Shortcuts to SSH

James told me to do this:

ssh-keygen -t rsa -b 2048

Then just hit enter a bunch of times when it prompts for a path and an optional passphrase.

And then after that

scp ~/.ssh/*.pub daniweb@1.2.3.4:~/.ssh/authorized_keys

And then enter the remote server's password.

And then I modified the hosts file so I can use friendly hostnames instead of the IP.

Now I can do ssh daniweb@webserver and it doesn't prompt me for a password ... but to be honest I have absolutely no clue what either of those commands did. What did I do?

The ssh-keygen command generates keys for ssh, these are stored into your profile, under the ~/.ssh/ directory. Through scp you are copying your local ~/.ssh/*.pub files (the public keys) into the ~/.ssh/autorized_keys file of your remote home directory account, i.e. into daniweb@1.2.3.4

To get information about the commands simply prepend man command:

man ssh-keygen
man scp

It returns the documentation for the commands. By using this approach, only trusted keys will be allowed to connect the host and you can disable the SSH password access, avoiding brute-force attacks.

By using this approach, only trusted keys will be allowed to connect the host and you can disable the SSH password access

But my Windows machine is easily able to connect by using the PuTTY shortcut which doesn't require me to manually enter a password each time.

Are you saying that with this approach the password is stored server-side only for when my Mac wants to connect?

No, the password is not anymore involved. You could change the password for the daniweb@1.2.3.4 account and still be able to access without altering the key, because SSH is going to use another authentication method (via asymmetric cryptography). See:

• https://debian-administration.org/article/530/SSH_with_authentication_key_instead_of_password

For example: if you have 10 servers to connect, by copying the public key on each, you won't need to remember the password of each host. The same key will give you the access everywhere.

Instead, the equivalent of your Windows command, in *nix environments is a script like this:

#!/usr/bin/env bash
sshpass -f <(printf '%s\n' YOUR_PASSWORD) ssh daniweb@1.2.3.4

To execute ./dani.sh. But it requires sshpass, which on Mac is available through HomeBrew: https://brew.sh/

Here's how I'd do it (and have done it for years). It's the canonical, accepted answer for Linux too.

The SSH program has support for 'shortcuts' built in, you simply need to add the hostnames (or aliases) in your ~/.ssh/config file.

So, in my config file, if I have the following entry:

# Github
host github
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_work

Then, on the command line I simply type ssh git and hit tab a couple of times, and all of the entries that start with git automatically appear for selection/autocompletion:

Note that in the config file I'm specifying which private key (IdentityFile) to use for that host, SSH will use this whenever connecting to this specified host. Previous commenters have already gone through how to set up key pairs; this is definitely the best and most secure way of connecting to remote machines. Ideally you should turn off password based login and rely entirely on a key pair.

If you really want desktop shortcusts, just create a bash script (and make sure it's executable) with the .command suffix. However, with nice tab completion on the command line it's quicker and easier (imho) to just use the built-in command.

Edit: here are Digital Ocean's instructions for setting up SSH keys. They are very thorough and generic enough to use anywhere.