SSH Key Pair
An SSH Key Pair is a 2-tuple composed of a public key and a private key generated by an SSH Key Generator.
- Context:
- It can (typically) have a Key Pair Name.
- It can range from being an SSH-1 Key Pair to being an SSH-2 Key Pair.
- It can range from being a SSH Public Key to being an SSH Private Key.
- It can be created by an SSH Key Generator (e.g.
ssh-keygen -t rsa -b 8192 -C "github@gbormlli.com"
andssh-keygen -t ed25519 -C "gbormlli@gmail.com"
). - ...
- Example(s):
- a 1024-bit SSH-2 RSA key pair, such as:
- public:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAg...qCLE4b/XJKBotT+2JKa97w== github@gbormlli.com
- pricate:
dffChW2P/aUMqt...gcSSPXpZCQLUUjKGzHS9kSQo
- public:
- ...
- a 1024-bit SSH-2 RSA key pair, such as:
- Counter-Example(s):
- See: SSH Protocol.
References
2013
- http://en.wikipedia.org/wiki/Secure_Shell#Key_management
- On Unix-like systems, the list of authorized public keys is stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys.[1] This file is only respected by ssh if it is not writable by anything apart from the owner and root. When the public key is present on the remote end and the matching private key is present on the local end, typing in the password is no longer required (some software like Message Passing Interface (MPI) stack may need this password-less access to run properly). However, for additional security the private key itself can be locked with a passphrase.
The private key can also be looked for in standard places, and its full path can be specified as a command line setting (the option -i for ssh). The ssh-keygen utility produces the public and private keys, always in pairs.
SSH also supports password-based authentication that is encrypted by automatically generated keys. In this case the attacker could imitate the legitimate side, ask for the password and obtain it (man-in-the-middle attack). However this is only possible if the two sides have never authenticated before, as SSH remembers the key that the remote side once used. Password authentication can be disabled.
- On Unix-like systems, the list of authorized public keys is stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys.[1] This file is only respected by ssh if it is not writable by anything apart from the owner and root. When the public key is present on the remote end and the matching private key is present on the local end, typing in the password is no longer required (some software like Message Passing Interface (MPI) stack may need this password-less access to run properly). However, for additional security the private key itself can be locked with a passphrase.
2012
- https://wiki.archlinux.org/index.php/SSH_Keys
- SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted. Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.
As well as offering additional security, SSH key authentication can be more convenient than the more traditional password authentication. When used with a program known as an SSH agent, SSH keys can allow you to connect to a server, or multiple servers, without having to remember or enter your password for each system.
SSH keys are not without their drawbacks and may not be appropriate for all environments, but in many circumstances they can offer some strong advantages. A general understanding of how SSH keys work will help you decide how and when to use them to meet your needs. This article assumes you already have a basic understanding of the Secure Shell protocol and have installed the Template:Pkg package, available in the Official Repositories.
- SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted. Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.