I am going to describe how I set up my pair Networks SSH key authentication. To be more specific, this post will describe how to use SSH to login without having to enter your pair Networks password. I use the Terminal App on my Mac to open up a bash shell window. This capability is really useful for running bash scripts on your Mac to access your pair Networks shell account. When we are done, your will be able to do, for example (replace user1 with your pair Networks username, and, of course, replace “george” with your local username):
$ ssh email@example.com $ scp files firstname.lastname@example.org:user-directory $ rsync email@example.com:/usr/home/user1 /Users/george/Documents/folder
… without having to enter a password. Here is an example of logging in from a Mac terminal window:
george@imac1: /Users/george ==> ssh firstname.lastname@example.org Last login: Thu Dec 13 16:08:35 2018 from x.x.x.x Welcome to pair Networks, Inc. ... o o o user1@www2: /usr/home/user1 ==>
Your shell access is still secure. We are using an SSH Key that automatically logs us in instead of using a password.
Before I go any further, I want to note that I have changed my default pair Networks shell from csh to bash.
I will be using the ed25519 SSH key algorithm. I am not the expert, but I believe that it’s the current recommended public-key algorithm. The RSA algorithm is very popular; if you choose to use it, be sure to use the 4096-bit key length. The ed25519 public-key is compact, faster, and more secure than the RSA public key. Please feel free to do your own research, and reach your own conclusions.
This is how I set up my pair Networks SSH key authentication. I am using MacOS Mojave, 10.14.x. I assume that you have some command line experience, but I do try explain as much as possible. Please leave a comment if you have any questions.
First, use ssh-keygen to create the public/private SSH key pair as shown by this example:
george@imac1: /Users/george ==> ssh-keygen -t ed25519 -C email@example.com Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/george/.ssh/id_ed25519): /Users/george/.ssh/user1_ed25519 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/george/.ssh/user1_ed25519. Your public key has been saved in /Users/george/.ssh/user1_ed25519.pub. The key fingerprint is: o o o
Of course, use your own email address for the “comment” section. You can use the default file to store your key pair in ~/george/.ssh, or create a unique file as the example shows. You will most likely over time create multiple key pairs for different hosts. I like doing this for the same reasons why each host should have a unique password to login with.
You don’t have to enter a passphrase, but I highly recommend it. We will securely install the passphrase in the Mac keychain, so you only have to enter it once (as noted below).
Save the passphrase in the macOS keychain:
george@imac1: /Users/george ==> ssh-add -K ~/.ssh/user1_ed25519 Enter passphrase for /Users/george/.ssh/user1_ed25519: Identity added: /Users/george/.ssh/user1_ed25519 (firstname.lastname@example.org)
Now, install the public key on your pair Networks server:
george@imac1: /Users/george ==> ssh-copy-id -i ~/.ssh/user1_ed25519.pub email@example.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/george/.ssh/user1_ed25519.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys firstname.lastname@example.org's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'email@example.com'" and check to make sure that only the key(s) you wanted were added.
This creates (or updates) a file called ~/.ssh/authorized_keys. This file contains your public key.
We’re almost done! We want to create (or update) an SSH config file on our Mac:
george@imac1: /Users/george ==> vi ~/.ssh/config george@imac1: /Users/george ==> cat ~/.ssh/config Host * AddKeysToAgent yes UseKeychain yes AddressFamily inet Host user1.pairserver.com user1 HostName user1.pairserver.com User user1 IdentityFile ~/.ssh/user1_ed25519
This configuration file has some global entries (under “Host *”). The first two lines adds our user identity, including passphrase, to the SSH user agent. The third line says to just use IPv4 to log in. We do this because pair Networks currently doesn’t support IPv6.
The pair server Host section defines our host, user, and the location of our SSH private key. Notice, that we defined a “shortcut” for our Host name, user1. With the above config file, we can login by just doing:
george@imac1: /Users/george ==> ssh user1 Last login: Fri Dec 14 13:22:52 2018 from x.x.x.x Welcome to pair Networks, Inc. ... o o o
And, that’s about it. If you followed along, you should be able to easily login to pair Networks from your Mac without having to use your password. This will prove very useful later on when using bash scripts with your pair Networks account.