Mac OpenSSH

The following section describes how to configure OpenSSH on MacOS Monterey with an Idem Key Plus, TrustKey G310, or Yubikey 5 NFC FIPS.

1. Mac comes installed with OpenSSH by default, but it is a version that does not support Security Keys. You will need to install Homebrew and then the new version of OpenSSH. Use this command to install Homebrew:
   

   shell> /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
   

2. After Homebrew is installed, use this command to install openssh:
   

   shell> brew install openssh
   

3. Now that the latest version of OpenSSH is installed, insert the Security Key into the Mac and use this command to generate the key pair:

   shell> ssh-keygen -t ecdsa-sk

4. You will be asked to touch your Security Key to create the key pair.
5. The default location of the new keys will be in the .ssh/ folder of the current user. From the home directory of the current user, use this command to print out the contents of the public key to the terminal:

   shell> cat .ssh/id_icdsa_sk.pub

6. In this document we will be using the default name of the generated public key. Change id_icdsa_sk.pub to whatever you are using if there are any differences. Copy the contents of the public key and put it into the authorized_keys file of the remote server. Then, restart sshd on the remote server using this command:

   shell> sudo service sshd restart

7. You may now attempt to ssh into the remote server using Mac. It will request that you touch the Security Key before logging in. Touch your Security Key and you will be allowed into the server.