Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is there a way to automatically use an ssh private key instead of a password?

Hello everyone,


I have an ssh server, and would like to access it from my Mac using the private key, rather than the password.


In terminal on my Mac, I used the ssh-keygen command to generate a key pair, then the ssh-copy-id command to upload the public key to my ssh server. I have also disabled password authentication on the server.


When I first attempted to log into my server, I received a "Permission Denied: Publickey" message. However, when I added the -i option to point to my private key, it worked perfectly. So the ssh connection with the keypair is working.


The issue is that it becomes cumbersome to type the command each time I wish to connect, as I have to specify the private key, as well as the port, as I use a non-standard one.


I'm wondering if there is a means of having Terminal automatically use that private key when connecting to this particular server? Would I be better off with a third-party terminal client? I found one called Termius on the App Store.


Any help gratefully received, cheers.



MacBook Air, macOS 13.2

Posted on Mar 22, 2023 4:28 AM

Reply
Question marked as Best reply

Posted on Mar 22, 2023 5:06 AM

You have to use the default name of “id_rsa” if you want they key to be used automatically.

6 replies

Mar 22, 2023 8:22 PM in response to Samington1987

I would suggest using ed25519 keys

ssh-keygen -t ed25519

This is because OpenSSH_9.0p1 in Ventura has depreciated the RSA keys.


If you want passwordless ssh-keygen keys, then when you run the ssh-keygen command, you just keep hitting <return> for each prompt. HOWEVER, it is very VERY important that you never lose control of your private key (the file without the .pub suffix), as that is the key to allowing anyone to access the remote system as you.


If you create an ssh-keygen key with a passphrase, you can store that passphrase in the macOS keychain, and never have to actually enter it

https://www.technomancer.com/archives/464

So you can have the best of both worlds. A passphrase, and not have to enter it.


I live in ssh. My job has me using ssh (and scp) connections all day everyday to several remote Linux, AIX and Solaris systems, plus I use it between my Macs, and to my home Synology NAS boxes, and from those systems back to my Mac.


Mar 23, 2023 3:02 AM in response to BobHarris

Oh that's really useful, thank you. I'll definitely do that, as I want to use the most optimal encryption. Adding the passphrase to Keychain is a great idea as well. Means I can generate a strong password, and never have to actually use it..


Interestingly, If I just use ssh-keygen without the -t command, it defaults to a RSA key with a length of 3072. Hopefully Apple will update that in future, especially if they've deprecated RSA.


Anyway, thanks so much for the advice.

Mar 23, 2023 4:50 AM in response to BobHarris

BobHarris wrote:

I would suggest using ed25519 keys
ssh-keygen -t ed25519
This is because OpenSSH_9.0p1 in Ventura has depreciated the RSA keys.

Technically it is just the old sha1 rsa algorithm that is deprecated, not rsa keys. If you are like me and using an ancient key, then you should probably double check and do some housecleaning.


https://ikarus.sg/rsa-is-not-dead/


Is there a way to automatically use an ssh private key instead of a password?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.