I’ve decided to remove Windows as a web development platform. On Windows, I’ve had to find and install 3rd party software to support features like SSH (Secure Shell), which was a hassle. Instead, I will use Ubuntu on WSL (Windows Subsystem for Linux) and macOS. Because macOS is based on Linux, the pre-built command line utilities are common between the two.
Previously, I provided instructions on configuring SSH key-based authentication on a Windows client, Automate Remote Backup of WordPress Database. While the Windows instructions are mostly the same for macOS and Linux, I’ve decided to update them in this post.
Create Private and Public Key Pair
Open a Terminal in macOS or Linux and do the following:
ssh-keygen -t rsa -b 3072 -C "myuser@mydomain.com"
Generating public/private rsa key pair.
# Hit Enter to keep the default file location "~/.ssh/id_rsa"
Enter file in which to save the key (~/.ssh/id_rsa):
Created directory '~/.ssh'.
# Hit Enter twice to keep the default of no passphrase
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/id_rsa.pub
Copy Public Key To Server
Open a Terminal in macOS or Linux and do the following:
# Note: Omit "-P 3333" here and below if using the default TCP port 22
scp -P 3333 ~/.ssh/id_rsa.pub myuser@mydomain.com:~
# Enter yes to continue connecting and then your password
The authenticity of host '[mydomain.com]:3333 ([xxx.xxx.xxx.xxx]:3333)' can't be established.
ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[mydomain.com]:3333,[xxx.xxx.xxx.xxx]:3333' (ECDSA) to the list of known hosts.
myuser@mydomain.com's password:
id_rsa.pub 100% 398 14.1KB/s 00:00
# Secure shell into the server; you will be prompted for password
ssh -p 3333 myuser@mydomain.com
# On the server, create the ~/.ssh directory
mkdir ~/.ssh
# Append client public key to authorized_keys (create the file if necessary)
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
# Delete the client public key (no longer needed)
rm ~/id_rsa.pub
# Restrict access to ~/.ssh directory to user only
chmod -R 700 ~/.ssh
# Exit the server's secure shell
exit
# Secure shell into the server again; you won't be prompted for the password
ssh -p 3333 myuser@mydomain.com
After the changes above, other SSH utilities like SCP (Secure Copy Protocol), SFTP (SSH File Transfer Protocol), and Rsync (Remote Synchronization) will not require a password.
Default Client to Custom Port
If you have configured your server to use a custom SSH port number and are tired of having to input it, you can configure the client to use the custom port when connecting to your server by creating a SSH configuration file.
Create the “~/.ssh/config” file and input the following file content:
Port 3333
PreferredAuthentications publickey,password
After this, you can run “ssh myuser@mydomain.com” instead of “ssh -p 3333 myuser@mydomain.com” because SSH will use the custom 3333 port automatically when connecting to “mydomain.com”.