🔑 Setting Up SSH Keys
SSH keys come in pairs: a private key that stays on your computer (never share this) and a public key that goes on the remote server. Key-based authentication is more secure than password-based login and enables passwordless, faster access.
Generating SSH Keys (ssh-keygen)
This command generates a key pair where:
- -t rsa → specifies the type of key (RSA is common).
- -b 4096 → sets the key size (more bits = stronger security).
- -C "email" → adds an optional comment for identification.
Example steps:
- Run ssh-keygen → press Enter to accept default file location (~/.ssh/id_rsa).
- Set a passphrase (optional but adds extra security).
Copying Public Keys (ssh-copy-id)
To use key-based login, copy your public key to the remote server:
You'll enter your password once. After that, SSH will use the key for login.
Manual method: You can also manually append your public key (~/.ssh/id_rsa.pub) to the remote server's ~/.ssh/authorized_keys file.
Key-Based Authentication vs Password
Password login:
- You type your password each time.
- Vulnerable to brute force attacks.
Key-based login:
- Passwordless, faster, and more secure.
- Only someone with the private key can log in.
Real-life analogy
Think of the private key as your house key and the public key as a special lock you put on your friend's door. Only your private key can unlock it. Password login is like unlocking a door with a keypad every time, while key-based login is like a key that always fits and opens the door instantly. Key-based login is essential for automation, like scripts or servers talking to each other securely.
