Generating SSH keys (Mac OS X)

Now I know that this is a subject that’s been done to death and can be found all over the t’interweb, but the truth is that I don’t want to have to search for it every time I remember that I’ve forgotten the exact keystrokes to do it. Thus, another post, but at least it’s one which I can easily lay my hands on!

To choose a suitable passphrase or not?

There are two schools of thought on this: don’t choose a passphrase vs. do choose a passphrase.

The problem with the first, obviously, is that it leaves you without any real security for your SSH key.

The problem with the second, as I see it, is that if it’s secure enough to make it difficult to crack then you’ll probably write it down, save it in your keychain etc – at which point it becomes redundant as your security is now out of the window.

In the end, it seems there’s no real, practical difference between the passphrase/no passphrase schools of thought.

Nevertheless, assuming you will want to use a passphrase, the same rules for any good password also apply here: a mix of upper and lower case, numbers, spaces and punctuation. And limit it to less than 31 characters – frankly, I’d not go that far, unless you want to guarantee forgetting it.

How do I generate my keypair?

First of all open Terminal. If, like me, you have it sitting in the Dock then all is well and good, else you can usually find it lurking in Applications > Utilities.

Type in the following, replacing the part in italics with your own email address:

ssh-keygen -t rsa -C "yourname@yourdomain.ext"

Terminal should respond along the lines of:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/you/.ssh/id_rsa):

Press Return to accept the default value and Terminal should respond with:

Enter passphrase (empty for no passphrase): 

Enter the passphrase that you decided on above, or simply press Enter to leave it empty. The response will be:

Enter same passphrase again: 

Enter the passphrase again and press Return. Terminal will respond with something like this:

Your identification has been saved in /Users/you/.ssh/id_rsa.
Your public key has been saved in /Users/you/.ssh/
The key fingerprint is:
5c:ed:6d:73:42:b5:ea:b3:cb:d4:4a:a0:c6:c0:4d:3a yourname@yourdomain.ext

How do I copy my public key into my Mac’s clipboard?

You can use the pbcopy utility to insert your public key (or other text files) easily into your Mac’s clipboard so that you can add it to your profile, GitHub, or other places.

The filename should be

– with yourfilename being the filename you entered when you first created this file. If you just hit Enter, the default is

pbcopy < ~/.ssh/

You won’t see any output in the Terminal, but the contents of your public key will now be in your clipboard and can easily be pasted anywhere where you can normally paste text.

In case you’re curious, the pbpaste utility works the other way, allowing you to grab the contents of the clipboard for use in the Terminal. For example, the following command will write the contents of the clipboard to a file:

pbpaste > ~/clipboard.text

Now what?

Well, surely you wanted that SSH key for something…? Go and make it happen.