SSH and Linux, macOS, or Unix: Set Up the Public and Private Keys for Git and CodeCommit From the terminal on your local machine, run the ssh-keygen command, and follow the directions to save the file to the.ssh directory for your profile. Note that the ssh-keygen command is only available if you have already installed Git (with Git Bash). You'll see a response similar to this: Just press to accept the default location and file name. If the.ssh directory doesn't exist, the system creates one for you. Enter, and re-enter.
I largely followed Florin's blog post, but have a few notes to add regarding issues I encountered:
Basic setup notes
- I used a YubiKey 4, while the blog describes using a YubiKey NEO. I'm sure a YubiKey 5 would also work. I'm also running macOS 10.13.6.
- I installed GPGTools as recommended. However, as I'll note later, it seems that
gpg-agentonly automatically starts when gpg is used; for ssh, you'll need to ensure it's running. - Before generating your keys, decide what key size you want to use. If you run the
listcommand insidegpg --edit-card, look for theKey attributesline to see what is currently selected. On my YubiKey 4, it defaulted to 2048 bits for all keys:
These correspond to the signature key, encryption key, and authentication key. (I believe only the authentication key is used for ssh.)
Running the key-attr admin subcommand lets you change these:
(Note that the OpenPGP applet only works with RSA, not ECC, so don't choose that.)
- After generating keys,
ssh-add -Lmay not initially show anything:
This is because gpg-agent changed how it works a few years ago, removing some options such as write-env-file (per this comment, which Florin's instructions use.
To get gpg-agent and ssh-agent to work together, you can use a simplified /.gnupg/gpg-agent.conf:
Generate Ssh Key Github
and then kill any running gpg-agent process so that it picks up the new configuration.
Since the .gpg-agent-info file is no longer created by gpg-agent, you must also change your .bash_profile to use the GPG agent ssh socket directly. I also added a line here to ensure that the gpg-agent is running:
Generate Ssh Key Aix
(This is taken from @drduh's YubiKey guide.)
After updating this, launch a new shell, and ssh-add -LWindows vista ultimate 32 bit product key generator. should now show you your public key, and you can follow the rest of the directions provided.
Requiring touch
Macos Generate Ssh Key Git Download
I wanted to require a touch any time I tried to use my YubiKey for ssh authentication to prevent rogue processes from using the key while it's plugged in.
You can use the YubiKey Manager CLI to require this; I installed it via Homebrew.
After installed, use the ykman openpgp touch subcommand to configure the touch settings:
(Again, you control the three keys separately.)
Add Ssh Key Github Mac
Problems with certain versions of the YubiKey 4
I attempted to add my SSH public key to my GitHub account and came across this perplexing error:
Key is weak. GitHub recommends using ssh-keygen to generate a RSA key of at least 2048 bits.
Mac Os Generate Ssh Key Github
I'd initially used a 2048-bit RSA key, so using the key-attr subcommand I described above, I tried generating a 4096-bit key, but GitHub gave the same error message.
After some searching, I came across this issue. Basically, due to a security issue in certain versions of the YubiKey 4 (4.2.6-4.3.4), GitHub rejects keys generated on these YubiKeys as weak. There are basically two workarounds:
- Generate a keypair off of the card and then load it onto the YubiKey.
- Replace the YubiKey with a newer one. Thankfully, Yubico will replace your affected YubiKey 4 for free.
Even more details
@drduh's YubiKey Guide is a great reference, going into even more detail and best practices. Camtasia 8 key generator mac.