To SSH from your Mac to your Linux machine, you’ll need to ensure both machines are set up properly for SSH communication. Here’s a step-by-step guide for setting everything up from scratch:
On Linux (Mini PC):
Install SSH Server: If SSH is not already installed on your Linux machine, you’ll need to install the OpenSSH server. To do this:
- Open a terminal.
- Run the following command:bash
sudo apt update sudo apt install openssh-server
- Once installed, check if the SSH service is running:bash
sudo systemctl status ssh
- If SSH is not running, start the service:bash
sudo systemctl start ssh
- Ensure the service starts on boot:bash
sudo systemctl enable ssh
Check Your Linux Machine’s IP Address: You’ll need the IP address of the Linux machine to connect from your Mac. To find it:
- Open a terminal.
- Run the following command:bash
ip a
- Look for the section related to your active network interface (e.g.,
eth0
for wired orwlan0
for Wi-Fi) and find the IP address (something like192.168.x.x
).
On Mac:
Install OpenSSH (if not already installed): Most modern macOS systems come with OpenSSH pre-installed, but you can check if it's installed by running:
bashssh -V
If it shows a version, you’re good to go. If not, you may need to install it using Homebrew:
- Install Homebrew (if you don’t have it):bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- Install OpenSSH:bash
brew install openssh
- Install Homebrew (if you don’t have it):
Connect to the Linux Machine:
- Open a terminal on your Mac.
- Use the SSH command to connect to your Linux machine (replace
user
with your Linux username and192.168.x.x
with the Linux machine’s IP):bashssh user@192.168.x.x
- The first time you connect, you may be prompted to accept the server’s fingerprint. Type
yes
and hit Enter. - Enter your Linux user password when prompted.
Configure SSH Key-Based Authentication (Optional but recommended): To avoid entering the password each time, you can set up SSH keys:
- On your Mac, generate an SSH key (if you don’t have one already):bashPress Enter to save the key in the default location (
ssh-keygen -t rsa
~/.ssh/id_rsa
). - Copy the SSH public key to your Linux machine:bash
ssh-copy-id user@192.168.x.x
- Now, when you SSH, you should be able to connect without needing a password:bash
ssh user@192.168.x.x
- On your Mac, generate an SSH key (if you don’t have one already):
Troubleshooting:
- Ensure both machines are on the same network.
- If the connection fails, check the firewall settings on your Linux machine:bash
sudo ufw allow ssh sudo ufw enable
Details on Public Key Copy from host to remote
After generating the SSH key on your Mac, you need to copy the public key to your Linux machine. This allows you to log into the Linux machine without entering a password each time, enabling key-based authentication. Below are the detailed steps:
1. Generate the SSH Key on Your Mac (if you haven’t done it already)
If you haven’t generated an SSH key, do it with the following command:
ssh-keygen -t rsa
- Explanation:
-t rsa
specifies the type of key (RSA in this case).
- You will be prompted to enter a location to save the key. Press Enter to save it in the default location:
~/.ssh/id_rsa
. - You may also be asked to provide a passphrase for extra security. If you don't want a passphrase, just press Enter to leave it blank.
2. View the Generated Public Key
You’ll now have two files in the ~/.ssh/
directory:
id_rsa
(your private key)id_rsa.pub
(your public key)
To confirm the public key, you can view it with:
cat ~/.ssh/id_rsa.pub
3. Copy the SSH Key to Your Linux Machine
The next step is to copy the public key to your Linux machine. This is where the ssh-copy-id
command is used.
Make sure SSH is running on your Linux machine and you have its IP address and username ready.
- You can check the SSH service with:bash
sudo systemctl status ssh
- You can check the SSH service with:
Copy the Public Key to the Linux machine:
In your Mac terminal, run the following command (replacing
user
with your Linux username and192.168.x.x
with your Linux machine’s IP address):bashssh-copy-id user@192.168.x.x
- Explanation:
ssh-copy-id
is a convenient command that copies your public key to the Linux machine's~/.ssh/authorized_keys
file, which is used for authentication.user@192.168.x.x
is the Linux username and IP address you want to log in to.
