Why learn this?

I was attempting to remotely access my digital ocean droplet from my mac with command ssh root@ip_address, to no avail. To fix this I begun to learn about ssh key based authentication. I went ahead and looked inside the .ssh directories on the remote server (ubuntu) and client (my mac). Files on the server included ./.ssh/authorized_keys and ./.ssh/known_hosts and the client contained a ./.ssh/known_hosts. That's as far as I knew.

What is SSH?

SSH is short secure shell protocol. It's purpose being to provide security over an unprotected network with a key based cryptographic exchange.

What is a public and private key?

A public key is jargon generated from an asymmetric cryptographic algorithm, notably Rivest-Shamir-Adleman (RSA), in order to create a sequence of random characters. A private key is generated as well. On the client computer the public key should be stored in ./.ssh/id_rsa.pub file and the private key in ./.ssh/id_rsa (without extension). These files can be generated with the command:

ssh-keygen -t ed25519 -C "random comment"

How do i connect to a remote computer from my computer?

The answer to this will yield the response to the post title. The client should be loaded with a public and private key. The public key is shareable unlike the private key, obviously. Any system that needs to communicate with the client must contain the public key in it's .ssh/authorized_keys file. So we must copy the contents of our client public key into the server's authorized_keys. Ubuntu servers by default contain the OpenSSH client so no additional configurations are required. Thank goodness for abstraction amirite. Once the public key is added to the server machine you can ssh into the root@ip. That's all it takes to connect to a remote computer from your PC.

How does key-based authentication work?

You won't let me go to bed will ya. Let's go over the two exchanges which occur during SSH key-based authentication. It is similar to the TCP handshake process. If you aren't familiar with the concept please do yourself a favor and read my previous post.

Initial handshake

- The client makes a request to the server: ssh root@your_ip

- This request contains the public key fingerprint so the server knows which public key to use from it's list of authorized_keys.

- The server sends the client a challenge involving random data encrypted with the public key (aka cipher-text)

Latter handshake

- The client must decrypt the random data with it's private key and send a response back to the server.

- The server must compare the decrypted response with the original random data. If they match, authorization is successful.

In simpler terms, the challenge provided by the server with the initial handshake can only be decrypted by the owner of the private key because of the public key's mathematical relation to the private key.