Overview

SSH authentication aka public key authentication is a password-less login system used to securely connect to remote servers. The authentication involves the generation of key pair files from an asymmetric cryptographic algorithm. SSH is commonly used to transfer files to remote servers like pushing code to GitHub's network.

Generate keys

Commnd to generate key pair:

ssh-keygen -t ed25519 -C "random comment"

Keys generated from the algorithm are (obscurely) related. The public key must be copied into target remote server(s) at location: ~/.ssh/authorized_keys and will be located in the client at ~/.ssh/id_rsa.pub. The server uses the public key to authenticate requests from client's with a matching public key. The private key will be located in the client at location: ~/.ssh/id_rsa.

Authentication Cycle

1. Remote server sends a public key encrypted text challenge to the client.

2. Client decrypts the text using the corresponding private key and sends the response to the server.

3. Server validates the decrypted text from the client's response.

4. If successful; SSH connection is established.

Visual Representation

Connecting to a remote server

ssh root@your_ip

Important files:

Remote server:

• .ssh/authorized_keys : Public keys of permitted clients
• ssh/known_hosts : History of fingerprints

Client:

• ssh/known_hosts : Avoid man-in-the-middle attack
• .ssh/id_rsa.pub: Public key
• .ssh/id_rsa: Private key