SSH Keys Apple macOS

5 minute read

SSH Keys on macOS

What are SSH Keys?

SSH (Secure Shell) keys are an access credential that is used in the SSH protocol.

The private key (ie. id_rsa) remains on the system being used to access the HPCC cluster and is used to decrypt information that is exchanged in the transfer between the HPCC cluster and your system.

A public key (ie. id_rsa.pub) is used to encrypt information, and is stored on the cluster. The authorized keys file that is stored on the HPCC cluster (ie. ~/.ssh/authorized_keys) contains one or more public keys (ie. id_rsa.pub).

Why do you need SSH Keys?

HPCC supports two authentication methods; Password+DUO and SSH Keys. The Password+DUO method requires a UCR NetID, if you do not have one then you will need to use SSH keys in order to access the HPCC cluster.

Creating SSH Keys from the Command-line

By far the easiest way to create SSH keys on macOS systems is from the command-line following the instructions here. Users who prefer to do this in a graphical user interface can follow the instructions below.

GUI-based SSH Key Creation

Filezilla

You will need to install Filezilla in order to transfer the public SSH key to the HPCC cluster.

  1. Download the Filezilla Client for Mac OS X here.
    • Make sure your Mac OS X system is updated to the latest version.
  2. Follow the install wizard to complete the install of Filezilla.

Sourcetree

You will need to install Sourcetree in order to generate your SSH keys (or use the command line method mentioned here.

  1. Download Sourcetree from here
  2. Click on Download for Mac OS X
  3. Install Sourcetree

Create SSH Keys (Sourcetree)

  1. Open the Sourcetree application and under the top Sourcetree menu click on the Preferences... sub-menu item.

    fig0

  2. Navigate to Accounts category and click on Add....

    fig0

  3. Click on Auth Type: and change the drop down menu from OAuth to Basic. Make sure Protocol: is set to SSH in the drop down menu.

    fig0

  4. Enter id_rsa in the Username field.

    fig0

  5. Click the Generate Key button.

    fig1

  6. Press Cancel to exit out of the window.

SSH Keys Location

By default, your key files are created in the path: /Users/macOSUsername/.ssh/.

To verify that the keys were created, do the following:

  1. Open a new finder window. Click on your home directory on the left side pane.

    fig1

  2. Press the 3-button combo Command+Shift+. together (visualized below) to see hidden folders:

    fig1

  3. You will now be able to see your .ssh folder, open it by double-clicking.

    fig1

  4. You should see your newly generated pair of SSH key files in the folder.

    fig1

  5. Sourcetree adds the -Bitbucket to the end of the SSH key file names. Remove this by clicking on the file you want to rename and press the Enter key which allows us to rename the file before the extension.

    fig1

  6. After you have removed the -Bitbucket suffix from each of the SSH key file names, your new SSH key file names should be id_rsa and id_rsa.pub.

    fig1

Configure SSH Keys

Public SSH Key

Now that you have created your SSH keys, and renamed them, you will need to place your public key (id_rsa.pub) on the cluster.

If you do not have a UCR NetID, or prefer not to use Password+DUO authentication, then email your public key (id_rsa.pub) to support and skip to Private SSH Key. If you already have configured Password+DUO authentication, then proceed with the following:

  1. Start the Filezilla application.

  2. Open Site Manager window by clicking the upper left most button in the top bar of icons.

    fig60

  3. Click on New Site, which will unlock the fields to the right.

    fig54

  4. From the newly unlocked fields in the General tab, fill in the following:

    • Protocol: SFTP - SSH File Transfer Protocol
    • Host: cluster.hpcc.ucr.edu
    • Logon Type: Interactive
    • User: Your HPCC Username

    new_site_general

  5. When using Password+DUO authentication, you must also set the maximum number of connections. Navigate to the Transfer Settings tab and set the following:

    • Limit Number of simultaneous connections: checked
    • Maximum number of connections: 1

    Then click on Connect.

    new_site_transfer

  6. If a pop up prompts you to save your password, select the Save passwords option, then click the OK button.

  7. Then enter in your password for the cluster, and click OK.

    fig

  8. If the next pop up prompts you, then check the box that states Always trust this host, add this key to the cache, then click the OK button.

    fig8

  9. You should now see the DUO authentication dialog, ensure your User is correct then enter the number for the preferred option from the list presented, then click OK.

    fig8

  10. Now that you are connected with Filezilla, transfer your public SSH key from your MacOS system by dragging the file /Users/macOSUsername/.ssh/id_rsa.pub and dropping it into the HPCC cluster direcotry /rhome/username/.ssh/.

    fig10

If the /rhome/username/.ssh/ directory does not exits, create it.

  1. Once the id_rsa.pub file is transferred to the cluster, be sure to rename it to authorized_keys.

Private SSH Key

Once your public key is in place, now you can configure Filezilla to use your private SSH key and connect to the cluster through the cluster.hpcc.ucr.edu server.

  1. Start the Filezilla application

  2. Open Site Manager window by clicking the button in the top bar of icons.

    fig3

  3. Click on New Site, rename it (optional) and press enter.

    fig3

  4. Fill in the following fields from the General tab:

    • Protocol: SFTP - SSH File Transfer Protocol
    • Host: cluster.hpcc.ucr.edu
    • Logon Type: Key file
    • User: Your HPCC username
    • Key file: /Users/macOSUsername/.ssh/id_rsa

    Be sure to select the previously created private key (/Users/macOSUsername/.ssh/id_rsa) for the Key file field using the Browse... button.

    fig4

  5. Navigate to the folder you saved your key file in (default location is /Users/macOSUsername/.ssh) and open the private key file id_rsa.

    fig4

  6. You should see the added keyfile in the Key file: box, then click Connect.

    fig5

    Subsequnt connections can be done from the Quickconnect history by clicking on the down arrow to the right side of the Quickconnect button.

    fig5

  7. Remember to select the cluster.hpcc.ucr.edu address.

    fig5

  8. Transfer files by double clicking or drag-n-drop. For more details regarding file transfers vist Filezilla Usage.

Last modified February 2, 2024: Update sshkeys_macos.md (06d26616e)