A public key is a cryptographic key that is part of a key pair used for public key cryptography. In the context of SSH (Secure Shell) and other cryptographic systems, a public key is associated with an entity (like a user or a server) and is shared openly.
Public key cryptography uses pairs of keys – a public key and a private key. These keys are mathematically related, but information encrypted with one key can only be decrypted with the other key.
The public key can be freely distributed and shared with others.
It is typically used for encryption or verification of a signature.
Public key cryptography is asymmetric, meaning the public key is used for encryption, and the private key is used for decryption.
In systems like SSH, the public key is often used for user authentication. The server has the corresponding private key to verify the user's identity.
Public keys are also used to create digital signatures, providing a way to verify the authenticity of a message or file.
Public keys are usually in a specific format, such as the OpenSSH format which starts with "ssh-rsa" (for RSA keys) or "ssh-ed25519" (for Ed25519 keys).
When someone wants to send you an encrypted message or verify your identity (e.g., for SSH access), they use your public key. The corresponding private key, which is kept secret, is used for decryption or creating digital signatures.
Key Pairs are generated using the command line tool ssh-keygen. This command is typically available on Unix-like operating systems, including Linux and macOS.
See Generating and using AWS Key Pairs with Terraform or OpenTofu.
You generate a pair of keys – a public key and a private key.
The public key is placed on the server, while the private key is kept secret on your local machine.
Server Configuration:
On the server, a file named authorized_keys (commonly found in the ~/.ssh/ directory) holds the public keys of users allowed to log in. In cloud instances the Public key is usually added during instance creation using Cloud-Init.
When an user attempts to log in, the server sends a challenge.
The user local machine uses the private key to sign the challenge and sends it back to the server.
The server checks if the signature matches the stored public key. If it does, access is granted.
See tutorials using Public Key Authentication:
IT Wonder Lab tutorials are based on the diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has over 25 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.
Are you looking for cloud automation best practices tailored to your company?