SSH Public and Private Key setup on OS-X

I didn’t find one clear and concise place explaining how to setup private keys on OS-X. This is my attempt to remedy that.

First, you need to generate the Private (id_dsa or id_rsa) and Public (id_dsa.pub or id_rsa.pub) Key pair. Properly secured machines don’t accept RSA encryption (rsa1) which was used by SSH v1 protocol, but they do accept RSA v2 and DSA, with DSA being arguably more secure. For the -t option use either rsa or dsa, with dsa being preffered. The rest of this article assumes you’re using dsa. You are able to choose a passphrase, so pick something easy to remember and sufficiently complex.

ssh-keygen -t dsa -f ~/.ssh/id_dsa -C "your.email.address"

Copy the public key to the remote server

scp id_dsa.pub username@remoteserver.com:~/.ssh/

This whole exercise relies on correct permissions on important files. You should keep your private key very secure, for reasons other than getting this to work correctly.

chmod 600 ~/.ssh/id_dsa

On the remote server, let’s add your public key to the authorized keys file, which lives in your home account

cat id_dsa.pub >> authorized_keys2
chmod 644 authorized_keys2
chmod 700 ~/.ssh

Back on your local machine, you now need to authorize yourself to use the new public key. For OS-X it easy. Just connect to a box that has a shared key. You’ll get
To add identities to your keychain without the popup box (OS-X only)

ssh-add -K

To add the identities previously stored in your keychain (OS-X only)

ssh-add -k

For other unixes you can add the key manually (this works on OS-X too.)

ssh-add

To see what keys you have loaded (again, all Unixes, including OS-X)

ssh-add -l

To delete keys (this will delete from your keychain too)

ssh-add -d

There are a lot of cool things you can do with ssh-add. The man pages are your friend.