- Explanation:
Authenticate with Your Password:
- You will be asked to enter the password for the Linux user account you are copying the SSH key to. This is necessary just for the first time to authorize the key copy.
- Once the password is entered,
ssh-copy-id
will automatically add your public key to the Linux machine’s~/.ssh/authorized_keys
file.
4. Verify SSH Key-Based Authentication
Now that the public key has been copied to the Linux machine, you can log in without needing a password.
From your Mac, try SSHing into the Linux machine again:
bashssh user@192.168.x.x
This time, you should be logged in without being prompted for a password.
5. (Optional) Disable Password Authentication on the Linux Machine
For extra security, you may want to disable password-based SSH logins, ensuring only SSH keys can be used.
On the Linux machine, open the SSH configuration file for editing:
bashsudo nano /etc/ssh/sshd_config
Find the following lines (uncomment them if needed) and change the values:
PasswordAuthentication no PermitRootLogin no
This disables password logins and root login via SSH.
Restart the SSH service:
bashsudo systemctl restart ssh
Now, only key-based logins will be allowed, adding an extra layer of security.
Troubleshooting
Permission issues: Ensure the
~/.ssh/authorized_keys
file on the Linux machine has the correct permissions. Use:bashchmod 600 ~/.ssh/authorized_keys
Firewall: If you're unable to connect, ensure that the firewall on the Linux machine allows SSH:
bashsudo ufw allow ssh
That’s it! You’ve now set up passwordless SSH login using key-based authentication.
Using NetworkManager to manage network connections
It is best to assign a static IP through NetworkManager directly rather than manually editing Netplan files.
Here's how you can assign a static IP using NetworkManager:
Method 1: Using nmtui
(Text User Interface)
Open the Terminal on your Linux machine.
Launch NetworkManager Text User Interface:
bashsudo nmtui
Select "Edit a connection":
- Use the arrow keys to highlight this option and press Enter.
Choose Your Wi-Fi Network:
- You should see a list of available network connections (your
wlp3s0
Wi-Fi interface should be listed). Highlight your Wi-Fi connection and press Enter.
- You should see a list of available network connections (your
Set Static IP Address:
- In the Edit Connection window:
- Set the IPv4 Configuration method to Manual.
- Enter the following details:
- Addresses: The static IP you want to use (e.g.,
192.168.1.100
). - Netmask: Usually
255.255.255.0
. - Gateway: The IP address of your router (e.g.,
192.168.1.1
). - DNS servers: For example, you can use Google's DNS (
8.8.8.8
).
- Addresses: The static IP you want to use (e.g.,
- In the Edit Connection window:
Save the Configuration:
- Once you've entered the IP details, move to OK using the arrow keys and press Enter.
Restart the Network: After saving the settings, you can restart the NetworkManager service to apply the changes:
bashsudo systemctl restart NetworkManager
Verify Your IP Address: Check if the static IP has been assigned by running:
baship a
Method 2: Using nmcli
(Command Line Interface)
If you prefer to work entirely in the command line, you can use the nmcli
command to set a static IP address.
Check Your Wi-Fi Connection Name: Run the following command to list all available network connections:
bashnmcli connection show
- Look for the NAME of your Wi-Fi connection (likely something like
wlp3s0
).
- Look for the NAME of your Wi-Fi connection (likely something like
Set Static IP Address: Replace
wlp3s0
with your actual connection name. For example:bashsudo nmcli con modify wlp3s0 ipv4.method manual ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 8.8.8.8
192.168.1.100/24
: Your desired static IP address and subnet mask.192.168.1.1
: Your router's IP address (gateway).8.8.8.8
: DNS server.
