Public key authentication
The public-key authentication is an authentication method , which among other things, SSH and OpenSSH , is used to provide users with the help of a key pair consisting of a private and public key to a server to register. Such a key pair is much more difficult to compromise than a password .
With authentication using a password, this password or its hash value is stored on a server. If someone has access to the password file on this server, in the first case they will also have possession of the password. In the second case, with the help of the appropriate software, he can find a character combination that results in the same hash value as the password. If the same password is used to log on to several systems, then all of these systems are compromised.
In contrast to this, with public key authentication only the public key is stored on a server. The private key is stored on your own computer , so it can be kept secret and also encrypted with an identifier. The identifier can consist of several words (in English passphrase ).
The calculation of the private key from the public one is very time-consuming to practically impossible, depending on the length of the key selected.
The public key can also be used for automatic login (authentication). There is no interactive dialog for entering the password. For this purpose, a signature is generated on the user side with the help of his private key, which is then verified on the server side with the user's public key stored there. This enables logging in without user input in running scripts and when copying files automatically , for example with Secure Copy .