Generating an SSH Key for Mac OS X with GitHub/BitBucket

This tutorial is aimed at users who want to create a new SSH key on Mac OS X and configure it for use with GitHub. (Configuring for BitBucket is exactly the same.)

  1. Start The Terminal and go to your home folder:
    cd
  2. Make a directory called .ssh:
    mkdir .ssh
  3. Navigate into the .ssh directory:
    cd .ssh
  4. Generate a new SSH key, replacing YOUR_EMAIL_HERE@YOUR_DOMAIN with your own email:
    ssh-keygen -t rsa -C "YOUR_EMAIL_HERE@YOUR_DOMAIN"
  5. You’ll be prompted to save the file in /Users/USERNAME/.ssh/id_rsa, where USERNAME is your Mac username. Hit enter.
  6. You’ll now be asked to enter a passphrase twice. A passphrase is a string of text that is something longer than a simple password. If you hit enter, no passphrase will be associated with the key. This is not advisable.
  7. You now have a private key (id_rsa) and a public key (id_rsa.pub). Add the private key to your Mac keychain via the Keychain Access program:
    ssh-add -K ~/.ssh/id_rsa
  8. With your private key now setup on your local computer, the public key must be setup with the remote host, which can be GitHub, Bitbucket, etc. I’ll use GitHub for this example.
  9. Copy the public key to your clipboard:
    pbcopy < ~/.ssh/id_rsa.pub
  10. Log into GitHub and choose the “Settings” option underneath your profile in the upper right-hand corner of your home page:1
  11. Choose the “SSH Keys” option along the left menu:
    2
  12. Click the “Add SSH key” button in the upper right-hand corner:
    3
  13. Give your key a name:
    5
  14. Assuming you haven’t added anything to your clipboard since step 9, paste the contents of your clipboard under the “Key” area, then hit “Add key”:
    6

Fix SSH Key Security Issue in Cygwin

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0660 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

I recently came across an issue with a Git-related SSH key in which I received the message above. This appears to be caused by the default ownership and permissions assigned to new files in Cygwin. Configuring SSH keys in Cygwin requires that the id_rsa/id_rsa.pub key pairs be owned by the correct entity and have the correct permissions. (This is likely true in other operating systems, also.)

For the following example on how to solve this, I’ll use id_rsa as the private key file and id_rsa.pub as the public key file. I’ll assume that the folder .ssh is in your Cygwin home directory, which, in my case, is /home/Roy.

  1. Launch Cygwin
  2. Start your ssh-agent, if you haven’t already:
    eval `ssh-agent -s`
  3. Navigate to the .ssh folder:
    cd ~/.ssh
  4. Change the group of the id_rsa and id_rsa.pub files to Users:
    chown :Users id_rsa id_rsa.pub
  5. The owner of the key files must have read and write privileges, but the group and the world should have no access to these files. Thus, permissions on both files should be 600:
    chmod 600 id_rsa id_rsa.pub
  6. Load the key, and enter your password (should you need to) when prompted:
    ssh-add id_rsa