SSH keys are a secure method of authenticating with any system that uses the Secure Shell protocol, such as SFTP. These keys use powerful encryption to avoid having data compromised, and they can be generated directly from the Terminal.
SSH key structure
There are several SSH encryption algorithms, with one of the most common ones being RSA, which we'll use for this guide. RSA keys are based on asymmetric encryption, meaning that they use a matching key pair that includes a private and public key.
The public key is shared with servers or service providers. The private key should never be shared and should remain securely on your machine. When you share the public key and try to make a connection, a check is run to ensure the public and private keys match. If they do, the connection between the machines is authorized.
For additional protection, private keys can be encrypted with a password that can be specified during the key generation process.
Once generated by the macOS terminal, keys are stored locally as text files. Usually, they will be stored in the .ssh directory or saved in the client you are using to connect to the remote device, such as Filezilla or Cyberduck.
How to create an SSH key in Mac
Creating an SSH key in Mac involves opening the terminal, generating and saving the key, and then sharing/adding the public key to any machine/server you want to connect to.
Opening the terminal
An easy way to open Terminal is to press Command + Space, to open Spotlight, then type Terminal.
You can also open a Terminal at a specific folder with Control + Click on the directory and choosing to open a New Terminal at the folder.
Generating an SSH key in Terminal
Once you've opened Terminal, run the command ssh-keygen command. We recommend adding additional options as below:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- -t rsa > Specifies the key type as RSA
- -b 4096 > Sets the key length to 4096 bits, which is more secure than the default 2048 bits.
- -C > Adds a label (usually your email) for identification.
After entering the command, you'll be asked where to save the key. By default, in macOS it will be saved to (/Users/username/.ssh/id_rsa), but you can type/paste in a different path to save the key to a different directory.
You'll then be asked to enter a passphrase. Hitting return again will create a key with no password.
As soon as the key is generated, the key fingerprint will be shown along with a randomart image. This image is a visual representation of the key and can be used to quickly check if the key is correct by checking that the images match.
Sharing the Public Key
Once the key is generated, you need to share the Public Key. Different servers and service providers will require different ways to do this, usually either by uploading the key file or pasting the contents of a file. An easy way to copy the contents in Terminal is with the pbcopy command, < which copies a file's contents to the clipboard like below:
pbcopy < ~/.ssh/id_rsa.pub
If you specified a different path during key generation, include that path instead.
Make sure you're copying the Public Key (denoted with.pub)—you'll use the Private Key in the SFTP client for authentication.
Using SSH key authentication in Couchdrop
In Couchdrop, you can configure Public Key Authentication for SFTP and SCP users in the Users panel of the Admin console.
To do this, select a user, then make sure the box to allow SFTP and SCP connections is selected. In that section is the option to configure public key authentication. Paste the contents of the Public Key file here. You can also enforce key usage with the check box, but note that not all SFTP clients support this enforcement.
When that user connects, they'll then add the corresponding Private Key, which will be checked during authentication.