This article assumes that you are already able to ssh into a remote server using a password (that is, that your account has been created on the remote system and you are able to access it). Here’s how to set up ssh public/private key authentication so you don’t have to use the password on future logins, or so you can use Public Key authentication with MacFusion.
First, open a terminal or iTerm window as we will be using it for most of the following operations. First, navigate to your home directory, and see if there is a folder called .ssh. Note that Finder will NOT show you this directory unless you have it set to show all file extensions, so since we are at a command line prompt anyway, it’s easiest to just type “cd ~” (without the quotes) to go to your home directory in Terminal or iTerm and type “ls -a” (again without the quotes - always omit the quotes when we quote a command) to see if the .ssh directory exists. If it does, go into the directory (”cd .ssh”) and see if there are two files called id_rsa and id_rsa.pub (use “ls -a” again). If either the directory or the files do not exist, you will need to create them.
ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "your@emailaddress.com"
Replace your@emailaddress.com with your email address - this is just to make sure the keys are unique, because by default it will use your_user_name@your_machine_name.local, which might come up with something too generic, like john@Mac.local. It’s unlikely that anyone else is using your e-mail address in a key.
Now, from your terminal or iTerm window, execute the following commands. Replace username with your login name and remote with the address of the remote system. Note that you should NOT be logged into the remote system when you execute these - these are run from a command prompt on your local system, and you probably will be prompted to enter your password (for the remote system) after each of at least the first couple of commands:
ssh username@remote ‘mkdir ~/.ssh;chmod 700 ~/.ssh’
The above creates the .ssh directory on the remote system and gives it the correct permissions.
scp ~/.ssh/id_rsa.pub username@remote:~/.ssh/authorized_keys
The above copies your public key to the list of authorized keys on the remote system (creating the list if it does not already exist).
ssh username@remote ‘chmod 600 ~/.ssh/authorized_keys’
This fixes the permissions on the authorized_keys file on the remote system.
And, that’s basically all there is to it. If you are the system administrator of the remote system, but you don’t ever plan to login from a remote location as root, then for extra security edit the file /etc/ssh/sshd_config on the remote system (you’ll probably have to be root, or use sudo to do this task). Just use your favorite text editor on the remote system to open the file, and look for a line that says:
PermitRootLogin yes
And change the “yes” to “no”. If you don’t have permission to edit this file (even by using sudo) then don’t worry about it, because you probably can’t login as root anyway.
The above are very basic instructions for setting up ssh public/private key authentication. There are other ways to do this (including some that are arguably a bit more secure) but we wanted to keep it simple. Hopefully this will help someone who is using ssh, MacFusion, etc. and wants something a bit more secure and less bothersome than password access.
Subscribe to CAF
