SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
In a public-key cryptosystem, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. In some cryptosystems, public keys can also be used for encrypting messages so that they can only be decrypted using the corresponding private key.
Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key. Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.
The most common type of SSH key is an authorized key, which is a public key.
Over the years, the number of SSH keys in existence has grown steadily. There have not been formal provisioning or termination processes for them. In some customer cases, we have found literally millons of them granting access to the environment. Some the keys have been more than ten years old. Some have used algorithms or key lengths that have been broken. Most of all, they grant access in ways that violates most cybersecurity laws and regulations.