.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/george/.ssh/altopl1.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
altopl1@altopl1.pairserver.com's password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'altopl1@altopl1.pairserver.com'"
and check to make sure that only the key(s) you wanted were added.

As the command output suggested, verify that you can login to your server. You can verify that your public key was added to: ~/.ssh/authorized_keys. The ssh-copy-id command with create the directory/file if it didn’t already exist. If you already have an authorized_keys file, it will just add the key to it. BTW, the ssh-copy-id command didn’t exist on older versions of macOS. I am using macOS Sonoma. It’s been around now for the last several macOS versions.

At this point, you should be able to login to the server without using a password:

$ ssh altopl1@altopl1.pairserver.com
Last login: Tue Feb 18 16:42:28 2024 from ...

# OR using my alias ...

$ ssh altopl1                     
Last login: Tue Feb 18 16:53:00 2024 from ...

Final Thoughts

You should be able to log into your Linux server using a short alias name and no password. You can now use other SSH related commands such as scp or rsync to easily copy files using the server alias, for example:

$ scp altopl1:~/backup/my_wordpress_db.sql .
my_wordpress_db.sql                 100% 2925KB  10.1MB/s   00:00
Updated: April 9, 2024
Created: May 18, 2021