The SSH authentication methods and interaction with them

Password Authentication

This is the simplest form of authentication. The user have the username and the corresponding password. Client will ask user to enter a password, will encrypt it and use it to authenticate itself to a server.

Authentication Dialog

To prevent the password from being entered each time you connect to the server, SSH Config Editor can save the password for a specific host and uses it when the connection is opened. The password can be stored in the Host Authentication dialog that can be shown from the toolbar host authentication icon icon or from the Host -> Add App Option -> Authentication menu.

Password auto-fill feature only works:

  • in Pro version
  • if terminal is system or iTerm
  • if you use non-URL connection command - open terminal from URL cannot fill password

Public Key Authentication

This is the major form of authentication. This method expects each client to have a key pair. The key pair is a pair of keys, properly generated using an asymmetric encryption algorithm.

The public key authentication process begins when the client sends the public key to the server. If the server finds the key in the list of allowed keys, the client encrypts a certain data packet using the private key and sends the packet to the server together with the public key.

Where is Host Keys

The SSH client offers keys defined in host's configuration options IdentityFile. This options defines a list of private keys that can be used for establish connection to server. Corresponding public key must be stored on server in ~/.ssh/authorized_keys file.

Generate a New Key Pair

In SSH Config Editor you can generate key pair from Generate Key Pair dialog that is available from menu Host -> Add Identity Key -> Generate Key Pair... or from toolbar generate key pair icon icon.

Generate key pair dialog
  • This feature allow generate a RSA key pair and in Pro version event DSA, ECDSA and Ed25519 key pairs
  • Private keys can be protected by passwords. If you do that you must enter password for every connection to unlock that key. But you can also add SSH option UseKeychain to allow system store and find passphrases for keys in macOS keychain.

How to Get the Key to the Host

Target host server must know your public key. The public key must be stored on the host in ~/.ssh/authorized_keys file.

  • You can connect to the host and manually add content of your public key file to authorizedkeys* file
  • The SSH Copy ID feature runs ssh-copy-id command for add the public key to the host automatically (or generate command for you in AppStore version)
  • You can also copy content of the public key to the clipboard with Copy Public Key command
  • This commands are available from toolbar more actions menu icon menu where is available all related keys for selected host
  • A context menu on each IdentityFile option also offer SSH Copy ID and Copy Public Key for that key
SSH Copy ID from toolbar menuSSH Copy ID from context menu