Ssh Client For Mac Os X

if you have a VPS or a server running linux need to manage via SSH. On Windows you will have loads of options such as PuTTY, kitty, MobaXterm … but on MacOS majority are paid app to use.

But there are still free apps with great features that satisfy your needs. We list the 5 most prominent apps below.

1. Termius SSH client

Download: https://itunes.apple.com/jp/app/termius-ssh-client/id1176074088?l=en&mt=12

FTPS connections are supported directly in the built-in FTP OS X function, while SFTP via SSH is not available through the same 'Connect to the server' menu. However, OS X also includes its own SFTP client Mac users can access from the Terminal by typing 'sftp username @ host' at the command line. USB Conference Microphone,XIIVIO 360° Omnidirectional Condenser PC Microphones with Mute Plug & Play Compatible with Mac OS X Windows for Video Conference,Gaming,Chatting,Skype 7/10 We have selected this product as being #8 in Best Ssh Client For Mac of 2020. Sep 07, 2020 How to setup SSH Keys on Linux Mac OS X Clients How To Use SSH Keys on Linux/Mac OS X Clients. Using encrypted keys for authentication offers two main benefits. Firstly, it is convenient as you no longer need to enter a password (unless you encrypt your keys with password protection) if you use public/private keys.

Termius is more than a mere SSH client – it's a complete command-line solution that's redefining remote access for sysadmins and network engineers. Securely access Linux or IoT devices and quickly fix issues from the comfort of your couch via laptop or phone.

Proper use of SSH client in Mac OS X Historical background. Back in the days when I started learning SSH, I used Windows and Putty. When I got more familiar. Generating SSH key. To generate the SSH key, you will run ssh-keygen in Terminal app. In many tutorials online. Configure OS X SSH. SSH Clients for Windows and Mac PuTTY is a free open-source terminal emulator which lets you initiate interactive command-line sessions to UITS Unix servers. It can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client.

Features:

• Termius is available for all major mobile and desktop systems.
• Enjoy a beautiful, hand-crafted interface.
• Supports ECDSA and ed25519 keys as well as chacha20-poly1305 cipher.
• Termius is always ad-free. You are not the product.
• Pair credentials and servers for quick access.
• Create groups to define shared settings and themes.
• Tag your servers to stay organized.
• Make it yours with 12 colorful themes and adjustable fonts.
• Power through late night sessions with dark mode.
• Make multiple connections to the same host or connect to multiple hosts.
• Port forwarding lets you encrypt nearly any service or connection.

2. Core Shell – SSH Client 4+

Download:https://itunes.apple.com/jp/app/core-shell-ssh-client/id1354319581?l=en&mt=12

A full featured terminal with built-in OpenSSH support, it's focused on managing and login to hosts efficiently. Don't waste your time; be productive.

Features

Full-featured Terminal

• Compatible with Terminal.app and xterm.
• Supports ANSI 16 and 256 color palettes, as well as 24bit true color.
• Passed cases of *vttest– a strict VT100/VT220/VT420 terminal functionality test suite.

OpenSSH Compatible

• Everything in OpenSSH, agent forwarding, certificates, proxy jump, etc.
• Can read your existing `ssh_config` file as the source of advanced options, especially helpful for experienced users.
• Can work with GnuPG agent, YubiKey, Authy and Google Authenticator.

Download/Upload

• Upload files by dragging and dropping to the shell window.
• Download remote files with single click on context menu or press a key combination.

Keychain Integration

• Tightly integrated with macOS Keychain, don't have to enter passwords or passphrases repeatedly.
• It's totally optionally, you can opt-in or opt-out at any time.

Advanced Options Editor

• A handy way to tune per-host advanced options.
• For every ssh directives, there is a contextual help provides immediate information, no more googling.

Automatic Reconnect

• Always tries to restore your connections after network failure or waking up from sleep.

Theming

• Eight built-in color schemes: Basic, Dracula, Grass, Homebrew, Man Page, Novel, Ocean, Red Sands
• Our color optimization ensure that colorful text always clearly visible.

Tags

• Use tags to organize your hundreds or thousands of hosts.
• Tag your host by a simple drag & drop actions.

