Public and Private Keys

If you are bored of typing passwords, or you want to make the process of remote authentication more secure, you can use public and private keys to identify yourself.

A PPK (Public Private Key) pair consists of two keys:

■ A private key that you keep to yourself and share with no one else

■ A public key that you install on all servers you want to log in to that can be read by anybody

PPKs are useless if you do not have the pair of keys. Even if someone finds your public key, he or she cannot use it detrimentally because it can only be used together with the private key that you have kept secret.

You have two options for how you want to create your key pair — with or without a passphrase. A passphrase is a long string of characters that can be thought of as your password. A passphrase could be a sentence, or a piece of text you can remember, and can contain spaces.

This makes the PPK much more secure because even if your private key has been compromised, the user still needs to know your passphrase. If you do not set a passphrase, you can then log in to a machine without entering a password or a passphrase, and you rely on the security of the PPK partnership and nothing else. If security is a big thing for you (and it should be), you should set a passphrase when asked.

To create a PPK, you need to run the ssh-keygen command. The ssh-keygen command takes quite a few arguments, but we will create a standard SSH2 key pair for our purposes. Consider the example shown in Listing 15-11.

Was this article helpful?

0 0

Post a comment