Apply the Changes: To bring the connection down and up again to apply the new settings:
bashsudo nmcli con down wlp3s0 && sudo nmcli con up wlp3s0
Verify Your IP Address: Run the following command to ensure the static IP has been assigned:
baship a
If everything is configured correctly, your Linux machine should now use a static IP address over Wi-Fi. Let me know if you encounter any issues!
Easy Access to Remote without typing IP everytime
Updating the /etc/hosts
file or the SSH config (~/.ssh/config
) is useful if you frequently SSH into the same machine. These methods allow you to associate a hostname or a shortcut name with the IP address of your Linux machine, so you don’t need to remember or type the full IP address each time you SSH.
1. Update the /etc/hosts
File
The /etc/hosts
file allows you to map a hostname (alias) to an IP address. This means you can type the hostname instead of the IP address when you SSH or access the machine.
Steps:
Open the Terminal on your Mac.
Edit the
/etc/hosts
file:- You will need superuser privileges to edit this file. Run the following command:bash
sudo nano /etc/hosts
- You will be prompted to enter your password.
- You will need superuser privileges to edit this file. Run the following command:
Add the IP Address and Hostname:
- At the bottom of the file, add a line with the new static IP of your Linux machine followed by a hostname (or alias) you want to use. For example:bash
192.168.1.100 linuxpc
- Replace
192.168.1.100
with the new IP of your Linux machine andlinuxpc
with any alias you prefer.
- At the bottom of the file, add a line with the new static IP of your Linux machine followed by a hostname (or alias) you want to use. For example:
Save the File:
- After adding the line, press Ctrl + O to save the file, then press Enter.
- Press Ctrl + X to exit the editor.
Test the Change:
- Now, instead of using the IP address to SSH into your Linux machine, you can use the alias (hostname) you just set. For example:bash
ssh user@linuxpc
- Replace
user
with your Linux username andlinuxpc
with the alias you assigned.
This way, even if you change the Linux machine's IP again, you can just update the
/etc/hosts
file with the new IP, and the alias (linuxpc
) will still work.- Now, instead of using the IP address to SSH into your Linux machine, you can use the alias (hostname) you just set. For example:
2. Update the SSH Config File (~/.ssh/config
)
The SSH config file allows you to create shortcuts for SSH connections, where you can define specific settings for different hosts (like the IP address, username, port, etc.). This is very useful when you frequently SSH into multiple servers.
Steps:
Open the Terminal on your Mac.
Create/Edit the SSH Config File:
- The SSH config file is located in the
~/.ssh
directory. If it doesn't exist, you can create it. Run the following command to open it for editing:bashnano ~/.ssh/config
- The SSH config file is located in the
Add SSH Configuration for Your Linux Machine:
- Add a new entry with the following format:plaintext
Host linuxpc HostName 192.168.1.100 User your_username Port 22
- Host: This is the alias or shortcut you want to use for SSH. It can be any name you choose (e.g.,
linuxpc
). - HostName: The actual IP address or hostname of your Linux machine.
- User: Your username on the Linux machine (so you don’t need to type it every time).
- Port: The SSH port (default is
22
). If your SSH server is running on a different port, change this value.
- Host: This is the alias or shortcut you want to use for SSH. It can be any name you choose (e.g.,
- Add a new entry with the following format:
Save the File:
- After adding the configuration, press Ctrl + O to save the file, then press Enter.
- Press Ctrl + X to exit the editor.
Set Correct Permissions for the Config File:
- SSH requires this file to have correct permissions. Run the following command to set the correct permissions:bash
chmod 600 ~/.ssh/config
- SSH requires this file to have correct permissions. Run the following command to set the correct permissions:
Test the Change:
Now, you can use the alias to SSH into your Linux machine without typing the full IP and username each time. For example:
bashssh linuxpc
This will automatically use the IP (
192.168.1.100
) and username you specified in the~/.ssh/config
file.
