Creating a simple public/private keypair, such as through ssh-keygen does not create a file I can import into Keychain Access. Does anyone know how to create a new keypair for iPhone development?

1. Mac Os X Generate New Public Key System
2. Mac Os X Generate Ssh Key Pair
3. Mac Os X Generate New Public Key Windows
4. Mac Os X Download
5. Mac Os X Generate Ssh Key
6. Mac Os X Generate New Public Key File
7. Mac Os X Generate New Public Key Search

• You can choose to either Generate a new key, or Import an existing key. Generate New Key. To generate a new key, tap the + button on the Keys pane of Coda’s settings and choose Generate New Key. Choose a descriptive name for your key, and optionally set a passphrase. Choose your key type, and size. Then tap “Generate” to create your keypair.
• Aug 03, 2009 I've recently upgraded our web server and wanted to export the SSL certs from our old one to our new one. When I tried to export the certs and keys (as.p12 files) from our old server it kept asking me for a password. No matter which password I put in (including no password) it said that I had.

This is a brief guide to creating a public/private key pair that can be used for OpenSSL.While the 'easy' version will work, I find it convenient to generate a single PEM bundleand then export the private/public key from that as needed. This document also covers howto add and remove a password from your private key and how to make sure that keychainwill automatically unlock it when you sign in.

Just make it work

Generate an ssh key-pair:

If you just pound enter through the setup procedure then you will end up with a new keypair created in the default location: /Users/yourname/.ssh/. There will be two files:

• id_rsa This is your private key, you must keep it secret and never allow anybodyelse to gain control of it. Treat this key like a password, keep it safe and makea backup copy. You can add it to keychain using ssh-add -K ~/.ssh/id_rsa.

• id_rsa.pub This is your public key, you can share it freely. This part of the keyis used during authentication to encode a message which can only be decoded with theprivate key. It cannot be used to derive the private key so there is no risk insharing it.

When a server administrator asks for a copy of your public key, send them a copy of theid_rsa.pub file. They'll be able to add it to your user account's list of authorizedkeys and that will enable you to log in without typing a password.

Doing it the hard way

This method involves creating the keys as a bundle, exporting the public key andmanually setting the permssions on all of the paths. You'll also have to configureOpenSSH to use your new bundle for authentication.

A summary of the steps follows:

Rational

I prefer to generate a certificate using OpenSSL directly, then export the private orpublic-key in the necessary format as needed. The benefits to this appraoch are three-fold:

1. This is a process similar to the one you'd use to generate certificates used forother tasks like S/MIME or to become part of a signed certificate for HTTPS.
2. There is a single certificate file from which you can derive the private or publickey in whichever format you need. It's much easier to manage one key than two, oreven several if you require the key in different formats.
3. You gain control over the key length, encryption method, and algorithm so that youcan consciously decide to use weaker keys for old/slow hardware (e.g. the RaspberryPi media server in your closet) and strong but slower keys where appropriate.

Default software and Mac OS X

In order to generate the key I prefer to use OpenSSL directly rather than the ssh-keygen tool.While it is possible to provide flags to ssh-keygen using OpenSSL gives us access to optionsthat are not avaiable in the standard Mac OS X version of SSH but doesn't require us to buildthe SSH client from scratch.

Update OpenSSL

Unfortunately the version of OpenSSL that ships with Mac OS x is rather dated and so it'smissing some of the features of the latest versions. One of those features is the genpkeycommand which is the new recommended way to generate keys. Assuming you have Homebrewinstalled (see: https://brew.sh) you can install an up-to-date version of OpenSSL with:

Many packages that you install with homebrew are likely to depend on OpenSSL anyway so thisis not a terrible idea even if you don't care about using OpenSSL directly.

Updating OpenSSH

If you're interested in rebuilding openssh you should link against LibreSSL sothat passwords can be installed in your keychain.

This is a relatively new option and caution should be taken because compatibilitymay not be perfect. LibreSSL is not intended to be a 1:1 replacement for OpenSSL.

It appears that just building OpenSSH will not have it request key information fromthe Mac OS X keychain, nor will it automatically start SSH-Agent so there may besome trouble-shooting steps required if you prefer to go this path. I do not builda new version of SSH.

Creating directories

OpenSSH requires that keys be stored in ~/.ssh and that path must be restrictedso that only the user can access it. It also requires that any identify files beaccessible only by the user too. Permssions for ~/.ssh/config can be more relaxedbut it is good practice to keep those private so as not to leak inforamtion aboutuser names or servers you connect to.

Create the directories by running: /command-and-conquer-red-alert-3-generated-key.html.

While this will create the directory you will have to modify the default permissions.Read/write/execute for the owner and no access for any other user is required. Recall,the execute flag on a directory allows you to view its content.

