Mac Generate Ssh Key 4096
Mar 22, 2019 The prompt defaults to save the new key pair in the /home/username/.ssh/ directory and name it 'idrsa'. Unless you want to change the location or name of the file, just click Enter on your keyboard to continue. Jun 22, 2012 SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
I largely followed Florin's blog post, but have a few notes to add regarding issues I encountered:
How to upload an SSH key via the DreamCompute dashboard; Connect to your DreamCompute Instance with SSH keys in Mac or Linux; How to configure passwordless login in Mac OS X and Linux; Creating and importing a Key pair using the OpenStack CLI; Creating a new Key pair in Windows. Sep 15, 2014 The Secure SHell (SSH) command line is available through a Mac using the Terminal application. A private and public key pair is required before you can connect to the server. These instructions are for use with a shared server. Learn more about SSH Hosting. Generate Key.
Basic setup notes
- I used a YubiKey 4, while the blog describes using a YubiKey NEO. I'm sure a YubiKey 5 would also work. I'm also running macOS 10.13.6.
- I installed GPGTools as recommended. However, as I'll note later, it seems that
gpg-agent
only automatically starts when gpg is used; for ssh, you'll need to ensure it's running. - Before generating your keys, decide what key size you want to use. If you run the
list
command insidegpg --edit-card
, look for theKey attributes
line to see what is currently selected. On my YubiKey 4, it defaulted to 2048 bits for all keys:
These correspond to the signature key, encryption key, and authentication key. (I believe only the authentication key is used for ssh.)
It’s divided into three installations: the foundation matches together with Liberty’s Sub Title Wings, also the two expansions packs Heart of the Void of those Swarm and Legacy.
Generate Ssh Key Aix
Running the key-attr
admin subcommand lets you change these:
(Note that the OpenPGP applet only works with RSA, not ECC, so don't choose that.)
- After generating keys,
ssh-add -L
may not initially show anything:
This is because gpg-agent
changed how it works a few years ago, removing some options such as write-env-file
(per this comment, which Florin's instructions use.
To get gpg-agent
and ssh-agent
to work together, you can use a simplified /.gnupg/gpg-agent.conf
:
and then kill any running gpg-agent
process so that it picks up the new configuration.
Since the .gpg-agent-info
file is no longer created by gpg-agent
, you must also change your .bash_profile
to use the GPG agent ssh socket directly. I also added a line here to ensure that the gpg-agent
is running:
(This is taken from @drduh's YubiKey guide.)
After updating this, launch a new shell, and ssh-add -L
should now show you your public key, and you can follow the rest of the directions provided.
Requiring touch
I wanted to require a touch any time I tried to use my YubiKey for ssh authentication to prevent rogue processes from using the key while it's plugged in.
You can use the YubiKey Manager CLI to require this; I installed it via Homebrew.
After installed, use the ykman openpgp touch
subcommand to configure the touch settings:
(Again, you control the three keys separately.)
Problems with certain versions of the YubiKey 4
I attempted to add my SSH public key to my GitHub account and came across this perplexing error:
Key is weak. GitHub recommends using ssh-keygen to generate a RSA key of at least 2048 bits.
I'd initially used a 2048-bit RSA key, so using the key-attr
subcommand I described above, I tried generating a 4096-bit key, but GitHub gave the same error message.
After some searching, I came across this issue. Basically, due to a security issue in certain versions of the YubiKey 4 (4.2.6-4.3.4), GitHub rejects keys generated on these YubiKeys as weak. There are basically two workarounds:
- Generate a keypair off of the card and then load it onto the YubiKey.
- Replace the YubiKey with a newer one. Thankfully, Yubico will replace your affected YubiKey 4 for free.
Mac Generate Ssh Key 4096 Software
Even more details
Mac Create Ssh Key 4096
@drduh's YubiKey Guide is a great reference, going into even more detail and best practices.