juniorDevOps
How does SSH key authentication work?
Updated Apr 28, 2026
Short answer
SSH uses asymmetric cryptography with a public/private key pair to securely authenticate without a password.
Deep explanation
The client generates a key pair. The public key is placed on the remote server (in ~/.ssh/authorized_keys), and the private key stays on the client machine. When connecting, the server sends a challenge encrypted with the public key, which only the client's private key can decrypt.
Real-world example
Connecting to a headless AWS EC2 Linux instance securely without exposing a root password to the internet.
Common mistakes
- Sharing the private key with other developers instead of having each developer generate their own pair.
Follow-up questions
- What permissions should the `~/.ssh/id_rsa` file have?