Mac Generate Ssh Key For Github

  • Create your SSH keys with the ssh-keygen command from the bash prompt. This command will create a 2048-bit RSA key for use with SSH. This command will create a 2048-bit RSA key for use with SSH. You can give a passphrase for your private key when prompted—this passphrase provides another layer of security for your private key.
  • Dec 20, 2015 Setting up an SSH Public Key for the first time can be tricky. Instructions: - Open up “Terminal.app”. To find it, go to your Applications Folder and open the “Utilities” Folder.

I largely followed Florin's blog post, but have a few notes to add regarding issues I encountered:

Basic setup notes

3 days ago  Tweet If you’re a developer, on devops or a system admin you probably use an SSH key to log into remote servers. I am typically on multiple projects at one time and some organizations require I generate a unique SSH key in order to work with them. I’ve been fortunate until recently that my personal.

  1. I used a YubiKey 4, while the blog describes using a YubiKey NEO. I'm sure a YubiKey 5 would also work. I'm also running macOS 10.13.6.
  2. I installed GPGTools as recommended. However, as I'll note later, it seems that gpg-agent only automatically starts when gpg is used; for ssh, you'll need to ensure it's running.
  3. Before generating your keys, decide what key size you want to use. If you run the list command inside gpg --edit-card, look for the Key attributes line to see what is currently selected. On my YubiKey 4, it defaulted to 2048 bits for all keys:

These correspond to the signature key, encryption key, and authentication key. (I believe only the authentication key is used for ssh.)

Running the key-attr admin subcommand lets you change these:

(Note that the OpenPGP applet only works with RSA, not ECC, so don't choose that.)

  1. After generating keys, ssh-add -L may not initially show anything:

This is because gpg-agent changed how it works a few years ago, removing some options such as write-env-file (per this comment, which Florin's instructions use.

Get

To get gpg-agent and ssh-agent to work together, you can use a simplified /.gnupg/gpg-agent.conf:

and then kill any running gpg-agent process so that it picks up the new configuration.

Since the .gpg-agent-info file is no longer created by gpg-agent, you must also change your .bash_profile to use the GPG agent ssh socket directly. I also added a line here to ensure that the gpg-agent is running:

(This is taken from @drduh's YubiKey guide.)

After updating this, launch a new shell, and ssh-add -L should now show you your public key, and you can follow the rest of the directions provided.

Requiring touch

I wanted to require a touch any time I tried to use my YubiKey for ssh authentication to prevent rogue processes from using the key while it's plugged in.

You can use the YubiKey Manager CLI to require this; I installed it via Homebrew.

Github

After installed, use the ykman openpgp touch subcommand to configure the touch settings:

(Again, you control the three keys separately.)

Problems with certain versions of the YubiKey 4

I attempted to add my SSH public key to my GitHub account and came across this perplexing error:

Key is weak. GitHub recommends using ssh-keygen to generate a RSA key of at least 2048 bits.

I'd initially used a 2048-bit RSA key, so using the key-attr subcommand I described above, I tried generating a 4096-bit key, but GitHub gave the same error message.

After some searching, I came across this issue. Basically, due to a security issue in certain versions of the YubiKey 4 (4.2.6-4.3.4), GitHub rejects keys generated on these YubiKeys as weak. There are basically two workarounds:

  1. Generate a keypair off of the card and then load it onto the YubiKey.
  2. Replace the YubiKey with a newer one. Thankfully, Yubico will replace your affected YubiKey 4 for free.

Even more details

@drduh's YubiKey Guide is a great reference, going into even more detail and best practices.

Hi there! This post will be pretty straightforward and will cover Windows, Mac, and Linux, so if you don’t know how to do it already, read on.

Windows

Just follow these 5 steps:

  1. Go to this address, and download Git for Windows, after the download install it with default settings
  2. Open Git Bash that you just installed (Start->All Programs->Git->Git Bash)
  3. Type in the following: ssh-keygen -t rsa (when prompted, enter password, key name can stay the same)
  4. Open file your_home_directory/.ssh/id_rsa.pub with your favorite text editor, and copy contents to your Git repository’s keys field (GitHub, beanstalk, or any other repository provider), under your account.
  5. Be sure that you don’t copy any whitespace while copying public key’s content (id_rsa.pub)

Note: your_home_directory is either C:Usersyour_username (on Windows Vista / 7 / 8 / 10), or C:Documents and Settingsyour_username (on Windows XP)

Mac

Follow these 5 steps:

  1. Start the terminal
  2. Navigate to your home directory by typing: cd ~/
  3. Execute the following command: ssh-keygen -t rsa (when prompted, enter password, key name can stay the same)
  4. Open the file you’ve just created ~/.ssh/id_rsa.pub with your favorite text editor, and copy contents to your Git repository’s keys field (GitHub, beanstalk, or any other repository provider), under your account.
  5. Be sure that you don’t copy any whitespace while copying public key’s content (id_rsa.pub)

Mac Generate Ssh Key For Github Download

Linux (Ubuntu)

Follow these 5 steps:

  1. Open console
  2. cd ~
  3. ssh-keygen -t rsa (when prompted, enter password, key name can stay the same)
  4. open file /home/your_username/.ssh/id_rsa.pub with your favorite text editor, and copy contents to your Git repository’s keys field (GitHub, beanstalk, or any other repository provider), under your account.
  5. Be sure that you don’t copy any whitespace while copying public key’s content (id_rsa.pub)

Generate Ssh Key Github Windows

Additional info

When you create private/public SSH keys on your machine (that’s what you did in the above steps), it’s not enough. You need to give your public key to the repository in order to pair the Git server with your local machine (that’d be steps 4. and 5. above).

Most of the popular repositories will give you web interface access to the application, and here’s how it looks like on Github:
After this step, you’re ready to start using Git.

Conclusion

I hope this wasn’t too complicated to follow, and also I hope it was helpful to someone!

/import-private-key-to-generate-csr.html. Cheers!

____________________________________________________________________________________________

Generate Ssh Key Windows

Note! This article was revised on Jul 26, 2019. The original article was posted in 2011 by Mladen Lotar.