Think of Public Keys as Locks!
Maybe public keys should be called locks instead of keys. However, it makes sense that private keys are called keys.
Table of Contents 📖
SSH Keys
SSH keys are a cryptographic pair used for secure communication between a client and a server and consist of two parts:
- Private Key - This key remains securely on your local machine.
- Public Key - This key is shared with any server you wish to connect to.
To authenticate with a server, SSH uses the private key to sign a challenge that the server can verify using the public key.
WARNING: Think of public keys as locks and private keys as keys that open the locks. The lock (public key) is available to anyone, but only the key (private key) can open it.
So, this is why you push the public key to the SSH server. The server is locked and needs to be unlocked by the private key, which is what you have stored on your machine.
ssh-add
ssh-add is a command used to manage SSH keys with the SSH agent. The SSH agent is a background program that stores your private keys and provides them when needed to authenticate with a remote server. When you add a key using ssh-add, you're essentially telling the SSH agent to keep your private key in memory for future authentication without needing to enter your passphrase every time.
ssh-add ~/.ssh/id_rsa
Public and Private Keys in Action
- When you try to connect to the server, your SSH client uses the private key to sign a piece of data.
- The server then checks if the signed data matches the public key stored in the ~/.ssh/authorized_keys file.
- If there's a match, authentication is successful. If not, the connection is rejected.