上QQ阅读APP看书，第一时间看更新

Generating and using key pairs with ssh-keygen

Passwords are great, but they're also terrible.

Most people use weak passwords, and while I hope that's not you, there's always the chance that someone in your team doesn't have the discipline you do, and resorts to football99 or similar for connecting to your shared remote host.

With password access enabled, anyone might be able to connect to your server from any country by brute-forcing their way into your machine, given enough time and enough processing power.

I say "might" because as long as you use secure passwords of a decent length, passwords can be hard to guess, even with the power of a sun. Consult your company security policy when deciding these things, or read up on the best practices at the time you're writing the policy yourself.

Here's where keys come in.

SSH keys are based on the concept of public key cryptography. They come in two parts: a public half, and a private half, the public part of which you can place onto servers, and the private part of which you keep about your person, either on your laptop, or maybe a secure USB stick (one that is itself encrypted and password protected).

Despite the obvious suggestion of public and private half, I have frequently seen people misunderstand this concept and share their private half instead of the public one. This generally results in the key being labelled as compromised, and the individual in question being asked to generate a new pair, with a short chat about the definition of private and public in the meantime.

Once your public half of a key is on your server, you can SSH to your remote host using the local, private half of your key for authentication.

SSH keys can even offer a degree of ease, as most operating systems come with a keychain of some sort that can be automatically unlocked on user-login, and which has the private parts of your key safely stored. SSH'ing to a machine then becomes a trivial affair where you can securely connect without being prompted at all!

We're going to generate an SSH key pair and use that pair to SSH between our machines.