Public Key Authentication and Agent Forwarding
Understand authorized_keys, Ed25519 vs RSA keys, and the security implications of SSH agent forwarding.
authorized_keys File Format
SSH public key authentication relies on the authorized_keys file, typically located at ~/.ssh/authorized_keys on the server. Each line contains a public key in the format: algorithm base64-key comment. The server checks whether the client can prove possession of the matching private key by signing a challenge.
Generating SSH Keys with ssh-keygen
The ssh-keygen command creates key pairs for authentication. Running ssh-keygen -t ed25519 generates a modern Ed25519 key pair. You can specify a comment with -C for identification, such as your email. The tool saves the private key (id_ed25519) and public key (id_ed25519.pub) in ~/.ssh by default.
All lessons in this course
- SSH Handshake and Host Key Authentication
- Public Key Authentication and Agent Forwarding
- SSH Tunneling and Port Forwarding Techniques
- SSH Hardening and Audit Best Practices