What Is an Identity?

An SSH identity is a sequence of bits that says, “I am really me.” It is a mathematical construct that permits an SSH client to prove itself to an SSH server, so the SSH server says, “Ah, I see, it’s really you. You are hereby authenticated. Come in.”

SSH user key and agent configuration (highlighted parts)

Figure 6-1. SSH user key and agent configuration (highlighted parts)

An identity consists of two parts, called the private key and the public key. Together, they are known as a key pair.

The private key represents your identity for outgoing SSH connections. When you run an SSH client in your account, such as ssh or scp, and it requests a connection with an SSH server, the client uses this private key to prove your identity to the server.

Warning

Private keys must be kept secret. An intruder with your private key can access your account as easily as you can.

The public key represents your identity for incoming connections to your account. When an SSH client requests access to your account, using a private key as proof of identity, the SSH server examines the corresponding public key. If the keys “match” (according to a cryptographic test), authentication succeeds and the connection proceeds. Public keys don’t need to be secret; they can’t be used to break into an account.

A key pair is typically stored in a pair of files with related names. In SSH, the public-key filename is the same as the private one, but with the suffix ...

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.