Public Key

In a public-key cryptosystem, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. In some cryptosystems, public keys can also be used for encrypting messages so that they can only be decrypted using the corresponding private key.

Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key. Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.

Public Keys in SSH

In SSH, public key cryptography is used for authenticating computers and users. Host keys authenticate hosts. Authorized keys and identity keys authenticate users.

SSH keys grant access similar to user names and passwords, and therefore should be part of identity and access management processes in enterprises.

The most common type of SSH key is an authorized key, which is a public key.

Management of Keys in SSH

Over the years, the number of SSH keys in existence has grown steadily. There have not been formal provisioning or termination processes for them. In some customer cases, we have found literally millons of them granting access to the environment. Some the keys have been more than ten years old. Some have used algorithms or key lengths that have been broken. Most of all, they grant access in ways that violates most cybersecurity laws and regulations.

It is important to manage SSH keys properly. Please see more information on SSH keys and SSH key management.