Linux - SSH Key Authentication

SSH key authentication is a secure method of logging into a remote server without using a password. Instead, it uses a pair of cryptographic keys—a public key and a private key—that work together to verify your identity. This method is safer, faster, and more reliable than traditional password-based logins, especially in server management and DevOps environments.

How SSH Key Authentication Works

  1. Key Pair Generation
    You generate a key pair on your local machine using:

    ssh-keygen

    • Private Key → stays on your local machine (never shared).

    • Public Key → uploaded to the server.

  2. Public Key Added to Server
    The public key is stored in the server’s ~/.ssh/authorized_keys file.
    When you attempt to connect, the server checks this key to confirm your identity.

  3. Authentication Process
    When you run:

    ssh user@server

    • The server sends a challenge encrypted with your public key.

    • Your local machine uses the private key to decrypt and respond.

    • If the response matches, access is granted.

No password is transmitted, making the process highly secure.

Why SSH Key Authentication Is Better

Stronger security – Keys are nearly impossible to brute-force compared to passwords.
Passwordless login – Saves time and supports automation.
Prevents phishing attacks – No password means nothing to steal.
Supports automation tools – Essential for DevOps pipelines, Git operations, and infra management.
Can be protected with a passphrase – Adds an extra layer of security to the private key.

How to Set It Up (Simplified)

  1. Generate key pair

    ssh-keygen -t rsa -b 4096

  2. Copy public key to server

    ssh-copy-id user@server

    or manually add it to ~/.ssh/authorized_keys.

  3. Connect

    ssh user@server

That’s it — seamless, secure access without typing a password.

Best Practices

  • Never share your private key.

  • Use strong key types (RSA 4096 bits, ED25519).

  • Protect the private key with a passphrase.

  • Restrict permissions:

    chmod 600 ~/.ssh/id_rsa
chmod 700 ~/.ssh

  • Disable password authentication on the server once keys work:

    PasswordAuthentication no

 

SSH key authentication is a foundational skill for developers, system administrators, and DevOps engineers. It ensures secure, fast, and automated access to remote systems—making server management far more efficient and safe.