40m QIL Cryo_Lab CTN SUS_Lab TCS_Lab OMC_Lab CRIME_Lab FEA ENG_Labs OptContFac Mariner WBEEShop
  PSL  Not logged in ELOG logo
Entry  Thu Aug 17 16:43:35 2017, awade, HowTo, Computers, Generating public-private keypairs for ssh sessions 
    Reply  Tue Aug 29 22:44:11 2017, Craig, HowTo, Computers, Generating public-private keypairs for ssh sessions 
Message ID: 1866     Entry time: Thu Aug 17 16:43:35 2017     Reply to this: 1886
Author: awade 
Type: HowTo 
Category: Computers 
Subject: Generating public-private keypairs for ssh sessions 

Criag didn't have this configured for gitlab/github or any other computers. Having a public/private ssh key-pair is usefull for accessing machines and services securly without needing a password, plaintext or otherwise.  Here is a recipe for generating a public-private keypair that can be used with gitlab, github etc.  The public key is pasted into the remote service (aka github) and forms the basis for a good secure communication and simplifies pulling and pushing.


cd ~/.ssh/
ssh-keygen -t rsa -b 4096 -C “label”

Where label = is some label to help you remember what service/computer it corresponds to. I use the format "usr:service" or “email@address” to identify which git or computer I’m keypaired with.

When prompted give name “id_rsa_namehere" and password.  Then copy the public part of the key to your clipboard

pbcopy <~/.ssh/id_rsa_namehere.pub
(case using linux)
xclip ~/.ssh/id_rsa_namehere.pub

Pastes clipboard to remote service, i.e. github, gitlab, other computer etc. (You can find a place to paste ssh keys in the settings/security tab of these services)

Now Add private key (the non .pub file) to local Mac keychain

ssh-add -K id_rsa_namehere

Finally test to see if it works with an ssh test

ssh -T git@github.com (or other user@website relevant combination)


Detailed instructions/explanation:

Generating a key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com”

-C flag stands for comment, can be used to label what the ssh key is used for. Best to use an email or somthing you will remember.

If you hit enter you get a default name. But is best to give a unique name. Once you have a few different keys it can be  hard to tell what is what. Choose something like ‘id_rsa_github' if it is used for github etc.  File will be saved to .ssh/id_rsa* which is where you want it. [Here an below * indicates wildcard if you have changed the name]

It will also ask for a password, this is a good idea.

You need to add the key to the active ssh-agent service (change id_rsa if you named it something different). To add to your mac’s keychain (so that it can be loaded automatically on terminal session start) do the following:

ssh-add -K ~/.ssh/id_rsa*

where id_rsa*  is the name you gave your key file (note: this is the private part of the key-pair, do not store this in any public location. If you find it any publicly location, purge it and start again)

Add the following to your .bash_profile or .bashrc config files located at ~

cd ~
ssh-add -A

You may need system/user password

Now when you start terminal it will load all the key’s you’ve added.  If keychain is not open it will prompt for your keychain passwords.


There will be two files generated from ssh-keygen, your private key id_rsa* and your public key id_rsa*.pub.  Make sure you only give the public key to the remote machine/service. If you accidentally reveal through ANY plaintext communication then burn it and run ssh-keygen to make a new one.

Setting up remote git/computer:

Copy the public key to clipboard:

pbcopy < ~/.ssh/id_rsa*.pub

and paste to remote computer/website.

Then test it using something like

ssh -T git@github.com

replace server username and address with whatever you are adding your ssh key to

Note: purge clipboard if it stores a history.

You now have a public/private key pair for secure communications.  Use it for github or ssh into machines that you use very frequently.  It is as secure as your local machine.

Some other things

To see what saved keys you have try

ssh-add -l

To delete all cached keys

ssh-add -D


ELOG V3.1.3-