This page has been optimized for printing

What is a SSH key?

For many services when you need to authenticate with a remote server you are generally presented with a username and password input. While this is convenient it is prone to attack through means such as brute force password guessing. This document's goal is to explain what an SSH certificate is and why you should be using them. This document will not explain the technical specifics of what a key is, but provide a high-level understanding for the uninitiated.

What a SSH key is

The SSH key is usually generated using a tool such as `openssl` or `puttygen`, each key is random and unique to you. The private key is saved to a file, preferably encrypted to add an additional layer of protection. The public key is installed on the service you wish to gain access to by means of SSH key authentication.

A SSH key consists of two parts, a public and private pair, these are known as the "Private Key" and the "Public Key". As the names imply, the private key is intended to be kept private, never shared with anyone or transferred over the internet by any communications means. The public key however is intended to be given out and shared, there is no security risk in doing so.

The SSH key pair is usually generated using a tool such as `openssl` or `puttygen`, each key is random and unique globally to you. The private key is saved to a file, preferably encrypted to add an additional layer of protection. The public key is installed on the service you wish to gain access to by means of SSH key authentication.

Benefits

  • Once a key has been set up on your server, password authentication can be disabled on the account, making it impossible for the password, even if known, to be used to gain access to the server.
  • You can also use the same key to access multiple servers or multiple accounts on the same server without any risk to security.
  • You are able to install multiple public keys onto a single account, allowing you to give someone else access without sharing your key or password, say for example a contracted developer.

More Information