SSH (Secure Shell) is a protocol used to establish a secure, encrypted connection between two remote devices. This is achieved using SSH keys. SSH keys are an access credential in the SSH protocol. See our blog post, What are SSH Keys? to learn more. While SSH keys are standard and more frequently used in Unix and Linux environments, they are also used on Windows devices.
Why Use SSH Keys
Some benefits of using SSH Keys over passwords are:
- The strong encryption makes it ideal to carry out tasks such as issuing remote commands and remotely managing network infrastructure and other vital system components. This is especially important in the era of cloud infrastructure and remote work.
- They support automation and scripting.
- They are more efficient than passwords.
- SSH keys can be combined with other security features like Multi-Factor Authentication (MFA). See Get Started: MFA to learn more.
How It Works
SSH keys consist of a pair of cryptographic keys having one private key and one public key. Who or what possesses these keys determines the type of SSH key pair. There are three different types of SSH keys: User keys, Host keys, and Session keys.
See these resources from SSH Academy to learn more:
Best Practices
- The private key must be stored in a secure manner. Never share it with anyone.
- Use strong and unique keys.
- Use the User Portal to distribute keys.
- Limit access permissions.
You can store the SSH keys in JumpCloud Password Manager as secure notes.
Prerequisites
Before you can start using SSH keys, you need to generate your own SSH key pair on the system you would like to use to access another remote system.
Depending on your operating system:
- To generate SSH keys using CLI on Mac and Linux, see Generating an SSH Key to learn more.
- To generate SSH keys on Windows with PuTTY, see Generating an SSH Key Pair in PuTTY to learn more.
The generated key pair is available in a file in the location you specified. If you accept the default location, the key pair is available in the id_rsa file in the .ssh directory. The private key is saved to the computer and is used to verify the public key. The public key is saved to the id_rsa.pub file and needs to be added to JumpCloud.
Adding SSH Keys to an Account
You can add and manage SSH keys for your account in your JumpCloud User Portal. Adding SSH Keys to your account can help to authenticate you to access remote system resources (if this is required by your IT Admin). See Add an SSH Key to an Account to learn more.
You can create, manage, and use SSH keys in Windows to remotely access a Linux device using the SSH protocol. JumpCloud stores the public key and an SSH client like PuTTY stores the private key on a Windows device. The public key is sent to all of the Linux devices a user is connected to, but the SSH client facilitates the SSH session. See Use SSH keys for Windows to learn more.
You can also manage your keys in PuTTY. In this scenario, JumpCloud manages the public key, and PuTTY stores the private key that a Windows user creates. See Manage SSH Keys in PuTTY to learn more.