Public/Private Key Cryptography isn’t exactly new stuff in the world of Computing. It makes our world go round. It is the basis for secure communication in today’s world. HTTPS, SSL, TLS, SSH are all cryptographic protocols that use Public/Private key infrastructures. Without these protocols, we would think twice about using credit card, banking or any other sensitive information on the Internet.
We all know that passwords aren’t very secure. If you choose a password that is easy to remember then its easier to guess via brute force. If you choose a password that is random or hard to remember then you are more likely to write it down. Any well-versed digital community member already has many username/password credentials to remember so we are less likely to remember extremely difficult random passwords. This is the password paradox, which leads me to look into managing access via public/private key pairs instead.
Generate a public/private key pair (if you don’t have one already)
- *Backup your existing keys* — if they exists so that you don’t overwrite them.
- generate a new key with ssh-keygen
Definitely setup a passphrase! – Its like a password for your private key. The passphrase is a second line of defence if anyone were to acquire your private key.
.pub is your public key, you can safely share this anywhere, whereas the private key is entirely private! DO NOT show anyone, don’t copy it anywhere and only securely back it up.. This is your new password and large liability if it fell into the wrong hands.
Some folks like to generate and manage keypairs for each location, or at least manage certain levels of keys, but I’m not going to dive into that topic.
Configure the Server (if needed)
Make sure that the server has Public key authentication enabled (most do). for OpenSSH it would be the following in the
Then all you have to do is:
- Put your public key (the one ending in
.pub) as a line in the
~/.ssh/authorized_keysfile (create it if it doesn’t exist)
- Restart your SSH server
- Log in without being prompted for a password
This is really handy for managing servers especially on Amazon’s EC2, local access between machines, SFTP, SSH tunneling, or even getting access to a jailbroken iPhone or any other device with OpenSSH installed on it.