SSH Key Pairs

When working with SSH key pairs, it's important to understand where to store the public and private keys on both the client (your local machine) and the server (the remote machine you want to connect to).

Here's a breakdown of where each key should be located:

Public Key

• Client (your local machine):

  • The public key is typically stored in ~/.ssh/id_rsa.pub (or a similarly named file if you generated a key with a different name).

  • You can freely share your public key with others or copy it to servers you want to access.

• Server (remote machine):

  • The public key should be added to the ~/.ssh/authorized_keys file in the home directory of the user account you want to log in as on the server.

  • Each line in the authorized_keys file represents a separate public key that is authorized to log in to that user account.

Private Key

• Client (your local machine):

  • The private key should be stored securely on your local machine, typically in the ~/.ssh/id_rsa file (or a similarly named file if you generated a key with a different name).

  • The private key should have strict permissions (usually 600 or 400) to ensure that only the owner can read and write to the file.

  • Never share your private key with anyone or copy it to remote servers.

• Server (remote machine):

  • The private key should never be stored on the server. It should only be kept on your local machine (the client) and used for authentication when connecting to the server.

To summarise

• The public key is stored on your local machine and is also copied to the server in the ~/.ssh/authorized_keys file of the user account you want to log in as.

• The private key is stored securely on your local machine and should never be shared or copied to the server.

When you connect to the server using SSH, your SSH client will use the private key on your local machine to authenticate with the corresponding public key stored on the server.

This allows you to securely log in without entering a password.

Remember to keep your private key secure and protected, as anyone with access to your private key can potentially gain unauthorized access to the servers where your public key is authorized.