Not sure exactly how SSH works? take a minute and learn how here.
Join the DZone community and get the full member experience.Join For Free
xMatters delivers integration-driven collaboration that relays data between systems, while engaging the right people to proactively resolve issues. Read the Monitoring in a Connected Enterprise whitepaper and learn about 3 tools for resolving incidents quickly.
Have you ever wondered exactly how an SSH key works? What’s it for anyway? Look no further! Let’s get to the bottom of this, shall we?
Here is a breakdown of what an SSH key is and how it can make you feel as free as a baby cheetah running alone in the savanna.
SSH stands for Secure Shell. No, not secure hell. That’s something different. It’s a program that allows you or your app to log into another computer over a network, complete some commands on that computer and then come back your computer with those files.
Simple, right? It’s just like a little messenger that goes back and forth between your server and the remote server.
Public and Private
When an SSH key is generated, it is composed of two sections: public and private, which is exactly what it sounds like.
The public component of the key can be put up anywhere; in fact, it is important that other people know about it. The private component is how you prove to the remote server that you are authorized to perform an action on the remote server.
If it’s not obvious, the private section of the key should never leave your machine—especially if there’s any doubt that it could be compromised in any way. And don’t forget that you’ll need a password on that key.
The Exchange of Info
In order to exchange the info, your app will send a request to a remote server with a list of all the public keys it has access to. The server will find the public key to give permission back to the user. Therefore, you can think of a public key as a lock template that can only be unlocked by the corresponding private key.
The server will generate one of these locks, and send a request with the lock back to the client. The client, assuming it has the private key, will send it back up to the server. This tells the server that the client is allowed to perform actions on the server.
Using a (Secret) Agent
An agent is a program that runs on the client so the app doesn’t need to know how any of the process described above works. The secure communication between the server and the app is handled by the agent, rather than by the app itself.
A major benefit of this is that only the agent needs to know how to talk to the server. Your app has no time for this information or drama. It’s like your very mature friend who walks away when the gossip starts flying.
So…the app itself doesn’t have to know the encryption of the keys or even where the keys are! Your app can stay busy minding its own business. You add a key once to the agent, and any app can communicate with that agent on the client; it already has access to all those keys, and you don’t have to add them individually.
Rejoice! Now you know all about SSH. So save your drama for your mama…or your agent.
You'll find out more info like this at Axosoft's blog. Check it out!
Published at DZone with permission of Trista Sobeck . See the original article here.
Opinions expressed by DZone contributors are their own.