ssh keypairs 101

M

murraybiscuit

Executive Member
Joined
Oct 10, 2008
Messages
6,483
please explain to me... i'm a bit foggy on the whole thing.
so you get a public and private keypair... what's the difference?
from what i understand, it generates a fingerprint which is better than a password between two servers
does this fingerprint contain the password... or does it encrypt the password?
can you choose to not enter a password in order to authenticate more easily?
why do i have to add my key to git servers? is this my public or private key?
what if somebody compromises my workstation and steals my key and i didn't set a password?

i've been trying to read up on it, it's just that there's lots telling you how to do it, but not a lot telling you how it works (in easy to understand language).
apologies if the questions don't make much sense. :)
 
Tinuva

Tinuva

The Magician
Joined
Feb 10, 2005
Messages
12,475
Public key is the key you upload to git servers, to other Linux servers you want to log in to and which you can add to public directories.

The private key you keep with yourself, you safeguard it almost as bad as you would safeguard secret documents. You can have it without a password, but then if someone get their hands on your private key, they can log in anywhere as you where you could use it, so best is to set a password. Think of the private key as your bank card, where the password is your pin code. If someone has your pin, they cant access your account without the card, same with having the card, they cant access the account without the pin code. The public key would then be your account with the bank, in this very simplified scenario.
 
M

murraybiscuit

Executive Member
Joined
Oct 10, 2008
Messages
6,483
tx. that helps somewhat.
i see there's also a session key which is generated for each new login and actually encrypts the data once authenticated.
interesting.
 
S

starring

Active Member
Joined
Aug 26, 2010
Messages
80
Tinuva said:
Think of the private key as your bank card, where the password is your pin code. If someone has your pin, they cant access your account without the card, same with having the card, they cant access the account without the pin code. The public key would then be your account with the bank, in this very simplified scenario.
Click to expand...

...used to dread the subject, but after Tinuva's crispy analogy above, phew i guess i gotta get back on the wagon and keep reading on it....thanks T
 
Tinuva

Tinuva

The Magician
Joined
Feb 10, 2005
Messages
12,475
Heh np. There is however a lot more to these keys, I am just trying to explain that you should use a password with them, and that keys are very useful. For example if I had to outsource a problem I have to someone on a server, I would much rather trust adding their ssh public key than giving out passwords, that way they have no idea what my passwords are, can still do the work and afterwards I can just remove the key and lock down the firewall again. Of coarse they can still add backdoors and what not, but thats why you have firewalls ect and check at what exactly they did.
 
You must log in or register to reply here.
Top