SSH Keys Authentication- What & Why

1. SSH keys Authentication- What & Why SSH Public Key Authentication​ is a scheme that is considered more secure than simple passwords. It provides cryptographic strength that is far superior than even complicated long passwords. SSH is able is to improve security as it frees the user from remembering or writing down complicated passwords. Plus, SSH keys offer more benefits such as – ● Users can sign in across various SSH connected servers in a single click. ● A large organization has the option to allow automated, password-less login for secure automation processes. SSH Keys Authentication uses two concepts to enforce its automation login process. There are: ● Asymmetric Cryptography: ​Any encryption scheme in the current market runs on an algorithm. These algorithms are well-researched, tested, and secured. The most commonly used is RSA and DSA. However, public-key encryption works on its own algorithm, which has two separate keys. Both keys are part of a pair that is specific to only each other. ● Key Pair ​- Public and Private: Normally, the user is tasked with creating the provision key pair for their SSH server. SSH helps them generate and copy these keys for later purposes. As mentioned above, each pair has two unique keys, ‘Public Key and Private Key.’

2. SSH keys Authentication- What & Why What are these public and private keys? A public key is a file that is copied to the SSH server and is available to anyone with access to the server. He can encrypt data from the file, but he can’t read what’s on the file. The person who holds the corresponding private key, which is you can read the public key. Once SSH servers receive a public key from a user and determine if it is trustworthy or not. If it is, then the key is marked as authorized keys file. A private key is the one that remains with the user. The user’s identity is defined by the possession of the private key. Hence, private keys are known as identity keys. Only user’s who possess the corresponding private key to the server public key is authenticated to the server. This key should be stored and handled carefully, and in no circumstances should you distribute copies of the key. How to set up Public Key Authentication for SSH? ● It is very simple, just follow the steps: ● First, you have to create a key pair that you can do from ssh-keygen (available in SSH server). ● Then the private key is stored with you, and only then you sent the public key to the server. You can send the key using ssh-copy-id utility. ● The server will store the public key and show you a message that it is marked as authorized. Now anyone who has your private key will have access to the SSH server.

3. SSH keys Authentication- What & Why How should you handle the Private Key? The entire safety of your server depends on how well you can guard the private key. Normally, the user keeps their private key encrypted with a passphrase. So, whenever the server asks for the private key. You can enter the passphrase, and the key will be decrypted. The passphrase is handled by an SSH agent, which makes it different than a password login. In most cases, such as scripts, applications, etc. the private key is not protected. In such a case, companies plan and use various key management practices to remain secure from attackers . Conclusion: SSH public key authentication is not a full-proof secure scheme, people can lose their private key, and it can be a disaster. But the same can happen if you forget your password. However, SSH key authentication has various methods that users can use to safeguard the private key. This makes the SSH authentication a lot more secure than the symmetric or secret key algorithm. Plus, as mentioned above, it has a lot of other benefits as well.