This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
services:2fa:ssh:macos [2021/03/22 11:30] – deul | services:2fa:ssh:macos [2021/03/29 07:45] (current) – deul | ||
---|---|---|---|
Line 1: | Line 1: | ||
======Setup key based login from MacOS====== | ======Setup key based login from MacOS====== | ||
- | Before we can use key based login, | + | The procedure is very similar to the Linux procedure. So we first need to build a public/private keypair using the ssh-keygen utility: |
- | {{ : | + | {{ : |
- | and hit the ' | + | For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal |
- | {{ : | + | {{ : |
- | Make sure to use sensible | + | The file id_ecdsa.pub must be transferred to the remote host. For this we can use ssh-copy-id: |
- | {{ : | + | |
- | To make PuTTY aware of the private key, go to tab SSH / AUTH and use the Browse button to select the file in which you have previously saved the private key (usually extension | + | $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host |
- | {{ : | + | |
- | Finally, we need to tell PuTTY to use a particular account name for accessing | + | This may produce |
- | {{ : | + | |
- | After all these changes, make sure to save the setting: go to Session and click the Save button. | + | / |
+ | The authenticity of host ' | ||
+ | ECDSA key fingerprint is SHA256: | ||
+ | Are you sure you want to continue connecting (yes/no)? yes | ||
- | We still need to copy the public | + | Having confirmed |
- | {{ : | + | |
- | Open the login session | + | / |
- | {{ :services: | + | /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install |
+ | | ||
+ | One-time password (OATH) for `username`: | ||
- | Once the authorized_key file is saved, you can login without typing | + | Type your password |
+ | Number of key(s) added: 1 | ||
+ | | ||
+ | Now try logging into the machine, with: " | ||
+ | and check to make sure that only the key(s) you wanted were added. | ||
+ | |||
+ | The passwordless/ |