When connecting to a remote server, you have to authenticate yourself. The standard way to do this is by transmitting a password through an encrypted connection that is established between your local computer and the remote server. However, this is susceptible to man-in-the-middle attacks, meaning that your password can be intercepted. It is safer to use ssh-keys to authenticate yourself (note: this only verifies that you are the correct person to the server, not that the server you are logging into is the correct one. For that, you need to check the fingerprint of the server – which can be done automagically if you have signed gpg keys and are using the monkeysphere.
On your local computer, you can generate a key by doing the following:
client:~$ ssh-keygen -t rsa -b 2048
Enter passphrase (empty for no passphrase): …
Enter same passphrase again: …
This creates both a public and a private key:
client:~$ ls -l .ssh
-rw------- 1 user user 1675 2007-01-24 14:41 id_rsa
-rw------- 1 user user 395 2007-01-24 14:41 id_rsa.pub
You should send `id_rsa.pub` to the server administrator. Alternatively, if you have access, you can place it on the server yourself:
client:~$ scp .ssh/id_rsa.pub user@remote.server:/home/user/
client:~$ ssh remote.server
...
server:~$ cat id_rsa.pub >> .ssh/authorized_keys
You should now be able to login using your ssh-key!
Using ssh-keys, a file on your local computer is used as a key to ‘unlock’ your access to the remote server. However, this file is also protected by a passphrase. Thus, when you are entering your password, you only enter it into your local computer to unlock this file, rather than transmitting it across the internet – where it could potentially be intercepted. This greatly reduces the opportunities for an attacker to gain access to your account on the remote server (for example, through trying ‘dictionary attacks’ when the attacker tries to guess your password by using pre-existing lists of words).