Docs5 min readLast updated: undefined

ssh keys explained

title: SSH Keys: Public vs. Private
description: How passwordless login works. The Lock and Key analogy.
date: 2024-03-25
category: Web & Network
order: 14
readingTime: 6 min read

When you connect to a server using SSH (Secure Shell), you usually don't type a password. You use a Key Pair.

The Analogy: The Padlock

Imagine you want to secure a door (the server).

  1. Public Key: This is a Padlock. You can make thousands of copies of this padlock and give them to anyone. You can leave them on park benches. It doesn't matter if someone steals it; they can only lock things with it.
  2. Private Key: This is the Physical Key that opens the padlock. You keep this in your pocket. You never give it to anyone.

How Authentication Works

  1. Setup: You copy your Public Key (Padlock) to the server. The server puts it on its "door" (~/.ssh/authorized_keys).
  2. Connection: When you try to log in, the server sees the padlock. It creates a random message, encrypts it using the padlock, and sends it to you.
  3. Proof: Your computer uses your Private Key to decrypt the message. It sends the decrypted message back.
  4. Access: The server confirms you successfully unlocked the message and lets you in.

Security Rule

Never share your Private Key. If you lose it, you are locked out. If someone steals it, they can open any server where you installed your Public Key.