I am going to show you a few twists and turns for using SSH to log into a Linux server from macOS. I am going to use my Pair Networks shared host as an example. I like having shell access to my web host, which is one of the great features that Pair offers. In addition to SSH, you can also use SFTP to transfer files. Once you have set up SSH, SFTP should work automatically if you so desire to use it. By setup, I mean being able to log in to the server without having to enter a password every time.
If you search the net, you will find a lot of articles about using SSH (Secure Shell Protocol). I am going to try to focus on some nuances when using it between macOS and Linux. Also, my focus includes using the command line via the macOS Terminal App. If this sounds interesting to you, please read on.
How to create an ed25519 SSH Key
For “password less” authentication, we need a pair of keys, one private for macOS and one public for Linux. Many net tutorials will focus on using an RSA pair (which will always work). I like using the newer ed25519 keys. You can search the net, but the ed25519 keys are smaller and more secure. The first step is to create our ed25519 key pair:
$ ssh-keygen -t ed25519 -C user@example.com
Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/macuser/.ssh/id_ed25519): /Users/macuser/.ssh/user_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/macuser/.ssh/user_ed25519.
Your public key has been saved in /Users/macuser/.ssh/user_ed25519.pub.
The key fingerprint is:
SHA256:F4kcNrWpJ6kHoe042zt+k7E8qLYgj6yxJwG69v52T5g user@example.com
The key's randomart image is:
+--[ED25519 256]--+
| +.. |
| o + + |
| . o = |
|. o . o . |
|o . o S o |
|o o o++ |
|oo. o oE.= |
|+B...=ooO |
|*+++*==+.+ |
+----[SHA256]-----+
Code language: Shell Session (shell)I like creating a unique file for saving the key. In other words, create a unique key pair for each server that you log into. You will want to create a strong passphrase for an extra level of protection. It can be anything; I like using a password generator to create a long passphrase. The -C option is just a comment. It could be anything, but it is typically an email address.
Now, you don’t want to have to enter that passphrase every time you log into your server, so we will add it to the macOS keychain:
$ ssh-add -K ~/.ssh/user_ed25519
Enter passphrase for /Users/macuser/.ssh/user_ed25519:
Identity added: /Users/macuser/.ssh/user_ed25519 (user@example.com)
Code language: Shell Session (shell)Create a Password-less Login and Server Alias
To ensure that we never have to enter a password again, we will create a macOS SSH config file (~/.ssh/config):
Host *
AddKeysToAgent yes
UseKeychain yes
IdentitiesOnly yes
AddressFamily inet
Host user user.pairserver.com
HostName user.pairserver.com
User user
IdentityFile ~/.ssh/user_ed25519
Code language: Shell Session (shell)Lines 1 – 5 are global options for any host, and lines 7 – 10 are for our specific SSH connection that we just created. You can read all about these SSH config options by doing man ssh_config. You can add additional host entries as needed. In addition to specifying our host name on line 7, we also created a short name, alias, for our host. You can list one or more names/aliases on this line. Name them what ever you want to call them. The next line, HostName, specifies the routable name for your host.
Because I did not use the default identity file (id_ed25519), I set the IdentifyFile option.
My Pair Networks host just supports IPv4 SSH access, so I specify that with the AddressFamily inet option.
Install the ed25519 public key on the Linux Server
Now, we are ready to install the public key on our Linux server. Just run this command to install the public key on your Linux server:
$ ssh-copy-id -i ~/.ssh/user_ed25519 user@user.pairserver.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/macuser/.ssh/user_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@user.pairserver.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'user@user.pairserver.com'"
and check to make sure that only the key(s) you wanted were added.
Code language: Shell Session (shell)As the command output suggested, verify that you can login to your server. You can verify that your public key was added to: ~/.ssh/authorized_keys. The ssh-copy-id command with create the directory/file if it didn’t already exist. If you already have an authorized_keys file, it will just add the key to it. BTW, the ssh-copy-id command didn’t exist on older versions of macOS. I am using macOS Big Sur. It’s been around now for the last several macOS versions.
At this point, you should be able to login to the server without using a password:
$ ssh user@user.pairserver.com
Last login: Tue May 18 16:42:28 2021 from ...
# OR ...
$ ssh user
Last login: Tue May 18 16:53:00 2021 from ...
Code language: Shell Session (shell)Final Thoughts
You should be able to log into your Linux server using a short alias name and no password. Now you can use other SSH related commands such as scp or rsync to easily copy files using the server alias, for example:
$ scp user:~/backup/my_wordpress_db.sql .
my_wordpress_db.sql 100% 2925KB 10.1MB/s 00:00
Code language: Shell Session (shell)