Premium Features

• Unlimited number of connections
• Importing and exporting
• Sync hosts and tags between all of your Mac computers
• Scriptable (automation with AppleScript and Automator)
• Prioritized customer support

Premium License

• USD 9.99 for 1-Year License
• USD 29.99 for 4-Year License (save 25%)

3. SSH Proxy 4+

Download: https://itunes.apple.com/jp/app/ssh-proxy/id597790822?l=en&mt=12

SSH Proxy can help you turn any remote SSH server into a SOCKS / HTTPS proxy, intuitive and easy to use.

SSH Proxy is able to remember the SSH login password & private key passphrase and save it to OS X's keychain. Furthermore, SSH Proxy is designed to automatically reconnect when your Mac is waking up from sleep.

Features:

• Auto launch when log in OS X
• Create HTTP, HTTPS, SOCKS4/4A and SOCKS5 proxy through SSH tunnel
• Ability to share created proxy on LAN
• Fast switch between multiple SSH accounts
• Automatically reconnect after disconnected by errors or waking up from sleep
• Remember SSH login password & private key passphrase in OS X Keychain automatically
• Whitelist, only sites on the list will be accessed through the proxy server, other sites will be connected directly

Ssh Client For Mac Os X 10 11

SSH Functions:

• Able to compress SSH connection
• Connecting through SOCKS5 / SOCKS4 / HTTPS proxy with authentication
• Support public-key, password, keyboard-interactive and multi-factor authentication methods
• Support Google Authenticator and Authy for two-step verification
• Support multi-factor authentication
• Can deal with DSA, RSA, ECDSA, ed25519 private key types
• RFC4716, PKCS#8 and PEM key formats are supported, compatible with OpenSSH

Note:

• SSH Proxy supports SSH-2 protocol, the vulnerable and obsoleted SSH-1 is not supported. Most modern servers and clients support SSH-2.
• You got to have a remote SSH server before downloading and using SSH Proxy, SSH Proxy does not provide you SSH service.

4. Zen Term Lite SSH Client 4+

Download:https://itunes.apple.com/jp/app/zen-term-lite-ssh-client/id1422475219?l=en&mt=12

Zen Term Lite is a powerful terminal emulator that supports SSH, ZModem, and provides various authentication methods. You can easily use it to connect to Linux, UNIX and Mac hosts.

Note: Zen Term lite edition doesn't provide SFTP functionality, please use standard edition to get full experience.

Features:

Terminal

• Supports VT100, XTERM, XTERM-256color terminal emulation.
• Supports encoding and decoding character sets from multiple languages, including Chinese, Japanese and Korean multi-byte character sets.
• The scrollback buffer can be configured to save up to 10,000 lines.

Security

• Master password is encrypted and stored in Apple KeyChain, and connection passwords and passphrases are encrypted by master password, so that you don't have to input password/passphrase repeatedly.
• Supports RSA/DSA/ECDSA/ED25519 public key, password, and keyboard interactive user authentication.
• User key generation: generate RSA/DSA/ECDSA/ED25519 private keys.
• User key management: allows user keys to be viewed, generated, removed, imported and exported.
• Host key management: allows host keys to be viewed, removed, imported and exported.

Appearence

• Multiple terminal color schemes are provided, and you can create new color schemes with customized foreground, background, and ANSI colors.
• Change font name and size.
• Change cursor color, shape and blinking.
• Supports the creation of multiple TAB groups, the app window can be splitted horizontally or vertically, and tabs can be dragged and dropped between TAB groups.
• Force Touch can open a search engine or dictionary.
• Supports macOS dark mode.
• File transfers
• Send and receives files via ZModem.
• Drag and drop files and folders onto the shell session to start ZModem file transfers.

5. Core Tunnel – SSH Tunnel 2 4+

Download: https://itunes.apple.com/jp/app/core-tunnel-ssh-tunnel-2/id1354318707?l=en&mt=12

The missing ssh tunnel manager, compatible with OpenSSH, automatic and intuitive. Don't waste your time; be productive.

Features:

• OpenSSH Compatible
• Everything in OpenSSH, local / remote / dynamic port forwarding types, agent forwarding, certificates, proxy jump, etc.
• Can read your existing `ssh_config` file as the source of advanced options, especially helpful for experienced users.
• Can work with GnuPG agent, YubiKey, Authy and Google Authenticator.
• Keychain Integration
• Tightly integrated with macOS Keychain, don't have to enter passwords or passphrases repeatedly.
• It's totally optionally, you can opt-in or opt-out at any time.
• Advanced Options Editor
• A handy way to tune per-host advanced options.
• For every ssh directives, there is a contextual help provides immediate information, no more googling.
• Automatic Reconnect
• Always tries to restore your connections after network failure or waking up from sleep.
• Tunnels can be set to connect on app startup.
• Menubar Icon
• Control and monitor tunnels without switching out your current working window.
• Tags
• Use tags to organize your hundreds or thousands of tunnels.
• Tag your tunnel by a simple drag & drop actions.

