Differences

This shows you the differences between two versions of the page.

--- services:2fa:ssh:macos [2021/03/22 11:30] – deul
+++ services:2fa:ssh:macos [2021/03/29 07:45] (current) – deul
@@ Line 1: / Line 1: @@
 ======Setup key based login from MacOS======
-Before we can use key based login, we first need to create a private/public key set. This is done by the program PuTTYgen. Open this program:
+The procedure is very similar to the Linux procedure. So we first need to build a public/private keypair using the ssh-keygen utility:
-{{ :services:2fa:ssh:putty6.png?400 |}}
+{{ :services:2fa:ssh:macos1.png?600 |}}
-and hit the 'Generate'key. You will have to move your mouse around as this will help randomness in the creation of the key pair. Once the keys have been created you need to save each key in its own file.
+For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal .ssh directory:
-{{ :services:2fa:ssh:putty7.png?400 |}}
+{{ :services:2fa:ssh:macos2.png?600 |}}
-Make sure to use sensible file names for the two key files. The private key is automatically appended with the .ppk extension, while the public key does not need an extension.
+The file id_ecdsa.pub must be transferred to the remote host. For this we can use ssh-copy-id:
-{{ :services:2fa:ssh:putty8.png?400 |}}
-To make PuTTY aware of the private key, go to tab SSH / AUTH and use the Browse button to select the file in which you have previously saved the private key (usually extension .ppk).
+  $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host
-{{ :services:2fa:ssh:putty9.png?400 |}}
-Finally, we need to tell PuTTY to use a particular account name for accessing the public key (which we still need to upload). So go to tab Connection / DATA and fill in your ULCN account name in the 'Auto-login username' box.
+This may produce the following message:
-{{ :services:2fa:ssh:putty11.png?400 |}}
-After all these changes, make sure to save the setting: go to Session and click the Save button.
+  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub"
+  The authenticity of host 'remote-host (123.123.123.123)' can't be established.
+  ECDSA key fingerprint is SHA256:tygMarTe3SOjTcY9HzldKThxQzsTeiYHg5JmjB2bxeg.
+  Are you sure you want to continue connecting (yes/no)? yes
-We still need to copy the public key to the server. Use Wordpad to open your public key file and select the text part. In this case from 'AAA' to '=='. Use CTRL-C to copy.
+Having confirmed the access key to remote-host, the copy operation will commence:
-{{ :services:2fa:ssh:putty10.png?400 |}}
-Open the login session to the server (you still have to provide your password), then go to the .ssh directory and edit the authorized_keys file using an editor (e.g. vi) and paste in the copied text from the public file. Make sure the pasted text is one line! Perpend that line with ssh-rsa (the default key type from puttygen) and save the file.
+  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
-{{ :services:2fa:ssh:putty12.png?400 |}}
+  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
+  username@remote-host's password:
+  One-time password (OATH) for `username`:
-Once the authorized_key file is saved, you can login without typing your password/2fa code.
+Type your password (and the 2FA passcode) to actually start the file copy.
+  Number of key(s) added: 1
+  Now try logging into the machine, with:   "ssh 'username@remote-host'"
+  and check to make sure that only the key(s) you wanted were added.
+The passwordless/2fa codeless ssh login is now in place.

Computer Documentation Wiki

User Tools

Site Tools

Differences

Page Tools