12.12.2020

Enter Passphrase For Key Macos Sierra

Enter Passphrase For Key Macos Sierra 7,1/10 636 votes
  1. Mac Enter Passphrase For Key
  2. Enter Passphrase For Key Macos Sierra Download
  3. Enter Passphrase For Key Macos Sierra Windows

These advanced steps are for system administrators and others who are familiar with the command line.

Next you can opt to encrypt your private key with a passphrase. The passphrase is an extra layer of security on your private key. With a passphrase, not only does someone need to gain access to your private key, they also need your passphrase in order to make use of it. Enter passphrase (empty for no passphrase): To set a passphrase, enter it here.

Create a FileVault master keychain

Mac Enter Passphrase For Key

  • Sep 28, 2016  The behavior of ssh, ssh-agent and ssh-add, changed in macOS Sierra. There is no GUI pop up asking for ssh key passphrase to store the identity in ssh-agent. Instead, ssh asks you for the passphrase via command line prompt, then stores the passphrase in the Keychain. The worst part is, there’s no clue to delete that via Keychain Access.
  • If you’re a systems administrator and you’ve recently upgraded to Apple’s macOS Sierra, you may have noticed that macOS now stores your SSH key passphrase by default, without even.
  • Copy your idrsa.pub key to your server’s.ssh/authorizedkeys file. Add your passphrase to your keychain using this command: $ ssh-add -K (you will see Enter passphrase for your system/.ssh/idrsa: ).
  • Generating a public/private rsa key pair. The prompt defaults to save the new key pair in the /home/username/.ssh/directory and name it 'idrsa'. Unless you want to change the location or name of the file, just click Enteron your keyboard to continue. Enter a passphrase (leave empty for no passphrase).
  • Save your SSH passphrase in your Sierra keychain, like you used to be able to February 16, 2017 One of the Mac’s best features for tech types has been disabled by default in Sierra: being able to save the passphrase for an SSH public-private key pair in the macOS keychain.
  1. Open the Terminal app on your Mac, then enter this command:
  2. When prompted, enter the master password for the new keychain, then enter it again when prompted to retype. Terminal doesn't show the password as you type.
  3. A key pair is generated, and a file named FileVaultMaster.keychain is saved to your desktop. Copy this file to a secure location, such an encrypted disk image on an external drive. This secure copy is the private recovery key that can unlock the startup disk of any Mac set up to use the FileVault master keychain. It is not for distribution.

Enter Passphrase For Key Macos Sierra Download

In the next section, you will update the FileVaultMaster.keychain file that is still on your desktop. You can then deploy that keychain to Mac computers in your institution.

Remove the private key from the master keychain

/enable-ntfs-write-support-for-mac-osx-sierra.html. After creating the FileVault master keychain, follow these steps to prepare a copy of it for deployment:

  1. Double-click the FileVaultMaster.keychain file on your desktop. The Keychain Access app opens.
  2. In the Keychain Access sidebar, select FileVaultMaster. If you see more than two items listed on the right, select another keychain in the sidebar, then select FileVaultMaster again to refresh the list.
  3. If the FileVaultMaster keychain is locked, click in the upper-left corner of Keychain Access, then enter the master password you created.
  4. From the two items shown on the right, select the one identified as ”private key” in the Kind column:
  5. Delete the private key: Choose Edit > Delete from the menu bar, enter the keychain master password, then click Delete when asked to confirm.
  6. Quit Keychain Access.

Now that the master keychain on your desktop no longer contains the private key, it's ready for deployment.

Deploy the updated master keychain on each Mac

After removing the private key from the keychain, follow these steps on each Mac that you want to be able to unlock with your private key.

  1. Put a copy of the updated FileVaultMaster.keychain file in the /Library/Keychains/ folder.
  2. Open the Terminal app and enter both of the following commands. These commands make sure that the file's permissions are set to -rw-r--r-- and the file is owned by root and assigned to the group named wheel.
  3. If FileVault is already turned on, enter this command in Terminal:
  4. If FileVault is turned off, open Security & Privacy preferences and turn on FileVault. You should see a message that a recovery key has been set by your company, school, or institution. Click Continue.

This completes the process. If a user forgets their macOS user account password and can't log in to their Mac, you can use the private key to unlock their disk.

Use the private key to unlock a user's startup disk

Powershell ise for mac os x. If a user forgot their account password and can't log in to their Mac, you can use the private recovery key to unlock their startup disk and access its FileVault-encrypted data.

  1. On the client Mac, start up from macOS Recovery by holding Command-R during startup.
  2. If you don't know the name (such as Macintosh HD) and format of the startup disk, open Disk Utility from the macOS Utilities window, then check the information Disk Utility shows for that volume on the right. If you see ”CoreStorage Logical Volume Group” instead of ”APFS Volume” or ”Mac OS Extended,” the format is Mac OS Extended. You will need this information in a later step. Quit Disk Utility when done.
  3. Connect the external drive that contains the private recovery key.
  4. From the menu bar in macOS Recovery, choose Utilities > Terminal.
  5. If you stored the private recovery key in an encrypted disk image, use the following command in Terminal to mount that image. Replace /path with the path to the disk image, including the .dmg filename extension:
    Example for a disk image named PrivateKey.dmg on a volume named ThumbDrive:
    hdiutil attach /Volumes/ThumbDrive/PrivateKey.dmg
  6. Use the following command to unlock the FileVault master keychain. Replace /path with the path to FileVaultMaster.keychain on the external drive. In this step and all remaining steps, if the keychain is stored in an encrypted disk image, remember to include the name of that image in the path.
    Example for a volume named ThumbDrive:
    security unlock-keychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  7. Enter the master password to unlock the startup disk. If the password is accepted, the command prompt returns.

Continue as described below, based on how the user's startup disk is formatted.

APFS

If the startup disk is formatted for APFS, complete these additional steps:

SierraEnter passphrase for key
  1. Enter the following command to unlock the encrypted startup disk. Replace 'name' with the name of the startup volume, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a startup volume named Macintosh HD and a recovery-key volume named ThumbDrive:
    diskutil ap unlockVolume 'Macintosh HD' -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  2. Enter the master password to unlock the keychain and mount the startup disk.
  3. Use command-line tools such as ditto to back up the data on the disk, or quit Terminal and use Disk Utility.

Mac OS Extended (HFS Plus)

If the startup disk is formatted for Mac OS Extended, complete these additional steps:

Enter Passphrase For Key Macos Sierra Windows

  1. Enter this command to get a list of drives and CoreStorage volumes:
  2. Select the UUID that appears after “Logical Volume,” then copy it for use in a later step.
    Example: +-> Logical Volume 2F227AED-1398-42F8-804D-882199ABA66B
  3. Use the following command to unlock the encrypted startup disk. Replace UUID with the UUID you copied in the previous step, and replace /path with the path to FileVaultMaster.keychain on the external drive or disk image:
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs unlockVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain
  4. Enter the master password to unlock the keychain and mount the startup disk.
  5. Use command-line tools such as ditto to back up the data on the disk. Or quit Terminal and use Disk Utility. Or use the following command to decrypt the unlocked disk and start up from it.
    Example for a recovery-key volume named ThumbDrive:
    diskutil cs decryptVolume 2F227AED-1398-42F8-804D-882199ABA66B -recoveryKeychain /Volumes/ThumbDrive/FileVaultMaster.keychain