Make sure you have a corresponding id_rsa.pub
or id_dsa.pub
in your ~/.ssh
directory.
When I had an id_rsa
but not a corresponding id_rsa.pub
, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.
cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub
generated the appropriate public key file for me.
If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.
For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.
On Reusing Your Windows key.ppk
File
The PPK file is a PuTTY-specific private key. It's not a portable private key that works with any ssh-based application. It just works with PuTTY. You need to convert it first. I've found some instructions for converting it to a proper public/private key pair here. You'll need to do this from your Windows machine.
That will give you a private key, key.ssh
, that will work with ssh on your Mac. Put the key.ssh
file in your ~/.ssh/
directory. Make sure the permissions are correct:
% chmod 400 ~/.ssh/key.ssh
And then you can use it with your ~/.ssh/config
file like so:
Host domain.com
IdentityFile ~/.ssh/key.ssh
User username
If you no longer have access to your Windows machine you'll need to generate a fresh public/private key pair to use with your web server.
On Generating a Fresh Keypair To Use With Your Mac
Honestly, this is the best way to go here.
Password-less authentication with shared keys requires that both machines have a piece of the shared/public key pieces. Here's a complete recipe for setting up a shared key authentication scheme with two servers. It's not really OS X-specific. It's ssh-specific.
These instructions assume host1 is your Mac and host2 is your web server.
Generate a shared key on host1 (the shared key will be /Users/you/.ssh/webserver.pub
and the private key will be /Users/you/.ssh/webserver
):
% ssh-keygen -t rsa -b 2048 -f ~/.ssh/webserver
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in webserver.
Your public key has been saved in webserver.pub.
The key fingerprint is:
98:b7:fa:0f:0d:e7:7f:50:cc:9b:b4:57:db:8d:b4:03 ian@Ian-Chesals-iMac.local
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| o |
| o E * .|
| o S . = *=|
| . * . B.+|
| o o . o |
| . . . . |
| ..... .. |
+-----------------+
Note: I didn't enter a password for the key because I don't want to have to use a password when I use the use.
Now you need to append the ~/.ssh/webserver.pub
public key to the ~user/.ssh/authorized_keys
file on host2, your webserver.
% ssh user@host2 'mkdir ~/.ssh;echo '`cat ~/.ssh/webserver.pub`' >> ~/.ssh/authorized_keys'
For this to work you will need password access to the remote host. If you don't have this you can give ~/.ssh/webserver.pub
to someone who does have access to the box and ask them to append it to the authorized_keys
file for you perhaps. Or do it from your windows machine where you still have access.
Now make sure your private key is safe on your Mac:
% chmod 400 ~/.ssh/webserver*
ssh can get complain-y if your private/public keypairs are world readable or writeable.
Finally, you can add the following to your ~/.ssh/config
file to invoke the right key combination when you try to ssh in to your web server:
Host domain.com
IdentityFile ~/.ssh/webserver
User username
This will get you the password-less, keypair-based authentication you desire.
Best Answer
Have you tried, while logged on to Computer A :
It's more explicit than using ~, which may not behave as you might want it to on the remote machine - although it will be fine for local file specifications.