How to generate SSH keys on macOS Mojave

macOS is capable of working with SSH keys. Jack Wallen shows you how to generate the necessary keys and copy them to a server.

How to generate SSH keys on macOS Mojave

SSH key authentication is one way to better secure your remote sessions between two machines. This type of authentication depends upon a pair of keys that are generated by the user on the client machine. On Linux, this task is incredibly straightforward. With macOS, the process is just as easy. So easy, that it can be handled by just about anyone.

I want to walk you through the process of generating SSH keys on macOS Mojave and then show you how to copy the key to a remote server, for more secure connections between the two machines. The process should only take you a couple of minutes.

SEE: Information security policy template download (Tech Pro Research)

Open the terminal app

This task will be done via the macOS terminal application. To open that app, click on the Launchpad icon on your Dock and search for terminal. When that app appears, open it with a single click.

Generating the SSH keys

From the terminal window, issue the following command:

ssh-keygen -t rsa

Accept the default directory (Figure A) by using the Enter key on your keyboard.

Figure A

Figure A: SSH creating the default directory for the keys.

You will be prompted to enter a new passphrase for the key (Figure B). Make sure to enter a strong and unique password for the keys.

Figure B

Figure B: Don't skimp on the password strength.

Once you type and verify your password, SSH will generate a randomart image for your key (Figure C) and hand you back the prompt.

Figure C

Figure C: Your randomart image.

This process will create two keys in the /Users/USERNAME/.ssh directory (where USERNAME is your macOS username). Those keys are:

  • id_rsa

The file ending in .pub is the public key. This is the key that you can share with other users. The other key, id_rsa, is your private key. Never share that key. Never. Ever.

Copy your key to a server

Now that you have the key pair, how do you use them? Here's the simplest and most oft-used method of using SSH keys. You want to copy the key to a remote server so that you can use SSH key authentication (instead of the weaker password authentication). Fortunately, SSH has a built-in mechanism for copying that key. Say the remote server in question is at IP address and the username is jack. To copy the key to that server, issue the command (from macOS):

ssh-copy-id jack@

You will first be prompted to see if you want to continue with the connection. Type y and hit Enter. Next, you'll be prompted for the remote user's password. Upon successful authentication, the keys will be copied and you're ready to log into the remote server, using SSH key authentication. To log in to the remote server, type the command (substituting your username and IP address as needed):

ssh jack@

Instead of being prompted for the user's password, you'll be prompted for the passphrase for the SSH key (Figure D).

Figure D

Figure D: SSH prompting for the key passphrase, instead of the user's password.

Congratulations, you not only generated SSH keys on macOS, but you also copied those keys to a remote server for more secure connection.

Also see

Image: iStock Photo

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen....