Your browser does not allow storing cookies. We recommend enabling them.

Public Key

In a public-key cryptosystem, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. In some cryptosystems, public keys can also be used for encrypting messages so that they can only be decrypted using the corresponding private key.

Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key. Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.

Public Keys in SSH

In SSH, public key cryptography is used for authenticating computers and users. Host keys authenticate hosts. Authorized keys and identity keys authenticate users.

SSH keys grant access similar to user names and passwords, and therefore should be part of identity and access management processes in enterprises.

The most common type of SSH key is an authorized key, which is a public key.

Management of Keys in SSH

Over the years, the number of SSH keys in existence has grown steadily. There have not been formal provisioning or termination processes for them. In some customer cases, we have found literally millons of them granting access to the environment. Some the keys have been more than ten years old. Some have used algorithms or key lengths that have been broken. Most of all, they grant access in ways that violates most cybersecurity laws and regulations.

It is important to manage SSH keys properly. Please see more information on SSH keys and SSH key management.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more