The following enables you once more to only use ssh user@domain.com without ever having to enter a password or passphrase again in macOS 10.12+ .
# Normal Command
ssh user@domain.com
# Command for Debugging
ssh user@domain.com -vvv
SSH Key Creation
# Command
ssh-keygen -t ed25519 -o -a 100
# Output
Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/crstin/.ssh/id_ed25519):
Created directory '/Users/crstin/.ssh'.
Use a secure passphrase like 6R9vcrxn1z17gDn2pUSoXUSHSa2UIK and don't forget to "remember" it.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/crstin/.ssh/id_ed25519.
Your public key has been saved in /Users/crstin/.ssh/id_ed25519.pub.
Now there are two files, id_ed25519 & id_ed25519.pub, in ~/.ssh
The key fingerprint is:
SHA256:oobb381Rk0qqKFRAhZs2b3yPztEjCUYYBAB8Pb7yQ/E crstin@machine.local
The key\'s randomart image is:
+--[ED25519 256]--+
|B++oo |
| .o+ o |
| o+o . |
| =..o . |
| . =o = S . + |
| .++=.E o o . |
| ...*.+o+ o |
| .+ =.=.+ . |
| ..oo* . o |
+----[SHA256]-----+
Contents of ~/.ssh
config
id_ed25519
id_ed25519.pub
known_hosts
~/.ssh/config
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist 2h
ServerAliveInterval 5
Compression yes
UseKeychain yes
AddKeysToAgent yes
UseKeychain yes is needed for 10.12+
Store your public key on the server inside ~/.ssh/authorized_keys.
ssh-copy-id user@domain.com
(If you don't have it: brew install ssh-copy-id)
Now you're good to go.
sshd_config on the server
Port 64032
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation sandbox
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PrintMotd no
MaxStartups 10:30:60
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
LogLevel VERBOSE
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256
SSH tldr
Secure Shell is a protocol used to securely log onto remote systems.
It can be used for logging or executing commands on a remote server.
- Connect to a remote server:
ssh username@remote_host
- Connect to a remote server with a specific identity (private key):
ssh -i path/to/key_file username@remote_host
- Connect to a remote server using a specific port:
ssh username@remote_host -p 2222
- Run a command on a remote server:
ssh remote_host command -with -flags
- SSH tunneling: Dynamic port forwarding (SOCKS proxy on localhost:9999):
ssh -D 9999 -C username@remote_host
- SSH tunneling: Forward a specific port (localhost:9999 to slashdot.org:80):
ssh -L 9999:slashdot.org:80 username@remote_host
- Enable the option to forward the authentication information to the remote machine (see `man ssh_config` for available options):
ssh -o "ForwardAgent=yes" username@remote_host