Public Key Authentication

A public key is a cryptographic key that is part of a key pair used for public key cryptography. In the context of SSH (Secure Shell) and other cryptographic systems, a public key is associated with an entity (like a user or a server) and is shared openly.

Public keys characteristics

Key Pair

Public key cryptography uses pairs of keys – a public key and a private key. These keys are mathematically related, but information encrypted with one key can only be decrypted with the other key.

Sharing the Public Key

The public key can be freely distributed and shared with others.
It is typically used for encryption or verification of a signature.

Asymmetric Encryption

Public key cryptography is asymmetric, meaning the public key is used for encryption, and the private key is used for decryption.

Authentication

In systems like SSH, the public key is often used for user authentication. The server has the corresponding private key to verify the user's identity.

Digital Signatures

Public keys are also used to create digital signatures, providing a way to verify the authenticity of a message or file.

Format

Public keys are usually in a specific format, such as the OpenSSH format which starts with "ssh-rsa" (for RSA keys) or "ssh-ed25519" (for Ed25519 keys).

When someone wants to send you an encrypted message or verify your identity (e.g., for SSH access), they use your public key. The corresponding private key, which is kept secret, is used for decryption or creating digital signatures.

Key Pair Generation

Key Pairs are generated using the command line tool ssh-keygen. This command is typically available on Unix-like operating systems, including Linux and macOS.

See Generating and using AWS Key Pairs with Terraform or OpenTofu.

You generate a pair of keys – a public key and a private key.

The public key is placed on the server, while the private key is kept secret on your local machine.
Server Configuration:

On the server, a file named authorized_keys (commonly found in the ~/.ssh/ directory) holds the public keys of users allowed to log in. In cloud instances the Public key is usually added during instance creation using Cloud-Init.

Authentication Process

When an user attempts to log in, the server sends a challenge.
The user local machine uses the private key to sign the challenge and sends it back to the server.
The server checks if the signature matches the stored public key. If it does, access is granted.

See tutorials using Public Key Authentication:

Leave a Reply

Your email address will not be published. Required fields are marked *


Related Cloud Tutorials

How to use the Terraform aws_instance resource block to configure, launch, and secure EC2 instances.
How to configure and use the Terraform aws_key_pair resource block to create and manage AWS Key Pairs for performing SSH Public Key Authentication into EC2 instances.
Cloud-init is the industry standard multi-distribution method for cross-platform cloud instance initialisation
Cloud-init is a multi-distribution package that handles the early initialization of cloud instances. It is commonly used in cloud computing environments to perform various tasks during the instance's first boot.
SSH, which stands for Secure Shell, is a cryptographic network protocol that allows for secure communication and data transfer between two computers over an insecure network. Usage: Key features of SSH: Applications of SSH: Next Steps:
Generation of an Ed25519 Key Pair for SSH Authentication on AWS Linux Machines and Uploading of Key Pairs with Terraform.
Javier Ruiz Cloud and SaaS Expert

Javier Ruiz

IT Wonder Lab tutorials are based on the diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has over 25 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

Are you looking for cloud automation best practices tailored to your company?

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram