SSH (Secure Shell) lets you send secure, encrypted commands to a computer remotely, as if you were sitting at the computer.
You use the ssh tool in Terminal to open a command-line connection to a remote computer, and while the connection is open, you enter commands to be performed on the remote computer. You can also use any other application that supports SSH to connect to a computer with OS X Yosemite or OS X Server installed.
Use the ssh tool to create an SSH connection to a remote computer.
Log in to the remote computer by entering the following in a Terminal window:
$ ssh -l username serverReplace username with the name of an administrator user on the remote computer. Replace server with the name or IP address of the remote computer.
For example:
$ ssh -l mariah 10.0.1.2If this is the first time you’re connecting to the remote computer, when prompted to continue connecting after the remote computer’s RSA fingerprint appears, enter yes.
When prompted, enter the user’s password for the remote computer.
The command prompt changes to show that you’re connected to the remote computer. In the previous example, the prompt might look like this: 10.0.1.2:~ mariah$
To send a command to the remote computer, enter the command.
To close the remote connection, enter logout.
You can authenticate and send a command using a single line by appending the command to the basic ssh tool. For example, to delete a file you could enter:
$ ssh -l mariah server1.example.com "rm /Users/mariah/Documents/report"Identity key-based authentication lets you log in to the server without supplying a password.
To set up key-based SSH login authentication, you must generate the keys the two computers will use to establish and validate the identity of each other.
To authorize all users of the computer to have SSH access, you must generate keys for each user account. Run the following commands in Terminal for each user that needs to open key-based SSH sessions.
Open Terminal (located in /Applications/Utilities/).
Verify that an .ssh folder exists in your home folder by entering:
ls -ld ~/.sshIf .ssh is listed in the output, continue to the next step. If .ssh isn’t listed in the output, enter the following and continue to the next step:
mkdir -m 700 ~/.sshChange directories in the shell to the hidden .ssh directory by entering:
cd ~/.sshGenerate the public and private keys by entering:
ssh-keygen -b 2048 -t rsa -f id_rsa -P ''The -b flag sets the length of the keys to 2048-bits, -t indicates to use the RSA hashing algorithm, -f sets the file name as id_rsa, and -P followed by two single-quotation marks sets the private key password to be null. The null private key password allows for automated SSH connections.
Keys are equivalent to passwords, so keep them private and protected.
This creates two files. Your identification or private key is saved in one file (id_rsa in our example) and your public key is saved in the other (id_rsa.pub in our example). The key fingerprint, which is derived cryptographically from the public key value, also appears. This secures the public key.
Set the permissions on the private key so the file can only be changed by the owner by entering:
chmod go-rwx ~/.ssh/id_rsaCopy the public key to the specified user’s home folder on the remote computer by entering:
scp id_rsa.pub username@remotemachine:~Using ssh copy the public key into the authorized_keys file on the remote computer by entering:
ssh username@remotemachine "cat /Users/username/id_rsa.pub >> ~/.ssh/authorized_keys"Delete the id_rsa.pub file from the user’s home folder on the remote computer.
ssh username@remotemachine "rm /Users/username/id_rsa.pub"The next time you log in to the remote computer from the local computer, you won’t need to enter a password. If you need to establish two-way communication between servers, repeat this process on the second computer. This process must be repeated for each user who needs to be able to open a key-based SSH session. This includes the root user, whose home folder on OS X Server is at /var/root/.