What are public and private keys in Secure Shell (SSH)?

In public-key cryptography or asymmetric cryptography, two types of keys (public and private key) are used in the encryption of data being transferred from sender to receiver. Every public key has a corresponding, matching private key.

  • Public key -  As the name suggests, public keys are everywhere (public). Sender of the message uses the public key of the receiver to encrypt the message before transmission.
  • Private key - Similarly, private keys are to be private (possessed by the receivers only). Receiver of the message uses the confidential, matching private key to decrypt the data.

A simple analogy

The public keys can be thought of as simple padlocks and the private keys as actual keys. The sender locks the data using the padlock and the key to open the lock remains with the receiver of the data. Your padlocks (public keys) can be distributed everywhere, for no one could do anything with your locked (encrypted) data. It does not really matter unless the key (private key) to the lock is compromised. Anyone who gets the key to the padlock (owner of the corresponding private key) can get access to the confidential data and so it is very essential to secure your private keys.

For instance, if A wants to send information to B, A encrypts the information with B's public key and passes it on. At the other end, B decrypts the information using the corresponding, matching private key. It is evident that A can also pass the same information encrypted with B's public key to C, D and so on. Provided they have the corresponding private key, they are free to decrypt and access the information sent by A.

Threats posed by unsecured private keys

Most often, public-private key pairs are created randomly in many companies and they travel invisibly within the network. With no effective mechanism to track the creation and possession of keys, they can easily find hands of external hackers or malicious insiders who can comfortably gain access to the encrypted, sensitive information. Besides causing such data breaches, compromise of the private keys can also lead to fraudulent users acting as the keys' legitimate owners, who gain customers' trust and destroy the reputation of the organization. 

Thus, the consequences of compromised private keys are enormous. Best practices recommend centralized creation of public-private key pair and storage of private keys in a secure, centralized repository, for only a complete visibility over your crypto environment will help avoid compromise and security breaches.

Key Manager Plus provides complete visibility over the SSH keys in your organization and helps you track them by securing them all in one place.

Using Key Manager Plus, you can:

  • Create SSH keys
  • Associate them with specific users
  • Consolidate them in a secure, centralized repository
  • Launch remote sessions
  • Continuously track and monitor their usage

Go ahead, and give the trial version of Key Manager Plus a shot and write to us for any assistance to keymanagerplus-support@manageengine.com. Click here to download Key Manager Plus.