remote
local
SSH works by generating a pair of keys.
The magic here is that, you cannot generate the private key from the public key, however, ONLY the private key can unlock the public key.
This means that you can pass your public key around freely, without worrying that anyone can unlock it, because only you have the correct private key to unlock it.
On your local machine, generate a pair of keys, a private key that identifies you, and a public key that you can pass around (to the server that you want to access).
ssh-keygen -t rsaAt this point, it would prompt you for a passphrase. This is an additional layer of security which is optional, if you choose not to use it just leave it empty. Setting a passphrase will configure your keys such that you would have to enter a passphrase to use it. In the event that someone steals your private key, he would have access to all your servers. Adding this additional layer means that he would not only need your private key, but your passphrase as well.
# on your local machine
~/
.ssh/
id_rsa # your private key, don't give this out!
id_rsa.pub # public key for handing out to remote serverNow, access your remote server and create the ~/.ssh directory if it does not already exist. Copy the contents inside ida_rsa.pub into the file ~/.ssh/authorized_keys (make it if it does not exist).
# on your remove server
~/
.ssh/
authorized_keysthe authorized_keys file would contain more than one public keys depending on how many users negotiate access to it.
Now, when you SSH into your server, your would not need a password and the channel would be secure
ssh user@172.164.120.133There can be another case in which the server generates and stores the public key, and then gives you the private key. This is typical when you sign up for a AWS server with Amazon. in this case, you should not use the id_rsa key that you generated yourself, but the private key that was given to you. To SSH using a custom private key:
shh -i ./path/to/private/key.pem user@172.164.120.133