GitHub Enterprise Server Authentication Connecting to GitHub with SSH Generating a new SSH key and adding it to the ssh-agent Generating a new SSH key and adding it to the ssh-agent After you've checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent. Create SSH key. Contribute to s3p02/createsshmacandlinuxandwindows development by creating an account on GitHub. If you need information on creating SSH keys, start with our options for SSH keys. If you have SSH keys dedicated for your GitLab account, you may be interested in Working with non-default SSH key pair paths. If you already have an SSH key pair, you can go to how you can add an SSH key to your GitLab account.
- Github Mac Generate Ssh Keys
- Mac Generate Ssh Key Github
- Mac Os Generate Ssh Key Github
- Generate Ssh Key Mac Github
title | description | author | ms.service | ms.workload | ms.topic | ms.date | ms.author |
---|---|---|---|---|---|---|---|
Create and use an SSH key pair for Linux VMs in Azure | How to create and use an SSH public-private key pair for Linux VMs in Azure to improve the security of the authentication process. | virtual-machines-linux | article | cynthn |
With a secure shell (SSH) key pair, you can create virtual machines (VMs) in Azure that use SSH keys for authentication, eliminating the need for passwords to sign in. This article shows you how to quickly generate and use an SSH public-private key file pair for Linux VMs. You can complete these steps with the Azure Cloud Shell, a macOS or Linux host, the Windows Subsystem for Linux, and other tools that support OpenSSH.
[!NOTE]VMs created using SSH keys are by default configured with passwords disabled, which greatly increases the difficulty of brute-force guessing attacks.
For more background and examples, see Detailed steps to create SSH key pairs.
For additional ways to generate and use SSH keys on a Windows computer, see How to use SSH keys with Windows on Azure.
[!INCLUDE virtual-machines-common-ssh-support]
Create an SSH key pair
Use the
ssh-keygen
command to generate SSH public and private key files. By default, these files are created in the ~/.ssh directory. You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten.The following command creates an SSH key pair using RSA encryption and a bit length of 4096:
Github Mac Generate Ssh Keys
If you use the Azure CLI to create your VM with the az vm create command, you can optionally generate SSH public and private key files using the
--generate-ssh-keys
option. The key files are stored in the ~/.ssh directory unless specified otherwise with the --ssh-dest-key-path
option. The --generate-ssh-keys
option will not overwrite existing key files, instead returning an error. In the following command, replace VMname and RGname with your own values:Provide an SSH public key when deploying a VM
To create a Linux VM that uses SSH keys for authentication, specify your SSH public key when creating the VM using the Azure portal, Azure CLI, Azure Resource Manager templates, or other methods:
If you're not familiar with the format of an SSH public key, you can display your public key with the following
cat
command, replacing ~/.ssh/id_rsa.pub
with the path and filename of your own public key file if needed:A typical public key value looks like this example:
If you copy and paste the contents of the public key file to use in the Azure portal or a Resource Manager template, make sure you don't copy any trailing whitespace. To copy a public key in macOS, you can pipe the public key file to
pbcopy
. Similarly in Linux, you can pipe the public key file to programs such as xclip
.The public key that you place on your Linux VM in Azure is by default stored in ~/.ssh/id_rsa.pub, unless you specified a different location when you created the key pair. To use the Azure CLI 2.0 to create your VM with an existing public key, specify the value and optionally the location of this public key using the az vm create command with the
--ssh-key-values
option. In the following command, replace VMname, RGname, and keyFile with your own values:If you want to use multiple SSH keys with your VM, you can enter them in a space-separated list, like this
--ssh-key-values sshkey-desktop.pub sshkey-laptop.pub
.SSH into your VM
With the public key deployed on your Azure VM, and the private key on your local system, SSH into your VM using the IP address or DNS name of your VM. In the following command, replace azureuser and myvm.westus.cloudapp.azure.com with the administrator user name and the fully qualified domain name (or IP address):
If you specified a passphrase when you created your key pair, enter that passphrase when prompted during the login process. The VM is added to your ~/.ssh/known_hosts file, and you won't be asked to connect again until either the public key on your Azure VM changes or the server name is removed from ~/.ssh/known_hosts.
If the VM is using the just-in-time access policy, you need to request access before you can connect to the VM. For more information about the just-in-time policy, see Manage virtual machine access using the just in time policy.
Next steps
- For more information on working with SSH key pairs, see Detailed steps to create and manage SSH key pairs.
- If you have difficulties with SSH connections to Azure VMs, see Troubleshoot SSH connections to an Azure Linux VM.
I largely followed Florin's blog post, but have a few notes to add regarding issues I encountered:
Basic setup notes
- I used a YubiKey 4, while the blog describes using a YubiKey NEO. I'm sure a YubiKey 5 would also work. I'm also running macOS 10.13.6.
- I installed GPGTools as recommended. However, as I'll note later, it seems that
gpg-agent
only automatically starts when gpg is used; for ssh, you'll need to ensure it's running. - Before generating your keys, decide what key size you want to use. If you run the
list
command insidegpg --edit-card
, look for theKey attributes
line to see what is currently selected. On my YubiKey 4, it defaulted to 2048 bits for all keys:
These correspond to the signature key, encryption key, and authentication key. (I believe only the authentication key is used for ssh.)
Running the
key-attr
admin subcommand lets you change these:(Note that the OpenPGP applet only works with RSA, not ECC, so don't choose that.)
- After generating keys,
ssh-add -L
may not initially show anything:
This is because
gpg-agent
changed how it works a few years ago, removing some options such as write-env-file
(per this comment, which Florin's instructions use.To get
gpg-agent
and ssh-agent
to work together, you can use a simplified /.gnupg/gpg-agent.conf
:and then kill any running
gpg-agent
process so that it picks up the new configuration.Since the
.gpg-agent-info
file is no longer created by gpg-agent
, you must also change your .bash_profile
to use the GPG agent ssh socket directly. I also added a line here to ensure that the gpg-agent
is running:(This is taken from @drduh's YubiKey guide.)
After updating this, launch a new shell, and
ssh-add -L
should now show you your public key, and you can follow the rest of the directions provided.Requiring touch
I wanted to require a touch any time I tried to use my YubiKey for ssh authentication to prevent rogue processes from using the key while it's plugged in.
You can use the YubiKey Manager CLI to require this; I installed it via Homebrew.
After installed, use the
ykman openpgp touch
subcommand to configure the touch settings:(Again, you control the three keys separately.)
Mac Generate Ssh Key Github
Problems with certain versions of the YubiKey 4
I attempted to add my SSH public key to my GitHub account and came across this perplexing error:
Key is weak. GitHub recommends using ssh-keygen to generate a RSA key of at least 2048 bits.
Mac Os Generate Ssh Key Github
I'd initially used a 2048-bit RSA key, so using the
key-attr
subcommand I described above, I tried generating a 4096-bit key, but GitHub gave the same error message.Generate Ssh Key Mac Github
After some searching, I came across this issue. Basically, due to a security issue in certain versions of the YubiKey 4 (4.2.6-4.3.4), GitHub rejects keys generated on these YubiKeys as weak. There are basically two workarounds:
- Generate a keypair off of the card and then load it onto the YubiKey.
- Replace the YubiKey with a newer one. Thankfully, Yubico will replace your affected YubiKey 4 for free.
Even more details
@drduh's YubiKey Guide is a great reference, going into even more detail and best practices.