You might want to create an empty ssh config file and set appropriatepermissions so that you don't have to remember how to do it later whenthere's some problem and you are half-asleep, drunk, and responding to aPagerDuty alert.

You can save a few copy steps if you're following this guide by changinginto your ssh path for the remaining steps:

Generating keys

The first step to generating keys is to create the bundle using OpenSSL. Thisapproach allows us to specify a few extra options when creating keys that arenormally hidden by ssh-keygen:

The options: are

• genpkey is the new command for generating keys, it supercedes the oldgenrsa method. Mac OS X's default OpenSSL does not have this command sobuilding your own version is required.

• -algorith rsa uses the RSA algorithm for the key and is recommended formaximum compatibility. Other options include ECDSA, which is lesscomputationally intensive on very low-end hardware (e.g. 50 MHz ARM) andDH which has characteristics similar to RSA but is rarely used.

• -aes-256-cbc is the cypher used to encrypt the bundle and causes the userto be prompted for a password. There are a number of available ciphers butAES-256-cbc is among the stronger options available and widely used too.

• -outform PEM there are several output formats that you can use but PEM iswidely used by open source software and tends to be the best supported. Theformat is also nicely encoded so that you can debug with any text editor andhas the advantage of bundling the public and private key into a single filewhich makes them easier to move around. You can always output the public orprivate key from a PEM bundle that contains both.

• -pkey_opt … can be specified multiple times and supplies options to thegeneration function. This can be specified multiple times to suplly severaloptions

  • rsa_keygen_bits:4096 sets the length of the keys produced. 1024 bits isgenerally considered the absolute minimum for secure communication todaythough there is some concern that they will be broken for well-fundedattackers in the near future so 2048 bits is recommended where possible.Longer keys provide greater security however there is diminishing returnsas key length increases. Also, increasing the key length also increasescomputational costs exponentially (by the cube of the change, so 2048 is8x more demanding than 1024-bit). You may want to use smaller keys forslower hardware or if you find yourself frequently reconnecting due to badconnections during a session for better performance.

• -out yourname.pem defines the output file for your bundle. You should storea copy of this certificate in ~/.ssh so that it can be used to authenticatessh sessions. The file must not be accessible to other users on the system soset the permissions accordingly. You should also store the file and thepassword somewhere safe (like in your password vault or on a USB drive in asafe deposit box).

When generating the key you will be prompted for a password. Make sure to use a verystrong, unique, random password for this file. You won't have to type it in regularlyso generate it with your password vault. In a pinch you can generate a random passwordusing OpenSSL via: openssl rand -base64 48.

When the bundle has been generated, copy it to your~/.ssh folder and change itspermissions accordingly:

Mac Os X Generate New Public Key System

I prefer to make the bundle read-only for my user so I never accidentally edit it orstrip the password. chmod 0600 ~/.ssh/yourname.pem would also work if you don't mindit being editable by your user.

Extracting the public key

You'll want to be able to send the public key to other people and leave it on othercomputers without risking your private key. The easiest way to export your publickey is using the ssh-keygen method which prints it to standard out.

You can always redirect that to a file if you want to send it via email or copy itvia SFTP. Generally I prefer not to keep a copy of my public keys on disk so that I amjustified in always treating ~/.ssh as a secret.

Configuring OpenSSH

Remember to either edit your ~/.ssh/config to specify this bundle as the defaultidentify file by adding the line:

Alternatively you can specify it on a host-by-host basis by using ssh command-lineoptions: ssh -i ~/.ssh/yourname.pem example.com -l someuser. When you areprompted for a password, remember that you should enter the one used when creatingthe bundle, not the log-in password for your computer or the remote system you areconnecting to.

Finally, you should consider adding the key to your Mac OX X keychain using:

This will store the password in the login Keychain which is unlocked automaticallywhenever you sign in. Storing your password this way means you won't have to re-typethe password you used when creating the bundle in order to use it.

Using ssh -i ~/.ssh/yourname.pem foo.example.com will also add your key to Keychain.

Public Keys and Github.com

It's a good idea to add your public key to github.com so that you can pull from privaterepositories and push changes to your public repositories. You can do this at:

Once you've uploaded your public key, other users can download it by going to

For example, my public key is located here: https://github.com/colinstein.keys

You may want to create different key-pairs for different repositories or organizationsand then use ~/.ssh/config and local .gitconfig files ot manage those relationships.

After generating keys in the above manner for each github account you can configuressh by editing ~/.ssh/config and adding entries like the following for each account:

When cloing a repository you would then clone from the appropriate host:

You can also edit the existing git remote by editing the .gitconfig insidethe checked out repository:

Git also provides a number of ways to configure SSH via git config andgit remote add foo git@github.com-foo:somegithubuser/somerepo.git. A fullrun through of those options is well outside the scope of this gist.

