Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself.
The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.
The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys – a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to its proprietor. The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is either impossible or prohibitively expensive. In contrast, symmetric-key algorithms – variations of which have been used for thousands of years – use a single secret key, which must be shared and kept private by both the sender and the receiver, for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.
Because symmetric key algorithms are nearly always much less computationally intensive than asymmetric ones, it is common to exchange a key using a key-exchange algorithm, then transmit data using that key and a symmetric key algorithm. PGP and the SSL/TLS family of schemes use this procedure, and are thus called hybrid cryptosystems. - from Wikipidia
On the workstation create the cryptographic key:
ssh-keygen -t rsa
It will create 2 files in ~/.ssh directory:~/.ssh/id_rsa - identification key
~/.ssh/id_rsa.pub - public key
Installing (copying) the id_rsa.pub (public key) to the server as authorized_keys2:
scp .ssh/id_rsa.pub email@example.com:.ssh/authorized_keys2
From workstation login to server:
Changing the pass-phrase on workstation (when needed):
On the workstation using ssh-agent to avoid pass-phrase typing:
ssh-agent $BASH ssh-add
Now the server will not use prompt for the password.
The above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.
To list keys, enter:
To delete all keys, enter:
To delete specific key, enter:
ssh-add -d key