SSH Public Key Authentication to Access Linux 1
Following my previous post on ‘Cryptography – How are RSA, AES and SHA different?‘, a specific use case is described in this article, using RSA asymmetric key pair for user authentication. We often use a username and a password combination for user authentication. The public key authentication provides additional layer of security to mitigate brutal force/dictionary attack, which targets to try out symmetric credentials.
Public and Private Key Pair
The following diagram depicts a basic public and private key pair concept. If a user (Windows box on left) wants to access a Linux server. The Linux administrator is to create the user an account on the server and install the user’s public key on the Linux server associated to the user. When the user tries to log on the Linux server, s/he uses her/his private key to authenticate and gain access.
You may image the Linux server is a treasure vault, which you try to access. The public key is the lock that only your own key (private key) can open. The vault guardian (server admin) installs your lock to the vault, which gives you the permission to access. You then use your key (private key) to open the lock (public) to access.
There are different formats of the public and private key pair. On the Linux, we use OpenSSH RSA public key. While on the Windows, PuTTY will be used as the SSH client to access the Linux server. PuTTY requires the private key in .ppk (PuTTY Private Key) file format.
For readers wonder what SSH is? See TechTarget article on ‘Secure Shell (SSH)‘ for introduction.
The rest posts in the series will include:
- How to generate RSA key pair using PuTTYgen
- How to create a new user on Linux and install public key
- How to SSH to Linux server using private key