In order to be able to connect to servers and services without having to enter your username and password for that service each time, the SSH protocol provides a secure way of authentication via so called “SSH key pairs”.
For detailed explanation on how the SSH protocol works, you can read this tutorial.
The basic process of creating an SSH key pair is outlined in this article. For additional security you should use the -p option, to secure your SSH key pair with a private passphrase that only you know.
ssh-keygen -p -t ed25519 -C "example@inspiredminds.at"
Use the Git bash under Windows for these commands.
Important: the passphrase or password should be something secure of course, with a length of at least 10 characters.
After the entering the command you will be prompted to enter a file location for the SSH key pair. Since you will probably only need one key pair, you can leave the default location and name. The default location will be ~/.ssh.
After creating the key, you have to use the following command to copy your public key to a server, in order to be able to connect via SSH to that server:
ssh-copy-id -p 22 username@example.com
The username in this case is the username of an account you have access to on that server, for which you want connect to via SSH with your SSH key pair.
The public key can also be added to your keychain within Termius. For some applications under Windows (like FileZilla), you have to create a “.ppk” file with puttygen.
Adding a passphrase to your private SSH key prevents anyone from using that key without the passphrase - in case the key file gets somehow copied. However, for daily operations it is convenient to not be required to enter the SSH key passphrase each and every time you need it (e.g. pulling or pushing from and to Git repositories). There are a few options, depending on your operating system for that.
Under MacOS you could simply store the SSH key’s passphrase in your keychain. This way the key by itself is still secured with your passphrase while you don’t have to enter it every time. Instead it will be safely stored in your keychain which is (presumably) encrypted by your MacOS user’s password.
Step 1: execute the following:
$ ssh-add -K
Step 2: Configure SSH to always use the keychain
If you haven’t already, create an ~/.ssh/config file. In other words, in the .ssh directory in your home dir, make a file called config.
In that .ssh/config file, add the following lines:
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa
There is a GitHub Gist with a good tutorial on how to create an “SSH agent” with which you will be able to enter the SSH key’s passphrase only once and then it will be remembered throughout the session: https://gist.github.com/bsara/5c4d90db3016814a3d2fe38d314f9c23. Ignore the section called “Configure SSH for Git Hosting Server”.