Take cybersecurity seriously and use SSH keys to access remote logins. They’re a more secure way to connect than passwords. We show you how to generate, install, and use SSH keys in Linux.
What’s Wrong With Passwords?
Secure shell (SSH) is the encrypted protocol used to log in to user accounts on remote Linux or Unix-like computers. Typically such user accounts are secured using passwords. When you log in to a remote computer, you must provide the user name and password for the account you are logging in to.
Passwords are the most common means of securing access to computing resources. Despite this, password-based security does have its flaws. People choose weak passwords, share passwords, use the same password on multiple systems, and so on.
SSH keys are much more secure, and once they’re set up, they’re just as easy to use as passwords.
What Makes SSH Keys Secure?
SSH keys are created and used in pairs. The two keys are linked and cryptographically secure. One is your public key, and the other is your private key. They are tied to your user account. If multiple users on a single computer use SSH keys, they will each receive their own pair of keys.
Your private key is installed in your home folder (usually), and the public key is installed on the remote computer—or computers—that you will need to access.
Your private key must be kept safe. If it is accessible to others, you are in the same position as if they had discovered your password. A sensible—and highly recommended—precaution is for your private key to be encrypted on your computer with a robust passphrase.
The public key can be shared freely without any compromise to your security. It is not possible to determine what the private key is from an examination of the public key. The private key can encrypt messages that only the private key can decrypt.
When you make a connection request, the remote computer uses its copy of your public key to create an encrypted message. The message contains a session ID and other metadata. Only the computer in possession of the private key—your computer—can decrypt this message.
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dave McKay