dcsimg

Saving ssh Keys on Mac OS X Leopard

By Juliet Kemp (Send Email)
Posted Nov 2, 2009


If you regularly log into lots of machines on external networks, it's a good idea to have SSH keys. Using ssh-agent, you can avoid having to type in a passphrase for each login. Helpfully, since the Leopard release on Mac OS X this functionality is built straight in, making your life even easier.

Tip of the Trade: ssh-agent makes it possible to avoid having to type in a passphrase for each login. Helpfully, since the Leopard release on Mac OS X this functionality is built straight in.

The $SSH_AUTH_SOCK variable is set automatically (check this with echo $SSH_AUTH_SOCK). Then launched is used to listen for SSH connections and launch ssh-agent when needed. You're then challenged for your password (using a secure text field, another security advantage) and given the option of storing it in your keychain. If you choose to do this, you'll never need to type your key passphrase again. Just unlock your master keychain to access it.

Setting this up is straightforward. First, generate a keypair on your local machine:

ssh-keygen -t rsa -f ~/.ssh/mykey

Next, open up a connection to the remote machine and copy the contents of the local file ~/.ssh/mykey.pub to the remote file ~/.ssh/authorized_keys. This file can contain multiple keys, but each must be on a single line. Note also that both the ~/.ssh directory and the ~/.ssh/authorized_keys file must be readable (and executable in the case of the directory) only by that user.

Close the connection, then reconnect:

ssh remote.example.com -i ~/.ssh/mykey

You'll be challenged for your passphrase; tick the "save in my keychain" box. Then log out of the remote machine and back in for a third time, and this time you won't have to enter any password.

Next time you log onto your Mac, you'll be challenged for your keychain password the first time you use one of the keys in your keychain. After that, all keys saved in the keychain will Just Work, easing the pressure on your typing fingers.

Juliet Kemp has been messing around with Linux systems, for financial reward and otherwise, for about a decade. She is also the author of "Linux System Administration Recipes: A Problem-Solution Approach" (Apress, 2009).

Follow ServerWatch on Twitter

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.