In the following article, we’re going to run through the process of creating a public/private SSH key-pair in OS X 10.9.

Once this is done, we’ll configure our GitHub account to use the public key, create a new repository and finally pull this repository down onto our machine via SSH.

Before setting up an SSH key on our system we first need to install GIT. If you’ve already installed GIT please proceed to the next section - otherwise lets get started.

Installation and configuration of GIT

To install GIT on Mac OS X 10.9, please navigate to the following URL (http://git-scm.com/downloads) and click the “Download for Mac” button.

Fig 1: Download options available at http://git-scm.com/downloads.

Once the *.dmg file has downloaded, double-click the file to mount it and in the new finder window that pops up, double-click on the file “git-1.9.2-intel-universal-snow-leopard.pkg” (the file will have likely changed name somewhat by the time you read this article, but aside from the version number, it should still be quite similar).

If you get the error highlighted in “Fig 2” when trying to open the file simply right-click on the *.pkg file and click “Open”. You should then see a new dialogue window similar to the one displayed in “Fig 3”, which will allow you to continue on to the installation process.

Fig 2: The error an end-user will see when trying to open a non-identified file if the “Allow apps downloaded from” section of “Security & Privacy” is set to “Mac App Store and identified developers” within “System Preferences”.

Fig 3: When right-clicking the *.pkg file and clicking “Open” the end-user is given a soft warning but now, unlike “Fig 2” we're able to bypass this dialogue by clicking “Open”.

The installation process for Git is fairly self explanatory, so I won’t go into too much detail - In a nutshell you will be asked to install Git for all users of the computer (I suggest leaving this at it’s default value) and you’ll be asked if you want to change the location of the installer (unless you have good reason to change the Git install location this should be left to the default value).

Finally, as part of the installation process you’ll be prompted to enter your system password to allow the installer to continue as shown in - type your password and click “Install Software”. If all goes well at the end of the installation process you should see the message “The installation was successful.”. At this stage you can click “Close” to close the installer.

Fig 4: Prior to installation, the GIT installer will require you to enter your system password to allow it to write files to the specified locations.

After the Git installation process we need to open a new instance of the Terminal application. This can be accomplished by opening the finder, clicking the “Applications” shortcut in the sidebar, scrolling to the bottom of the applications listing in the main window, double-clicking “Utilities” and finally double-clicking on “Terminal”.

Pro tip: A much quicker way of accessing the Terminal is by pressing “Cmd+Space” to bring up Spotlight, typing “Terminal” and hitting the enter key. Once you become familiar with Spotlight it becomes indispensable!

Once the Terminal window is open, type “git --version” and hit enter. If you’re running a fresh install of Mac OS X 10.9 at this stage you will likely be shown a message telling you that Developer Tools was not found and a popup will appear requesting that you install the tools. Click “Install” on the first dialogue window and when the next popup is displayed, click “Agree”.

Fig 5: The message most users will receive with a fresh install of OS X 10.9 when typing “git --version” into the terminal.

After the installation of Developer Tools, restart the Terminal application and type the command “git --version” followed by hitting enter. This time you should see the version number of the Git application installed.

Fig 6: Terminal displaying the version number of the installed Git application.

Finally, for the installation and configuration of Git we’re going to configure some user-level settings (specifically your name and email address). These configuration settings will be stored in your home directory in a file named “.gitconfig”.

To configure these settings type the following into the terminal (replacing my name and email address with your own obviously!).

git config --global user.name “Craig Perks”

git config --global user.email “c.perks@test.com”

Once done, type “git config --list' and you should see a list of user configuration settings analogous to those shown in “Fig 7”.

Fig 7: A Terminal instance showing the configuration settings for the logged-in user.

Now that we have Git successfully installed, in the next section, let’s create our public/private key-pair and add them to our GitHub account.

Creating an SSH public/private key-pair!

In the Terminal, let’s ensure we’re in our home directory. We can navigate to it by typing the following command in the Terminal:

cd ~/

From here we want to create a folder to store our SSH keys in. My preference here is to store them in a hidden folder called ‘ssh’.

Pro tip: By prefixing a folder or a file name with a dot the you’re essentially saying to the system “Hide this” by default.

To create our SSH directory, type the following command into the Terminal window: mkdir .ssh Next, type the command “cd .ssh“ and hit enter followed by command “pwd”. At this point you should see that you’ve now successfully navigated into the “ssh” folder.

Fig 8: By typing “pwd” into the Terminal we’re shown a literal path to our present working directory, which as displayed is /Users//.ssh.

