Using Private Keys with SSH login Without Password on Mac OS X

Here’s an excellent write-up for setting up SSH access using private keys to connect to other Linux/Unix servers without having to enter a password.

Copied here for reference.

Tired of typing passwords to SSH servers you often access? Well get used to it! Passwords provide a high level of security, but but it have a tendency be tedious, and also prevent you from running local scripts that automatic logon to your server to perform tasks or you you simply will backup/copy files from your server to your local Mac. The good news is that’s a simple solution to all this.

SSH and keys, WTF

To enable automatic login to a SSH server, the server must have a copy of your public key. The key is signed by what we call a passphrase, meaning that, when you now access a server that got a copy of your public key it prompt your for your password (passphrase) instead of the system user account password. So we really did not fix the problem, we just shifted the problem, but we shifted it in the right direction, and now we can do something about it.
ssh public key
Passphrase exchange

Empty passphrase

The most daring users, simply create a public key with a empty passphrase. This introduce a security problem. If you somehow gained access to a copy of your privat key, they will gain access to all the servers that trust your key.

Use a agent to propagate the passphrase

Keychain Access
A more secure way of solving this is using a program (ssh-agent) to propagate the passphrase. This solution is quite good, but like everything else it comes with a few drawbacks. You need to have your shell environment set up correctly, and only application with the correct environment setting is able to benefit from it. In OS X you are able avoid this problem simply by using the system utility “Keychain Access”. It will store and propagate your passphrase, and in Leopard (10.5) Apple finally introduced native support for using Keychain Access also in terminal.

Setting it all up

OS X has native support for creating and storing pass phrases (Keychain access) so setting this up on your Mac is not that hard. Linux users that are reading this can also follow along then the only difference is what application you use to store the passphrase. Like an example will Gnome users normally use the Gnome Keyring application.

  1. Create your set of keys:
    Start up the Terminal application and run:
    ssh-keygen -t rsassh-keygen will the ask where to store the public key it is about to create. Normally the default suggestion works just fine (~/.ssh/ ssh-keygen then ask you to enter a pass phrase. Please use something secure here and please also remember it.
  2. Copy the public key to your SSH server
    Copy the newly created public key to the SSH server(s) you need to auto login into by using your favourite transport method. Please be careful not to overwrite ~/.ssh/authorized_keys if it already exist! This is how I personally copy the key, might not be your preferred method:

    • If authorized_keys exist: 
      cat ~/.ssh/ | ssh "cat - >> ~/.ssh/authorized_keys"
    • If authorized_keys does not exist: 
      scp ~/.ssh/
  3. Optional step: You might consider restricting file access to the file authorized_keys on the SSH server. chmod 0600 ~/.ssh/authorized_keys to even further improve your system security.

Keychain store passphrase
Now you should be all set. The very first time you access the server by ssh, Keychain will prompt you for your keyphrase and then store it and you will never have to type it again.


Lewan IT Solutions Technical Blog

I’m known at my job and with friends of being a Mac fan, which is true. It wasn’t always like that however. I’ve spent the majority of my IT career behind a keyboard of a PC (well, and a Linux machine when I was a Redhat Server Administrator) 😉 Customers and friends often ask why I use a Mac, and I thought that this experience of a blogger who works for a site called Tuaw summed it up nicely. Just like he mentions- Macs are not perfect- but even when things go wrong, the overall experience has been way less frustrating than experiences that I’ve had with a PC.

And people wonder why Mac’s are gaining marketshare, not only for the consumer, but in the enterprise as well.. 😉

Interesting graphic on Mac’s market share:

View original post

Latest List of Apps for the Mac

An awesome (updated) list of apps for the Mac, many that I use myself. Have a favorite app that’s not on the list? Leave it in our comments section!

What Would Dan Do?

Updated 12/3/2012

I’ve found these lists useful when others have posted them, many times I discover an app I didn’t know about.

Here is a list of apps that are installed on my Macbook Air, I’m not including what came with it.

  • Alfred
  • Aperture
  • AppCleaner
  • AppFresh
  • BetterSnapTool
  • Caffeine
  • Calibre
  • Citrix Kits To Go
  • Citrix Receiver
  • CoRD
  • Evernote
  • Google Chrome
  • GotoMeeting
  • Growl
  • HandBrake
  • iWork ’09
  • LastPass
  • Microsoft Office 2011
  • Microsoft Remote Desktop Client
  • MPlayerX
  • Nik Software (Color efex Pro & Dfine
  • OmniGraffle Professional
  • Pocket
  • Reeder
  • Reminders
  • SkyDrive
  • Skype
  • Sonos Desktop Controller
  • Spotify
  • The Unarchiver
  • Twitter
  • uTorrent
  • VMware View Client
  • XtraFinder
In addition to the above apps I also have these apps on my Macbook Pro that I use primarily at home:
  • Air Video Server
  • atMonitor
  • Burn
  • CrashPlan
  • Firefox
  • gfxCardStatus
  • Opera
  • VMware Fusion
  • VLC

View original post