Connect macOS to Linux via SSH

Sailing ship.

Overview

I am going to show you a few twists and turns for using SSH to log into a Linux server from macOS. I am going to use my Pair Networks shared host as an example. I like having shell access to my web host, which is one of the great features that Pair offers. In addition to SSH, you can also use SFTP to transfer files. Once you have set up SSH, SFTP should work automatically if you so desire to use it. By setup, I mean being able to log in to the server without having to enter a password every time.

If you search the net, you will find a lot of articles about using SSH (Secure Shell Protocol). I am going to try to focus on some nuances when using it between macOS and Linux. Also, my focus includes using the command line via the macOS Terminal App. If this sounds interesting to you, please read on.

How to create an ed25519 SSH Key

For "password less" authentication, we need a pair of keys, one private for macOS and one public for Linux. Many net tutorials will focus on using an RSA pair (which will always work). I like using the newer ed25519 keys. You can search the net, but the ed25519 keys are smaller and more secure. The first step is to create our ed25519 key pair:

 1$ ssh-keygen -t ed25519 -C user@example.com
 2Generating public/private ed25519 key pair.
 3Enter file in which to save the key (/Users/macuser/.ssh/id_ed25519): /Users/macuser/.ssh/user_ed25519
 4Enter passphrase (empty for no passphrase): 
 5Enter same passphrase again: 
 6Your identification has been saved in /Users/macuser/.ssh/user_ed25519.
 7Your public key has been saved in /Users/macuser/.ssh/user_ed25519.pub.
 8The key fingerprint is:
 9SHA256:F4kcNrWpJ6kHoe042zt+k7E8qLYgj6yxJwG69v52T5g user@example.com
10The key's randomart image is:
11+--[ED25519 256]--+
12|        +..      |
13|       o + +     |
14|      . o =      |
15|.    o . o .     |
16|o   . o S o      |
17|o    o o++       |
18|oo. o oE.=       |
19|+B...=ooO        |
20|*+++*==+.+       |
21+----[SHA256]-----+

I like creating a unique file for saving the key. In other words, create a unique key pair for each server that you log into. You will want to create a strong passphrase for an extra level of protection. It can be anything; I like using a password generator to create a long passphrase. The -C option is just a comment. It could be anything, but it is typically an email address.

Now, you don't want to have to enter that passphrase every time you log into your server, so we will add it to the macOS keychain:

1$ ssh-add -K ~/.ssh/user_ed25519   
2Enter passphrase for /Users/macuser/.ssh/user_ed25519: 
3Identity added: /Users/macuser/.ssh/user_ed25519 (user@example.com)

Create a Password-less Login and Server Alias

To ensure that we never have to enter a password again, we will create a macOS SSH config file (~/.ssh/config):

 1Host *
 2  AddKeysToAgent yes
 3  UseKeychain yes
 4  IdentitiesOnly yes
 5  AddressFamily inet
 6
 7Host user user.pairserver.com
 8  HostName user.pairserver.com
 9  User user
10  IdentityFile ~/.ssh/user_ed25519

Lines 1 - 5 are global options for any host, and lines 7 - 10 are for our specific SSH connection that we just created. You can read all about these SSH config options by doing man ssh_config. You can add additional host entries as needed. In addition to specifying our host name on line 7, we also created a short name, alias, for our host. You can list one or more names/aliases on this line. Name them what ever you want to call them. The next line, HostName, specifies the routable name for your host.

Because I did not use the default identity file (id_ed25519), I set the IdentifyFile option.

My Pair Networks host just supports IPv4 SSH access, so I specify that with the AddressFamily inet option.

Install the ed25519 public key on the Linux Server

Now, we are ready to install the public key on our Linux server. Just run this command to install the public key on your Linux server:

 1$ ssh-copy-id -i ~/.ssh/user_ed25519 user@user.pairserver.com
 2/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/macuser/.ssh/user_ed25519.pub"
 3/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 4/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 5user@user.pairserver.com's password: 
 6
 7Number of key(s) added:        1
 8
 9Now try logging into the machine, with:   "ssh 'user@user.pairserver.com'"
10and check to make sure that only the key(s) you wanted were added.

As the command output suggested, verify that you can login to your server. You can verify that your public key was added to: ~/.ssh/authorized_keys. The ssh-copy-id command with create the directory/file if it didn't already exist. If you already have an authorized_keys file, it will just add the key to it. BTW, the ssh-copy-id command didn't exist on older versions of macOS. I am using macOS Big Sur. It's been around now for the last several macOS versions.

At this point, you should be able to login to the server without using a password:

1$ ssh user@user.pairserver.com
2Last login: Tue May 18 16:42:28 2021 from ...
3
4# OR ...
5
6$ ssh user                     
7Last login: Tue May 18 16:53:00 2021 from ...

Final Thoughts

You should be able to log into your Linux server using a short alias name and no password. Now you can use other SSH related commands such as scp or rsync to easily copy files using the server alias, for example:

1$ scp user:~/backup/my_wordpress_db.sql .
2my_wordpress_db.sql                                                              100% 2925KB  10.1MB/s   00:00