I am going to show you a few twists and turns for using SSH to log into a Linux server from macOS. I am going to use my Pair Networks shared host as an example. I like having shell access to my web host, which is one of the great features that Pair offers. In addition to SSH, you can also use SFTP to transfer files. Once you have set up SSH, SFTP should work automatically if you so desire to use it. By setup, I mean being able to log in to the server without having to enter a password every time.
If you search the net, you will find a lot of articles about using SSH (Secure Shell Protocol). I am going to try to focus on some nuances when using it between macOS and Linux. Also, my focus includes using the command line via the macOS Terminal App. If this sounds interesting to you, please read on.
How to create an ed25519 SSH Key
For “password less” authentication, we need a pair of keys, one private for macOS and one public for Linux. Many net tutorials will focus on using an RSA pair (which will always work). I like using the newer ed25519 keys. You can search the net, but the ed25519 keys are smaller and more secure. The first step is to create our ed25519 key pair:
$ ssh-keygen -t ed25519 -C firstname.lastname@example.org Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/macuser/.ssh/id_ed25519): /Users/macuser/.ssh/user_ed25519 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/macuser/.ssh/user_ed25519. Your public key has been saved in /Users/macuser/.ssh/user_ed25519.pub. The key fingerprint is: SHA256:F4kcNrWpJ6kHoe042zt+k7E8qLYgj6yxJwG69v52T5g email@example.com The key's randomart image is: +--[ED25519 256]--+ | +.. | | o + + | | . o = | |. o . o . | |o . o S o | |o o o++ | |oo. o oE.= | |+B...=ooO | |*+++*==+.+ | +----[SHA256]-----+
I like creating a unique file for saving the key. In other words, create a unique key pair for each server that you log into. You will want to create a strong passphrase for an extra level of protection. It can be anything; I like using a password generator to create a long passphrase. The
-C option is just a comment. It could be anything, but it is typically an email address.
Now, you don’t want to have to enter that passphrase every time you log into your server, so we will add it to the macOS keychain:
$ ssh-add -K ~/.ssh/user_ed25519 Enter passphrase for /Users/macuser/.ssh/user_ed25519: Identity added: /Users/macuser/.ssh/user_ed25519 (firstname.lastname@example.org)
Create a Password-less Login and Server Alias
To ensure that we never have to enter a password again, we will create a macOS SSH config file (
Host * AddKeysToAgent yes UseKeychain yes IdentitiesOnly yes AddressFamily inet Host user user.pairserver.com HostName user.pairserver.com User user IdentityFile ~/.ssh/user_ed25519
Lines 1 - 5 are global options for any host, and lines 7 - 10 are for our specific SSH connection that we just created. You can read all about these SSH config options by doing
man ssh_config. You can add additional host entries as needed. In addition to specifying our host name on line 7, we also created a short name, alias, for our host. You can list one or more names/aliases on this line. Name them what ever you want to call them. The next line,
HostName, specifies the routable name for your host.
Because I did not use the default identity file (id_ed25519), I set the
My Pair Networks host just supports IPv4 SSH access, so I specify that with the
AddressFamily inet option.
Install the ed25519 public key on the Linux Server
Now, we are ready to install the public key on our Linux server. Just run this command to install the public key on your Linux server:
$ ssh-copy-id -i ~/.ssh/user_ed25519 email@example.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/macuser/.ssh/user_ed25519.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys firstname.lastname@example.org's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'email@example.com'" and check to make sure that only the key(s) you wanted were added.
As the command output suggested, verify that you can login to your server. You can verify that your public key was added to:
~/.ssh/authorized_keys. The ssh-copy-id command with create the directory/file if it didn’t already exist. If you already have an
authorized_keys file, it will just add the key to it. BTW, the ssh-copy-id command didn’t exist on older versions of macOS. I am using macOS Big Sur. It’s been around now for the last several macOS versions.
At this point, you should be able to login to the server without using a password:
$ ssh firstname.lastname@example.org Last login: Tue May 18 16:42:28 2021 from ... # OR ... $ ssh user Last login: Tue May 18 16:53:00 2021 from ...
You should be able to log into your Linux server using a short alias name and no password. Now you can use other SSH related commands such as scp or rsync to easily copy files using the server alias, for example:
$ scp user:~/backup/my_wordpress_db.sql . my_wordpress_db.sql 100% 2925KB 10.1MB/s 00:00