You generate an SSH key through Mac OS X by using the Terminal application. Once you upload a valid public SSH key,Gerrit can authenticate you based on this key.
An SSH key consists of a pair of files. One is the private key, which you should never give to anyone. No one will everask you for it and if so, simply ignore them - they are trying to steal it.The other is the public key. When you generate your keys, you will use
ssh-keygen to store the keys in a safe locationso you can authenticate with Gerrit.
I figured out the issue, I used ssh-add -L to list the used public keys i found out that it was different than the one in idrsa.pub, i guess sometime ago i accidentally replaced the original public key file with another one, so now it is working normally. Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key. When adding your SSH key to the agent, use the default macOS ssh-add command, and not an application installed by macports.
To generate SSH keys in Mac OS X, follow these steps:
Enter the following command in the Terminal window:
This starts the key generation process. When you execute this command, the ssh-keygen utility prompts you to indicate where to store the key.
ENTERkey to accept the default location. The ssh-keygen utility prompts you for a passphrase.
Type in a passphrase. You can also hit the
ENTERkey to accept the default (no passphrase). However, this is not recommended.
You will need to enter the passphrase a second time to continue.
After you confirm the passphrase, the system generates the key pair and you will see output like this:
Your private key is saved to the
id_rsa file in the
.ssh subdirectory of your home directory and is used to verifythe public key you use belongs to your Gerrit account.
Never share your private key with anyone! Ever! We mean it!
Your public key is saved to a file called
id_rsa.pub in the
.ssh subdirectory of your home directory. You can copyit to your clipboard using the following command:
Now you can head over to Gerrit, go to settings and paste your public key as described here.
Gerrit is using the special port
29418 instead of the default SSH port
22 which has to be configured accordingly. This can be done in your local
~/.ssh/config file which would contain the following sections then:
Testing your connection:
About SSH Keys
Secure Shell (better known as SSH) is a cryptographic network protocol which allows users to securely perform a number of network services over an unsecured network. SSH keys provide a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.
Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.
Within some of the commands found in this tutorial, you will notice some highlighted values. These are variables, and you should substitute them with your own values.
Step One—Create the RSA Key Pair
The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):
Step Two—Store the Keys and Passphrase
Once you have entered the Gen Key command, you will get a few more questions:
You can press enter here, saving the file to the user home (in this case, my example user is called demo).
It’s up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the key pair.
The entire key generation process looks like this:
The public key is now located in
/home/demo/.ssh/id_rsa.pub. The private key (identification) is now located in
Step Three—Copy the Public Key
Once the key pair is generated, it’s time to place the public key on the server that we want to use.
You can copy the public key into the new machine’s authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.
Note: If you are a Mac user, ssh-copy-id will not be installed on your machine. You can, however, install it using Homebrew:
Alternatively, you can paste in the keys using SSH:
No matter which command you chose, you may see something like:
This message helps us to make sure that we haven’t added extra keys that you weren’t expecting.
Now you can go ahead and log into your user profile and you will not be prompted for a password. However, if you set a passphrase when creating your SSH key, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).
Optional Step Four—Disable the Password for Root Login
Once you have copied your SSH keys onto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.
In order to do this, open up the SSH config file:
Within that file, find the line that includes
PermitRootLogin and modify it to ensure that users can only connect with their SSH key:
Save and close the file when you are finished.
To put these changes into effect:
The DigitalOcean control panel allows you to add public keys to your new Droplets when they’re created. You can generate the SSH Key in a convenient location, such as the computer, and then upload the public key to the SSH key section.
Then, when you create a new Droplet, you can choose to include that public key on the server. No root password will be emailed to you and you can log in to your new server from your chosen client. If you created a passphrase, you will be prompted to enter that upon login.