Welcome to TERN Knowledge Base

Understanding SSH - Key-based Authentication

Owned by Wilma Karsdorp
Last updated: 17 Jan 2024
2 min read

1. Introduction:

SSH (Secure Shell) is a cryptographic protocol that allows secure communication between two computers. One common use of SSH is to securely access remote servers. Instead of using passwords, which can be intercepted, SSH can use a pair of keys: a public key and a private key.

1.1. What does "Cryptographic" mean?

"Cryptographic" pertains to the practice and study of techniques for secure communication in the presence of adversaries. It involves creating, analyzing, and deciphering codes, ensuring that information is only accessible and understandable to those with the correct key or decryption method.

2. Public and Private Keys:

  • Public Key: This is a cryptographic key that can be shared with others. It's used to encrypt data. Anything encrypted with the public key can only be decrypted by the corresponding private key.

  • Private Key: This is kept secret and is used to decrypt data encrypted with the public key.
    It also proves your identity to a server, indicating you own the corresponding public key.

Together, these keys enable secure communication without sharing any secret passwords.

3. Setting Up Key-based Authentication:

a. Generating a new key pair:

To generate a new key pair, use:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

In this command, your_email@example.com is just a label and does not have to be a working email.

This command will produce two files in your ~/.ssh/ directory:

  • id_rsa: Your private key (keep this secure).

  • id_rsa.pub: Your public key (this is shared).

b. Checking for and Viewing Existing Key Pairs:

On a Mac laptop, your keys are typically stored in the ~/.ssh/ directory.

To see if you already have a public key, run:

cat ~/.ssh/id_rsa.pub

If you see a string starting with ssh-rsa, you already have a key pair. Similarly, you can view the private key with:

cat ~/.ssh/id_rsa

Remember: Never share your private key!

4. Connecting Using SSH:

After setting up key-based authentication, you can connect to the server using:

Replace username with your username and remote_server with the server's address.

5. Understanding the Error: "Permission denied (publickey)":

This error means the server didn't find your public key in its ~/.ssh/authorized_keys file, or there's an issue with the private key on your machine.

Possible solutions:

  • Ensure the public key (id_rsa.pub) on your local machine matches an entry in the ~/.ssh/authorized_keys file on the server.

  • Check the permissions of the ~/.ssh/ directory. They should not be accessible by other users.

  • Ensure your local machine is using the correct private key. You might have multiple keys, and SSH may not be using the correct one by default.
    Specify a key using ssh -i /path/to/private_key username@remote_server.

6. Summary:

SSH provides a secure way to connect to remote servers using cryptographic techniques. Key-based authentication, using a public and private key pair, ensures that communication is not only encrypted but also authenticated without sharing passwords. Regularly check and update your keys for optimal security.

Provide your feedback about the experience with Knowledge base