SSH keys: what are they

SSH key: what is it?

The classic way to log in to a social network, email account, online store or other online resource is to enter a username and password. This is a simple and convenient method, but it cannot be called 100% secure. A more reliable alternative is an SSH key. When should it be used? What are the main advantages?

What is wrong with password authentication?

A combination of username and password is the most popular authentication method. However, popularity does not exclude some serious disadvantages:

• Easy to guess. A password is a combination of letters, numbers, and graphic characters. Even if it is a completely random combination that is neither a word nor a date, it can be selected either manually or using special software.
• Difficulty of memorization. It is easy to remember a password based on the name of a favorite football team or a significant date, but it will also be easy for a fraudster to crack. Random sets of several numbers and letters of different registers are much more reliable, but there is a problem with memorization. The combination can simply fly out of your head, and you will have to go through a complex recovery procedure.
• Possibility of theft. Data can be intercepted during an insecure connection, or even spied on if a person logs in while in a public place, Internet cafe or club.

SSH: what is it?

SSH is a special communication protocol that supports encryption algorithms, due to which a high level of security is achieved when transmitting information. Activation of the communication session is possible by entering a password, however, it is much more reliable to use an SSH key for this, consisting of hundreds of characters, which ensures the highest level of security.

Successful authorization requires two SSH keys:

• Open. It is publicly available, used to encrypt information when interacting with a server or network resource. It can be compared to a lock installed on a door. Interception of this key is useless for intruders, “opening” is possible only with the second - private.
• Private. If the open SSH key is a lock, then the private one is the key itself. Its main function is to decrypt the transmitted information. Of course, it requires more careful and attentive handling, in comparison with the open one, transfer to third parties is unacceptable.

Keys are created automatically, according to algorithms that exclude the possibility of disclosing one key even if the second is known. This scheme ensures maximum security of data exchange when using SSH protocols.

Advantages of keys

The main advantages of SSH keys are as follows:

• Inability to decrypt by brute force. A standard password rarely consists of more than 10 characters, SSH - of hundreds, so even the use of special programs that sort out possible combinations will not allow an attacker to achieve a result.
• Inaccessibility of a private SSH key from the external network. It is used exclusively at the time of identification.
• No need for rotation. One of the recommendations for ensuring network security is a periodic password change. This is not relevant for SSH.
• Authentication automation. SSH is based on authentication without manual password entry, so the process can be automated, which is especially important for remote systems.
• Ability to track user activity. The SSH key is linked to a specific user, so the administrator can see what actions they performed after authorization. This is a useful feature for enterprises where network security is of utmost importance.

Storage recommendations

As noted above, a private SSH key must be protected, eliminating even the slightest possibility of it falling into the hands of third parties. The most important point is the organization of storage, for which the following is acceptable:

• External storage media, solid-state drives, flash cards. Of course, with this approach, the device should be kept in a secure place, a safe or a desk drawer that is locked with a lock.
• Cloud storage and virtual disks. A convenient and fairly secure option. Of course, there is a possibility that intruders will be able to get to information in the cloud, but they do not know what to use a specific SSH key for.
• Password managers with advanced functionality that allows you to organize storage. Preference should be given to proven programs from reputable developers.

Key generation

To generate SSH keys on Linux or Mac OS, you need to use the command line or terminal, on Windows operating systems - third-party software, for example, OpenSSH or similar, depending on the version.

The algorithm of actions when generating SSH keys using the terminal is as follows:

• Open the command line;
• Enter the command “ssh-keygen”;
• Press the “Enter” key. With this scheme, the file is saved in the default folder, but, if necessary, it can be changed.

In the process of creating SSH keys, you can additionally specify a code word that provides a higher level of connection security. If you are not transmitting the most important information that is unlikely to be of interest to attackers, you can skip this step.

When using third-party software on Windows operating systems, you should be guided by the interface of a specific application.

Summary

An SSH key is one of the most reliable authorization methods, providing a level of security that is not available to standard passwords. The SSH data transfer protocol guarantees that they are in encrypted form, and therefore even their interception is useless for attackers.

With a high level of security, SSH keys are more convenient to use compared to passwords, they help automate authorization processes.

Author of the article:

Editor-in-Chief

Danaev Almaz