I’ve decided to remove Windows as a web development platform. On Windows, I’ve had to find and install 3rd party software to support features like SSH (Secure Shell), which was a hassle. Instead, I will use Ubuntu on WSL (Windows Subsystem for Linux) and macOS. Because macOS is based on Linux, the pre-built command line utilities are common between the two.
Previously, I provided instructions on configuring SSH key-based authentication on a Windows client, Automate Remote Backup of WordPress Database. While the Windows instructions are mostly the same for macOS and Linux, I’ve decided to update them in this post.
Open a Terminal in macOS or Linux and do the following:
ssh-keygen -t rsa -b 3072 -C "myuser@mydomain.com"
Generating public/private rsa key pair.
# Hit Enter to keep the default file location "~/.ssh/id_rsa"
Enter file in which to save the key (~/.ssh/id_rsa):
Created directory '~/.ssh'.
# Hit Enter twice to keep the default of no passphrase
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/id_rsa.pub
# Copy client public key to the server
# Note: Omit "-P 3333" here and below if using the default TCP port 22
scp -P 3333 ~/.ssh/id_rsa.pub myuser@mydomain.com:~
# Enter yes to continue connecting and then your password
The authenticity of host '[mydomain.com]:3333 ([xxx.xxx.xxx.xxx]:3333)' can't be established.
ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[mydomain.com]:3333,[xxx.xxx.xxx.xxx]:3333' (ECDSA) to the list of known hosts.
myuser@mydomain.com's password:
id_rsa.pub 100% 398 14.1KB/s 00:00
# Secure shell into the server; you will be prompted for password
ssh -p 3333 myuser@mydomain.com
# On the server, create the ~/.ssh directory
mkdir ~/.ssh
# Create authorized_keys file and append the client public key to it
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
# Delete the client public key (no longer needed)
rm ~/id_rsa.pub
# Restrict access to ~/.ssh directory to user only
chmod -R 700 ~/.ssh
# Exit the server's secure shell
exit
# Secure shell into the server again; you won't be prompted for the password
ssh -p 3333 myuser@mydomain.com
After the change above, other SSH utilities like SCP (Secure Copy Protocol), SFTP (SSH File Transfer Protocol), and Rsync (Remote Synchronization) will not require a password.