SSH Keys: A Beginner's Guide

SSH Keys: A Beginner's Guide

In this blog, we'll explore the fundamentals of SSH keys, their applications, and how to create one for different scenarios.

What is an SSH Key?

An SSH key is a way to log into computers without needing to type in a password every time. 

It comes in two parts: 

  • public key: You can think of the public key like a lock,
  • private key: The private key as the key to that lock.

You give your public key to any computer you want to connect to. When you try to connect, that computer checks to make sure you have the right private key. If you do, it lets you in without asking for a password. This makes it both easier and safer to access computers remotely.

Understanding SSH: Known Hosts and Authorized Keys

Known Hosts: The known_hosts file is like a contact list on your computer. It keeps track of the "identities" (public keys) of servers you've visited. This helps your computer recognize if a server it connects to is the same one it connected to before or if someone is pretending to be that server.

Authorized Keys: The authorized_keys file works on the server side. It's like a guest list for the server. It contains the public keys of all users who are allowed to log in without a password. If your key is on that list, the server lets you in automatically.

Note: The first time you connect to a server, the client automatically adds the server's public key to its known_hosts file. There's no need to manually add it yourself.

Creating a SSH key

With this understanding, let’s go ahead and create an SSH key. Modern Ubuntu installations come with OpenSSH by default, which supports various types of SSH keys, including the highly secure ed25519 keys.

ssh-keygen -t ed25519 -a 200 -C "your_email@example.com"

When you run the command to generate an SSH key, you’ll be prompted with several questions. You can press Enter to accept the default values for each prompt, which includes setting up the key with no passphrase and using the default file location. The key generation process will then create two files: one for your public key (typically ending in .pub) and another for your private key.

You can create as many SSH keys as you need using this command — each set for different servers or different identities.

To check the newly created SSH key, navigate into .ssh folder using cd command and give ls -la to list the content of the folder.

cd ~/.ssh
ls -la

Here id_ed25519 is the Private key and id_ed25519.pub is the public key.

Note: private key should remain confidential and only stored securely on the user’s machine, while the public key can be shared with any server.

I trust this blog has provided you with a foundational grasp of SSH and its practical applications. Thank you for taking the time to read through, and I hope it serves you well in your secure computing endeavors! ;)

Read more