Premium Features

• Unlimited number of connections
• Importing and exporting
• Sync hosts and tags between all of your Mac computers
• Scriptable (automation with AppleScript and Automator)
• Prioritized customer support

Premium License

• USD 9.99 for 1-Year License
• USD 29.99 for 4-Year License (save 25%)

We Choice: Zen Term Lite

Historical background

Back in the days when I started learning SSH, I used Windows and Putty.

When I got more familiar with the use of SSH keys for password-less login, I became a happier SSH user.

A few years later, I started using OS X and initiating SSH connections from it felt awkward without Putty, until I discovered iTerm.

But getting more familiar with the OS X system itself, I found myself really hooked up to it for mainly one reason – it's built from FreeBSD. Working with CLI in OS X feels much like Linux. And the native OpenSSH client is the killer feature.

Fast forward to 2019, and my failure to build a proper Hackintosh using high-end PC components, rendered it useful only for mostly one thing at present – watching movies on Windows. I still prefer to use my MacBook Air for work, just because I can type ssh web and start working with my server right away.

Could it be even better in regards to SSH? Just when I could definitely answer 'No', I got an email from a client, who was asking for instructions on how to generate SSH key for use with FileZilla to connect to their server.

After trying to recap the proper instructions for them, I found how I could improve my own use of SSH in OS X, and also make it more secure.

Let's walk through the proper setup of your native SSH client in OS X.

Generating SSH key

To generate the SSH key, you will run ssh-keygen in Terminal app. To construct the correct arguments for it, we need to first…:

Choose passphrase

In many tutorials online, they'd say it is OK to specify an empty passphrase. Surely enough, you think it's a sane choice because then you save yourself a lot of time. With empty passphrase, you don't have to enter it every-time, and with long passphrase, you have to? Fear not!

With OS X, you can have the convenience of password-less login to a server even when your key is passphrase-protected. The magic of it is achieved by the Keychain and SSH agent components of the operating system.

So make sure that you choose a very strong passphrase for protecting your SSH key. And don't worry, you won't be bothered to enter it every time you use SSH / SFTP.

Choose comment

A good SSH key has a good comment. To be nice to others, and simply for housekeeping purpose, make sure that the key's comment includes:

• Your email address, where people can reach you
• An (arbitrary) identifier of the machine or device where you intend to use the key

Following these rules a good comment might look like this:

info@example.com (MacBook Air)

By default, ssh-keygen will try to be smart in generating the comment, but not smart enough: the comment will include your machine's hostname and folks who find your key added to their system, will not know how to reach you if there's a need to collaborate about server tasks or your key. So you may want to adjust the command before you run by passing your good comment in the -C switch:

Make sure to actually change the command to include your email and device name. Now it is OK to run it.

Don't put an empty passphrase!

Now you have your key generated and stored in ~/.ssh/id_rsa. Remember, this file should never be shared with anyone. It is the public key you'll need to share or add to servers.

Share your public key

When you generated the SSH key, you have actually generated 2 files: the private key ~/.ssh/id_rsa and the public key ~/.ssh/id_rsa.pub.

The public key is what you will share to server admins, or add yourself to remote servers, in order to be able to login to those systems without a password.

The command to copy contents of your public key to clipboard is simple:

We'll leave out the details on how to add your key to remote servers for the next time.

Provided that the public key was already authorized on the server you want to work with, how do you make sure that OS X won't ask you for the key's passphrase every time you log in?

Configure OS X SSH client

OS X ships with an actual OpenSSH client. And standard as it is, it can be configured by editing ~/.ssh/config file.

The most relevant configuration directives for proper SSH setup are:

Simply including those to your ~/.ssh/config will ensure that the SSH client will use operating system's Keychain to store the password of your SSH key files, and also the keys will be loaded to SSH agent for later reuse.

