SSH public key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one “private” and the other “public”. We keep the private key a secret and store it on the computer you use to connect to the remote system.
Each private key has a corresponding public key. Generally, the public key can be easily derived from the private key, but deriving the private key from the public key is computationally infeasible.
Table of Contents
Understanding Public key and Private key
- In a public-key cryptosystem, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. In some cryptosystems, public keys can also be used for encrypting messages so that they can only be decrypted using the corresponding private key.
- In public-key cryptosystems, a private key is a key used for digitally signing documents. In some cryptosystems, it can also be used for decrypting data encrypted using a public key.
Understanding Key Pairs
Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key.
Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.
To create the digital identity, the public and private key are both generated, and the pair is associated with each other using a strong public key cryptography algorithm. The most common mathematical algorithms used in to generate SSH keys are Rivest–Shamir–Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA).
Get the public key from the private key with ssh-keygen
To get a usable public key for SSH purposes, use ssh-keygen:
ssh-keygen -y -f privatekey.pem > key.pub
- -y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.
- -f filename Specifies the filename of the key file.
Get the public key from the private key with OpenSSL
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general purpose cryptographic library, which can also be used stand-alone.
- openssl rsa -in privatekey.pem -pubout > key.pub
- Exploring SSL Certificate Chain with Examples
- Understanding X509 Certificate with Openssl Command
- OpenSSL Command to Generate View Check Certificate
- Converting CER CRT DER PEM PFX Certificate with Openssl
- SSL vs TLS and how to check TLS version in Linux
- Understanding SSH Key RSA DSA ECDSA ED25519
- Understanding server certificates with Examples