SSH Keys

SSH keys provide authentication using Public-Key Cryptography to identify trusted computers without involving passwords.

SSH keys must configured. First, the user generates a pair of encrypted keys—a public key and a private key. The user stores the public key on the remote server and keeps the private key on their computer.

When the user attempts to login to the remote server, it establishes an encrypted connection, and the remote server encrypts a random number with the user's public key. It sends the encrypted message to the user's computer, which then decrypts it with the user's private key. Then it sends back the correct answer to the remote server. (Full details.)

The remote server authorizes the user's computer because they possessed the private key, the only key which can unlock the public key encrypted message. So instead of using a password, authorization becomes: (1) the presence of the public key on the remote server, (2) the presence of a matching private key on the user's computer.

Advantages

The primary advantage is that SSH keys only allow access from previously "blessed" computers. No login password is needed, so there is no password to steal. In fact, it is possible to disable password logins to a server completely and only allow access with SSH keys. Of course, the private key becomes vulnerable, but it is much harder to steal than a simple password. In addition, the private key should be password protected.

Another advantage is that many servers can be given the same public key. There is no risk in having one the public keys exposed. They are meant to be public.

SSH keys are great for admins and developers who may frequently connect to servers over TCP or FTP. Git and Github both use SSH keys to submit code to code repositories.

Disadvantages

The primary advantage of SSH keys can also be a disadvantage. They only allow access from "blessed" computers. A server administrator who is away from their computer cannot simply use a different computer with a username and password to get access. They would need to have password logins configured as well.

SSH keys are only usable for SSH connections which allow TCP, UDP, and FTP. It offers no help for website logins and is not much benefit to regular users.

Fork me on GitHub