Bluehost only recommends PuTTy. However, is it possible to use ssh keys without any extra, visible programs in Mac?
I would like to have a connection to my server to be a breeze, so that I can control my server in Terminal.
+5
A:
Of course! On Unix and OS X, the ssh-keygen command will generate public and private keys for SSH public-key authentication. The usual way to invoke this command (on the client) is:
ssh-keygen -t rsa
This command will ask you where to place your private key; the default place is ~/.ssh/id_rsa, and the public key will be placed in the file of the same name with a .pub extension added (for example: ~/.ssh/id_rsa.pub). The command also asks you to create a password ("passphrase") for the private key; you can leave it blank for no password as I do, but I don't recommend this practice.
Once you have your public and private keys on the client computer, you need to make your server recognize that public key. If you have shell access to the server, you can upload the public key file with scp, then use ssh to run the following command on the server:
cat id_rsa.pub >> ~/.ssh/authorized_keys
If your hosting company doesn't give you shell access (though Bluehost does), or this procedure doesn't work, it will likely give you a web interface to the same functionality.
Once your server is set up to recognize your public key, it will allow you access without a password when ssh on the client tries to use your private key for authentication. You may still have to enter your private key's password, but typically you only need to do this once for each client login session.
crosstalk
2009-02-26 18:15:20
Are you suggesting to create a *passwordless* private key?
Greg Hewgill
2009-02-26 18:24:30
Yes, that's a bad practice, but it's what I normally use. I will edit my answer to address that concern.
crosstalk
2009-02-26 18:27:21
Seriously, use SSHKeychain.
Greg Hewgill
2009-02-26 18:32:54
+2
A:
Sure, I do this all the time. Just follow these directions to generate an SSH key and copy it to your server. The instructions should work on both Mac and Linux.
Kyle Cronin
2009-02-26 18:17:18
+1
A:
OpenSSH should be available to you on OS X; open a terminal and check out "man ssh". SSH keys get stored (in a format different from PuTTY) in ~/.ssh. Having a config in ~/.ssh/config can make your life easier, too; you'll be able to say "Use this $SHORTNAME for this $HOST using this $KEY" and similar.
Michael Trausch
2009-02-26 18:17:49
+1
A:
At the terminal prompt do
$ apropos ssh
You should get a list of all the programs Mac OS X comes with related to ssh.
Using the ssh* tools, your ssh keys will be stored under ~/.ssh. PuTTY is nice, but compared to the standard OpenSSH tools, it's really only useful on Windows systems.
ebencooke
2009-02-26 18:17:51
+1
A:
Sure can! First run:
ssh-keygen
And go through the steps. It is a good idea to give it a password and such. Then you can:
cat ~/.ssh/id_rsa.pub
and copy-paste the result into the bluehost public key textarea.
Mike Boers
2009-02-26 18:19:22
I have now my key pair at Bluehost. I connected to my server by "ssh username@ipAddress" and it still asks my password. How can I see the difference?
Masi
2009-02-26 18:30:41
Have you gotten bluehost to turn on SSH? I think they need a scan of some photo ID or something...
Mike Boers
2009-02-26 18:41:54
@Masi: Bluehost also makes you "authorize" the key in the control panel in addition to just giving them the public key... If you have already done that then I have nothing else to offer. I'm on a Mac sshing to my Bluehost machine right now, and all I had to do was give them the key and authorize it.
Mike Boers
2009-02-26 20:03:39
@Mike: Thank you! It seems to work. It does not ask my passphrase. Is it a security problem?
Masi
2009-03-01 23:07:59
+2
A:
SSHKeychain is pretty much ideal for this. It lives unobtrusively on the menu bar and integrates seamlessly with OS X's Keychain and SSH implementations.
You will need to use ssh-keygen as described in other answers, but once you've done that you can use SSHKeychain to avoid having to type your private key passphrase all the time.
Greg Hewgill
2009-02-26 18:22:44
I can't believe I never heard of SSHKeychain. When I get home I will try it!
crosstalk
2009-02-26 18:34:45
"Leopard has ssh-agent built" -http://www.sshkeychain.org/pipermail/users/2008-September/000238.html I noted that when my installation of SSHKeychain failed similarly as in the link. Do I need the software for Leopard?
Masi
2009-02-26 18:38:06
@Masi: I don't know, I'm using Tiger (10.4). SSHKeychain hasn't been updated for a while, so it may indeed be obsolete now.
Greg Hewgill
2009-02-26 18:39:50