Example of Multiple Hosts in SSH Config:
If you connect to multiple servers, you can add multiple entries in your ~/.ssh/config
file, like so:
Host linuxpc
HostName 192.168.1.100
User your_username
Host workserver
HostName 203.0.113.10
User your_work_username
Port 2222
- In this example, you can SSH into
linuxpc
orworkserver
with simple commands:bashssh linuxpc ssh workserver
Summary:
- Updating
/etc/hosts
allows you to map a custom hostname (alias) to the IP address, so you can use the alias instead of the IP when connecting via SSH or accessing the machine on the network. - Updating
~/.ssh/config
allows you to create SSH shortcuts and store specific settings like username, IP address, and port, making it easier to SSH into frequently accessed machines.
These methods save you time and prevent you from having to remember or type IP addresses repeatedly.
Save Passphrase to Mac KeyChain for easy access
You can save the passphrase for your SSH key to avoid entering it every time you use the key for authentication. The most common way to achieve this is by using an SSH agent, which stores your passphrase in memory for the duration of your session.
Here’s how you can set this up on macOS:
1. Start the SSH Agent
The SSH agent is usually started by default on macOS, but you can ensure it’s running by starting it manually.
Open your terminal and run:
eval "$(ssh-agent -s)"
This will start the SSH agent and return the process ID (PID), indicating that it's running.
2. Add Your SSH Private Key to the Agent
Once the SSH agent is running, you need to add your private key to it. This allows the agent to cache the key and manage the passphrase for you.
To add your private key:
ssh-add ~/.ssh/id_rsa
- Replace
~/.ssh/id_rsa
with the path to your private key if it’s located somewhere else.
You will be prompted to enter your passphrase one last time. After that, the agent will store the passphrase for the duration of your session, so you won’t have to enter it again.
3. Configure SSH to Automatically Use the Agent
To make the SSH agent automatically load your key when the system starts, you can modify or create a configuration file:
Open or create the SSH config file:
bashnano ~/.ssh/config
Add the following lines:
plaintextHost * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes
: This tells SSH to automatically add keys to the agent.UseKeychain yes
: On macOS, this stores the passphrase in the macOS Keychain.IdentityFile ~/.ssh/id_rsa
: Specifies the location of your private key. Change the path if your key is located elsewhere.
Save and close the file by pressing Ctrl + O to save and Ctrl + X to exit.
4. Store the Passphrase in macOS Keychain
macOS allows you to store your SSH key passphrase in the Keychain, so you don’t need to enter it again after rebooting. You can do this by using the ssh-add
command with the -K
option (on older macOS versions) or simply by following the steps above (UseKeychain yes
).
To store the passphrase in the macOS Keychain:
ssh-add --apple-use-keychain ~/.ssh/id_rsa
- After running this command, the passphrase will be saved to the Keychain, so you won’t need to enter it again for future logins.
On macOS Monterey (12.x) and later, ssh-add
automatically uses the Keychain without needing the -K
option.
5. Verify SSH Key is Loaded
To check that your key has been successfully added to the agent, run:
ssh-add -l
This will list the keys currently loaded in the SSH agent. You should see your key listed here.
6. Restarting the SSH Agent Automatically
To ensure your keys are automatically loaded into the SSH agent on system startup, you can add the following to your shell’s configuration file (.bash_profile
, .zshrc
, etc.):
Open your shell’s config file: For example, if you are using
zsh
:bashnano ~/.zshrc
Add the following lines:
basheval "$(ssh-agent -s)" ssh-add -A
ssh-add -A
: Automatically adds all identities stored in the macOS Keychain to the SSH agent when a new session is started.
Save and close the file.
Now, every time you start a new terminal session or log into your Mac, the SSH agent will automatically start, and your keys will be loaded from the Keychain.
By following these steps, you’ll avoid having to enter the passphrase for your SSH key every time you SSH into a machine, without compromising the security of your key.