Understand public and private keys
Quick summary
Public and private keys come in pairs. What is encrypted by one, can be decrypted by the other.
When used for server access (i.e. through SSH or Putty), this makes encrypting passwords in transit superfluous. User keeps the private key, server gets the public version.
Ways to create key pairs
With the labs, there are three main ways to generate a key pair. Check other learning units for details. Otherwise use your favorite search engine.
- AWS can generate them. To be used on Windows they need to be converted with Puttygen.
- On Windows, Puttygen can create them.
- On Linux/Max, ssh-keygen can be used. On this platform the private key should only be readable by the user (permission 600).
Note that Amazon Web Services will not store the private key after you have downloaded it (at least, that is what they say...).
File name conventions
Extension |
Used by |
Contains |
.pub |
Ssh_keygen (linux, mac) |
Public key |
(none) |
Ssh_keygen (linux, mac) |
Private key |
.pem |
Standard; created by AWS |
Public and private key |
.ppk |
Putty (Putty private key) |
Public and private key |
Advanced & Background
What is bad about AWS generated?
What is bad about server generated?
File name conventions: http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
2 comments