I actually looked this up earlier today because i didn’t understand part of it.
An ssh key is, as i understand it, a way to encrypt the connection so only a device that has they key can unlock it.
There are 2 parts, a private key which should never be shared and a public one which can freely be shared.
You usually generate both keys on the device that connects to the ssh, keep the private key on there with the public key going on the server. Thats the part that confused me. (Why is the secret one not on the server i don’t want people to access)
But the way it works is that the public key is used to encrypt/lock something.And only the private key can unlock it.
Any other device that tries to connect just gets an encrypted connection they don’t have the key for. Because these keys are so long no current day tool can guess or crack them. So it is the absolute safest way to establish an ssh connection.
Quantum computers might in the future be able to break them but solutions for this are being worked on.
There are also some systems where you have 2 key pairs where the server also has a private key, to authenticate both ways.
ssh keypairs secure from the point of authority. In the case of you logging into your account, the server’s job is to ask a question that only you can answer.
In the case of a password, the remote server doesn’t store your password either, it stores a derivative hash that can, in theory, only be generated using complex math + your password as an input. You are the only one that stores your actual password.
In the case of an ssh keypairs, it works very similarly. The public key allows the server to cryptographically ask a question that only the private key can generate an answer to correctly.
It is fundamentally the same secret exchange handshake as a password just with a few extra steps to make things more secure during automation. A password can be weak and guessable, an ssh key cannot (at least not any more than other keys of the same algorithm can).
I actually looked this up earlier today because i didn’t understand part of it.
An ssh key is, as i understand it, a way to encrypt the connection so only a device that has they key can unlock it.
There are 2 parts, a private key which should never be shared and a public one which can freely be shared.
You usually generate both keys on the device that connects to the ssh, keep the private key on there with the public key going on the server. Thats the part that confused me. (Why is the secret one not on the server i don’t want people to access)
But the way it works is that the public key is used to encrypt/lock something.And only the private key can unlock it.
Any other device that tries to connect just gets an encrypted connection they don’t have the key for. Because these keys are so long no current day tool can guess or crack them. So it is the absolute safest way to establish an ssh connection.
Quantum computers might in the future be able to break them but solutions for this are being worked on.
There are also some systems where you have 2 key pairs where the server also has a private key, to authenticate both ways.
ssh keypairs secure from the point of authority. In the case of you logging into your account, the server’s job is to ask a question that only you can answer.
In the case of a password, the remote server doesn’t store your password either, it stores a derivative hash that can, in theory, only be generated using complex math + your password as an input. You are the only one that stores your actual password.
In the case of an ssh keypairs, it works very similarly. The public key allows the server to cryptographically ask a question that only the private key can generate an answer to correctly.
It is fundamentally the same secret exchange handshake as a password just with a few extra steps to make things more secure during automation. A password can be weak and guessable, an ssh key cannot (at least not any more than other keys of the same algorithm can).