Now, let’s create our public/private key-pair. Type “ssh-keygen” into the Terminal and hit enter. At this point you’ll be asked to enter a name for your public/private key-pair. This name can be anything, but for this tutorial, I’ll use my first name with a suffix of _rsa.

Fig 9: Creation of a public/private key-pair with the name “craig_rsa.pub/craig_rsa”.

The creation of a passphrase is an optional step, but a recommended one. Enter a passphrase (a short password of your choosing), hit enter and enter the same passphrase again. One your public/private key-pair has been generated, you’ll see a message similar to the one highlighted in “Fig 10”.

Fig 10: The message shown to an end-user upon successful creation of a public/private key-pair.

Now we have a public/private key-pair, we want to add our newly created key to the ssh-agent. This can be achieved by typing the following command (remembering to amend the private key file name with your own file):

ssh-add -K ~/.ssh/craig_rsa

If you created a passphrase in the previous step, you’ll be prompted to enter your passphrase now. If you successfully add your key to the agent you’ll see a message similar to the following “Identity added: /Users/craigperks/.ssh/craig_rsa (/Users/craigperks/.ssh/craig_rsa)”.

Once your key is added to the ssh-agent, type the command “ssh-add -l” into the Terminal and you’ll see it displayed in the list of known keys.

Fig 11: Our newly created key listed in the ssh-agent.

Mac Os X Generate Ssh Key Pair

Now we have our public/private key-pair successfully created, let’s add our public key to our GitHub account, create a repository and clone the repository.

Creating a repository on GitHub and cloning this onto our machine.

I’m not going to go through the GitHub registration in this guide. If you haven’t already done so, register an account on http://github.com and log-in.

Before we do anything on the GitHub website, we want to copy our public key. To do so, type the following command in the Terminal window (again substituting “craig_rsa” for whatever name you decided to give your key-pair”): pbcopy < ~/.ssh/craig_rsa.pub

Once done, navigate over to GitHub and click the “Account Settings” icon in the toolbar as pictured.

Fig 12: The “Account Settings” icon as shown to logged-in GitHub users.

On the “Account Settings” page “SSH keys” should be listed in the left-hand sidebar. Click it and on the next page that loads click “Add SSH key”.

Mac Os X Generate New Public Key Windows

Fig 13: The “Add SSH key” button, which allows you to add public keys to your GitHub account.

On the next page, give your key a name and paste the contents of your key (that we previously copied with the pbcopy command) into the “Key” field.

Note: Although I’m showing the contents of a public key here, it’s a dummy key and will be deleted upon completion of this guide. You should only share your public key with trusted sources.

Fig 14: Form displayed to GitHub account holders when adding a new key to the site.

Now we have our public key loaded into Git, let’s create a new repository, by clicking the “+” icon displayed next to our username (located in the top-right of the toolbar when logged in). From the menu that pops-up, click “New repository” and you’ll be directed to https://github.com/new.

From here, give the repository a name of “test” and ensure “Initialize this repository with a README” is checked.

Fig 15: Page displayed to GitHub account holders when creating a new repository.

Finally click the “Create repository” button.

In the right-hand sidebar that is displayed on your newly created repository, “SSH clone URL” should be visible.

Mac Os X Download

Fig 16: SSH clone URL link, which allows users to clone the Git repository.

Mac Os X Generate Ssh Key

Click the “copy to clipboard” icon under “SSH clone URL” and return to the Terminal application.

Type the command “cd ~/Desktop” into the Terminal window and hit enter. Now that we’re in the Desktop folder in the Terminal type the command “mkdir git” and hit enter. If you go to your Mac OS X desktop at this point you’ll see that a folder called “git” has been created.

Back in the Terminal window type “cd git” to move into this directory. Finally type “git clone” followed by pasting the code copied from the GitHub repository “SSH clone URL” into the Terminal window (for me this would be: git clone git@github.com:craigweb/test.git). Hit enter when you’re ready and the repository will begin to clone.

If you’ve never cloned a repository from GitHub before, you may receive the message “The authenticity of the host ‘github.com (192.30.252.129)’ can’t be established” to continue type “yes” and hit enter and GitHub.com will be added to the list of known hosts.

Finally once the cloning is complete, type “cd test” to navigate into the newly created repository directory and finally type “ls -la” to display a listing of the folder (including hidden files).

Mac Os X Generate New Public Key File

If you see README.md listed, you’ve just successfully cloned your Git repository!!

Fig 17: Our successfully cloned Git repository displaying its contents.

--

Mac Os X Generate New Public Key Search

If you spot an error in this tutorial, or have any questions, please feel free to get in touch with me on Twitter at @craigperks.