I have several clients that don’t allow ftp access. Working on their sites involves using ssh. I first had to ssh into their server, provide my password, hope I typed it in correctly and waited. I wanted to speed up this process, since I login on a regular basis. What I wanted was to type one word, and be automagically logged in without any other effort on my part. So I created an alias which in turn uses ssh and an ssh key which does exactly that.
Setting up ssh keys and aliases in Mac OSX can be a daunting task. Especially when you are using ssh to connect to a clients server. The process I went through is a pretty simple one, once you know what you need to do. Though it was much easier the second time around, most things are, I did have to create several files to get aliases to work. Those files were: ~/.bash_profile, ~/.bashrc, and /user/share/tcsh/aliases.mine.
I’m not saying this is the only way to do it, just the way that I was able to make it work.
First, what is SSH? SSH is a network protocol for secure remote logins. SSH uses public-key cryptography to authenticate remote computers and allow remote computers to authenticate the user.
Remember that your private key file is used to authenticate you. Never expose your private keys. If anyone else can access your private key file, they can attempt to login to the remote host computer as you, and claim to be you. So it is extremely important that you keep your private key file in a secure place and ensure that no one else has access to it.
Just to be clear, do not use public-key authentication on a computer that is shared with others. You should only generate keys on your personal computer that no one else has access to.
To set up your ssh key, open Terminal. Then to create your DSA key pair to use for login, type this command in the Terminal window:
ssh-keygen -t dsa
You will be prompted for a filename to give the keys (just press RETURN to accept the default), and then for a passphrase. You should see something similar to this:
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_dsa): id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_dsa.
Your public key has been saved in id_dsa.pub.
The key fingerprint is:
This will create a private key written to ~/.ssh/id_dsa and a public key written to ~/.ssh/id_dsa.pub. The passphrase is used to protect your key. You will be asked for it when you connect via SSH.
After you’ve created the keys, you need to copy your public key (~/.ssh/id_dsa.pub) into the authorized_keys file in the .ssh directory on the remote server. If you can’t find your .ssh directory, create one using mkdir. Be sure to copy and paste this file carefully, any extra line breaks will cause the key not to work.
Once that is done you can ssh into the remote server without having to use a password. If not, check your process. Also be sure that the remote server allows public key exchange.
Now that we have our ssh key, we can use it to create an alias. An alias is nothing more than a pointer file. Think of it as a shortcut if you wish.
First we need to go to /user/share/tcsh/, if it’s not there, create it. Now we are going to create the file aliases.mine in the tcsh/ directory.
In the aliases.mine file, you will create your own Terminal shortcuts by typing the word “alias”, then your short cut name, followed by a Terminal command inside of single quotes. For example, for our purposes here, we want to create an alias, example, to run our ssh command, “ssh email@example.com”. This is how it looks:
alias example="ssh firstname.lastname@example.org"
Now because I use bash on Mac OSX, I then had to create .bash_profile in the /Users/YOURUSERNAME/ directory. You may have to sudo into bash.
We need to create a file .bashrc, but first, to make sure .bashrc is read at every login, we need to create .bash_profile. Add this code to it, type or copy/paste it so it shows up on two lines:
if [ -f ~/.bashrc ]; then . ~/.bashrc
Now create .bashrc and add this code to it:
All that’s left to do is restart terminal. You should now be able to type in:
and it should open the connection to your server without needing a password.
Your mileage may vary. Remember, Google is your friend.