Set up pair Networks SSH Key Authentication

I am going to describe how I set up my pair Networks SSH key authentication. To be more specific, this post will describe how to use SSH to login without having to enter your pair Networks password. I use the Terminal App on my Mac to open up a bash shell window. This capability is really useful for running bash scripts on your Mac to access your pair Networks shell account. When we are done, your will be able to do, for example (replace pair-user with your username):

ssh pair-user@pair-user.pairserver.com
scp files pair-user@pair-user.pairserver.com:user-directory
rsync pair-user@pair-user.pairserver.com:/usr/home/pair-user /Users/mac-user/Documents/folder

… without having to enter a password. Here is an example of logging in from a Mac terminal window:

mac-user@imac1: /Users/mac-user
==> ssh pair-user@pair-user.pairserver.com
Last login: Thu Dec 13 16:08:35 2018 from x.x.x.x
Welcome to pair Networks, Inc. ...
o o o
pair-user@www2: /usr/home/pair-user
==> 

Your shell access is still secure. We are using an SSH Key that automatically logs us in instead of using a password.

Before I go any further, I want to note that I have changed my default pair Networks shell from csh to bash.

I will be using the ed25519 SSH key algorithm. I am not the expert, but I believe that it’s the current recommended public-key algorithm. The RSA algorithm is very popular; if you choose to use it, be sure to use the 4096-bit key length. The ed25519 public-key is compact, faster, and more secure than the RSA public key. Please feel free to do your own research, and reach your own conclusions.

How-To

This is how I set up my pair Networks SSH key authentication. I am using MacOS Mojave, 10.14.x. I assume that you have some command line experience, but I do try explain as much as possible. Please leave a comment if you have any questions.

First, use ssh-keygen to create the public/private SSH key pair as shown by this example:

mac-user@imac1: /Users/mac-user
==> ssh-keygen -t ed25519 -C user@example.com
Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/mac-user/.ssh/id_ed25519): /Users/mac-user/.ssh/pair-user_ed25519
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/mac-user/.ssh/pair-user_ed25519.
Your public key has been saved in /Users/mac-user/.ssh/pair-user_ed25519.pub.
The key fingerprint is:
o o o

Of course, use your own email address for the “comment” section. You can use the default file to store your key pair in ~/mac-user/.ssh, or create a unique file as the example shows. You will most likely over time create multiple key pairs for different hosts. I like doing this for the same reasons why each host should have a unique password to login with.

You don’t have to enter a passphrase, but I highly recommend it. We will later securely install the passphrase in the Mac keychain, so you only have to enter it once (as noted below).

Save the passphrase in the macOS keychain:

mac-user@imac1: /Users/mac-user
==> ssh-add -K ~/.ssh/pair-user_ed25519
Enter passphrase for /Users/mac-user/.ssh/pair-user_ed25519: 
Identity added: /Users/mac-user/.ssh/pair-user_ed25519 (user@example.com)

Now, install the public key on your pair Networks server:

mac-user@imac1: /Users/mac-user
==> ssh-copy-id -i ~/.ssh/pair-user_ed25519.pub pair-user@pair-user.pairserver.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/mac-user/.ssh/pair-user_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
pair-user@pair-user.pairserver.com's password: 


Number of key(s) added:        1


Now try logging into the machine, with:   "ssh 'pair-user@pair-user.pairserver.com'"
and check to make sure that only the key(s) you wanted were added.

This creates (or updates) a file called ~/.ssh/authorized_keys. This file contains your public key. 

We’re almost done! We want to create (or update) an SSH config file on our Mac:

mac-user@imac1: /Users/mac-user
==> vi ~/.ssh/config


mac-user@imac1: /Users/mac-user
==> cat ~/.ssh/config
Host *
 AddKeysToAgent yes
 UseKeychain yes
 AddressFamily inet

Host pair-user.pairserver.com pair-user
  HostName pair-user.pairserver.com
  User pair-user
  IdentityFile ~/.ssh/pair-user_ed25519

This configuration file has some global entries. The first two lines adds our user identity, including passphrase, to the SSH user agent. The third line says to just use IPv4 to log in. We do this because pair Networks currently doesn’t support IPv6.

The Host section defines our host, user, and the location of our SSH private key. Notice, that we defined a “shortcut” for our Host name, pair-user. With the above config file, we can login by just doing:

mac-user@imac1: /Users/mac-user
==> ssh pair-user
Last login: Fri Dec 14 13:22:52 2018 from x.x.x.x
Welcome to pair Networks, Inc.  ...
o o o

And, that’s about it. If you followed along, you should be able to easily login to pair Networks from your Mac without having to use your password. This will prove very useful later on when using bash scripts with your pair Networks account.