I'm new to OS X.
As per title, I'm having trouble connecting to my web server through SSH.
My server accepts keys and we don't use passwords.
I've come from windows, and on windows I used PuTTY to connect to my server using a .ppk file generated using PuTTYGen.
On the Mac, I've generated using ssh-keygen -t rsa -b 2048 and made a key.ppk file in ~/.ssh and pasted the contents of my Windows .ppk file into it.
I also made a config file with the following contents…
Host domain.com
IdentityFile ~/.ssh/key.ppk
User username
When I try to connect, Terminal prompts me for a password (why?) then when I enter nothing and press ok it fails with message
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Any help on what I'm doing wrong will be great!
Thanks for reading and thanks in advance for any tips.
Best Answer
On Reusing Your Windows
key.ppk
FileThe PPK file is a PuTTY-specific private key. It's not a portable private key that works with any ssh-based application. It just works with PuTTY. You need to convert it first. I've found some instructions for converting it to a proper public/private key pair here. You'll need to do this from your Windows machine.
That will give you a private key,
key.ssh
, that will work with ssh on your Mac. Put thekey.ssh
file in your~/.ssh/
directory. Make sure the permissions are correct:And then you can use it with your
~/.ssh/config
file like so:If you no longer have access to your Windows machine you'll need to generate a fresh public/private key pair to use with your web server.
On Generating a Fresh Keypair To Use With Your Mac
Honestly, this is the best way to go here.
Password-less authentication with shared keys requires that both machines have a piece of the shared/public key pieces. Here's a complete recipe for setting up a shared key authentication scheme with two servers. It's not really OS X-specific. It's ssh-specific.
These instructions assume host1 is your Mac and host2 is your web server.
Generate a shared key on host1 (the shared key will be
/Users/you/.ssh/webserver.pub
and the private key will be/Users/you/.ssh/webserver
):Note: I didn't enter a password for the key because I don't want to have to use a password when I use the use.
Now you need to append the
~/.ssh/webserver.pub
public key to the~user/.ssh/authorized_keys
file on host2, your webserver.For this to work you will need password access to the remote host. If you don't have this you can give
~/.ssh/webserver.pub
to someone who does have access to the box and ask them to append it to theauthorized_keys
file for you perhaps. Or do it from your windows machine where you still have access.Now make sure your private key is safe on your Mac:
ssh can get complain-y if your private/public keypairs are world readable or writeable.
Finally, you can add the following to your
~/.ssh/config
file to invoke the right key combination when you try to ssh in to your web server:This will get you the password-less, keypair-based authentication you desire.