SSH relies on public key cryptography for its encryption. These cryptosystems have a private key, which must be kept secret, and a public key, which may be disseminated freely. In these systems, anyone may use the public key to encode a message; but only the owner of the private key can decode the message. This can also be used to verify identities; if someone is claiming to be Alice, the owner of some private key, Bob can send Alice a message encoded with Alice's well-known public key. If the person claiming to be Alice can then tell Bob what the message really was, then that person at the very least has access to Alice's private key.
To use keys for authentication, we:
- Generate a key pair (Private and Public)
- Copy the public key to remote systems we wish to be able to log into and add it to the desired users
authorized_keysfile (see using ssh keys in linux)
- Ensure permissions are set properly, as described in using ssh keys in linux
When generating a key pair it is highly recommended that you supply a passphrase. If a passphrase is not supplied during key generation then anyone who can access your private key can login to any machines which use the matching public key for authentication.
The process of generating an ssh key pair will depend on the operating system you have. For generating a key pair in windows using Putty or MobaXterm see Generating SSH keys in Windows, for generating key pairs in linux/Mac's/Windows Cygwin see Using SSH keys in Linux. In addition if you are using the cloud, OpenStack also provides a method for creating keypairs see the ssh key pair section on the cloud quick start page.