There is controversial information on how these directives actually work. So I thought I should elaborate:

• Upon reboot/login to your system, your SSH agent will have no keys loaded. This can be verified with ssh-add -L
• When you SSH to a server, via ssh username@example.com, the SSH client will attempt to use ~/.ssh/id_rsa
• The SSH client will talk to the Keychain and ask it for the passphrase. If the passphrase is already stored in the Keychain, then the key is loaded to the SSH agent without any passphrase prompts. If the passphrase is not yet present in the Keychain, it will prompt you for the passphrase, and store it in the Keychain after you provide it.

It is important to understand that keys in SSH agent do not persist across reboots. The SSH keys are added to the agent dynamically, as in – upon connection to a server. Then they are reused on further (second, third and so on) connection.

After a reboot, the agent will have no keys loaded again!

So keys do not persist (which is fine!), but their pass-phrases persist in the Keychain. You will only have to provide the SSH passphrase once in a lifetime. And the added benefit is that the passphrase will be synced to your iCloud Keychain if you're using it.

To add the key's passphrase to the Keychain now, simply run:

The case of horrible FileZilla

By simply following the above recommendations you have the properly configured SSH client in OS X.

But what about FileZilla? Surely we want it to use the SSH agent and we don't want to put any passphrase / keys explicitly there.

FileZilla apparently knows how to talk with the SSH agent and use keys from it. This is better than importing the key to FileZilla, since this way you can keep the file password protected.

But there is one major flaw in FileZilla – it would appear not use ~/.ssh/config and it won't load the key to the SSH agent for you. Remember, as we described earlier, the native SSH client loads the keys to the SSH agent upon connection. But FileZilla doesn't.

So your SFTP connection in FileZilla will only work after you first establish SSH connection manually.

I thought that FileZilla comes from the open source world. But not that only – it comes from many worlds and it is primarily an inhabitant of the Windows ecosystem. And it brings a bag of compatibility issues from there.

To counter the issue we're facing, you could make FileZilla use the manually specified SSH key in its settings. But that sucks for many reasons:

• Filezilla prefers / and converts to Putty PPK format.. to much of its shame, because OpenSSH is de-facto standard SSH implementation (and so are its keys)
• Your SSH configuration is less centralized, in case you use different keys for different servers. Instead of just using ~/.ssh/config for everything …

I tried to see if any other SFTP clients address this 'flaw'. Cyberduck doesn't seem to use the SSH agent at all, but at least it does support directly specified OpenSSH key, without having to convert to PPK format.

Panic's Transmit uses ~/.ssh/id_rsa by default and it is capable of using the options you have defined in ~/.ssh/config but does not seem to use the SSH agent either.

So now we are back with Filezilla. Either we have to invoke ssh-add -A manually before connecting in Filezilla, or automatically add our key to the SSH agent upon login.

What ssh-add -A does is load only the keys which already have passphrase stored in the Keychain.

Ssh Tool For Mac

Convenience sometimes wins and this is the time 🙂 Create file ~/Library/LaunchAgents/ssh.add.a.plist with contents:

This makes your Mac run ssh-add -A every-time you login, so FileZilla will happily use the key from SSH agent.

So we're fixing Filezilla, because it does not know how to use ~/.ssh/id_rsa by default and thus won't load it to the SSH agent. We told OS X to always load keys, whereas ideally we would stick to the default behavior (load keys into agent dynamically, after first use).

Ssh Client For Mac Os X

Caveats

Multiple SSH keys

If you have multiple keys' pass-phrases in your Keychain, then ssh-add -A maybe not desired. Loading all keys will make your SSH client try them all during a connection until it finds the one that works.

This may not be taken lightly by some security hardened servers. So you can specify the mapping between the remote server and your keys like this:

That said, FileZilla does not read your ~/.ssh/config so this is applicable only to the SSH client. So not much luck if you use FileZilla and many keys – the chances of getting banned for key enumeration will increase.

Partial automation

Best Ssh Client For Mac

To setup your OS X SSH client you can try this nifty script I made:

Ssh Client For Mac Os X 10.6

What it does is walk you through the SSH key setup:

• generates SSH key, if there is none
• helps you to convert to an encrypted key, in case existing key is not an encrypted one
• ensures that ~/.ssh/config has same configuration as outlined in this post (only if there was no ~/.ssh/config file)
• optionally, 'fixes' Filezilla by auto-loading keys to SSH agent (otherwise only option is to run 'ssh-add' manually or connecting to the server in SSH first)