How SSH Works
Whether you're deploying your application to a server, managing cloud infrastructure, or simply logging into a remote machine, you're likely using SSH dozens of times a day. But, I witnessed most developers use SSH without truly understanding how it works under the hood — especially the magic behind public and private key authentication.
In this guide, we’ll peel back the layers. We’re not just going to explain what SSH is — we’ll show you how key-based authentication works, why it’s better than passwords, and how to use it correctly in modern development environments.
What Is SSH and Why It's Important
SSH (Secure Shell) is a cryptographic network protocol that allows secure access over a network. It replaced older, insecure protocols like Telnet and FTP with strong encryption and authentication.
SSH is primarily used for remote command-line access, file transfers, and tunneling traffic. It's often used by system administrators and developers for tasks such as server maintenance, application deployment, and troubleshooting
How SSH Works
An SSH connection has two main parts: the SSH client and the SSH server. When you initiate an SSH connection from your local machine, that machine is the client, while the remote machine is the server.
The client uses a program called an SSH client, such as ssh in the command line or GUI-based tools like PuTTY. On the other hand, the server must be running an SSH server, often comes pre-installed on operating systems.
At its core, SSH solves one critical problem: How do I access a remote system securely, without exposing credentials or data to potential attackers?
There are two main ways to authenticate with SSH:
- Password authentication (easy, but risky)
- Public/private key authentication (secure and scalable)
We’ll focus on the latter.
SSH Public/Private Key Authentication
SSH key authentication is a secure and scalable way to connect to a server without using a password. It uses a pair of cryptographic keys—a public key and a private key—to verify the identity of the client and establish a secure connection.
Let’s break down the authentication process step by step:
Step 1: Generate a Key Pair
You create a public and private key using a command like:
ssh-keygen -t rsa -b 4096
This command generates a pair of keys in the ~/.ssh directory. The public key is stored in the ~/.ssh/id_rsa.pub file, and the private key is stored in the ~/.ssh/id_rsa file. The private key is stored securely on the client’s machine, while the public key can be shared freely with the server.
Step 2: Add the Public Key to the Server
The server needs to know which client is allowed to connect. You can add the public key to the server’s authorized_keys file using:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
This command appends the public key to the authorized_keys file, allowing the client to connect to the server.
Step 3: Connect to the Server
When you SSH into the server:
ssh user@server.com
The server checks if the client has the public key in its authorized_keys file. If the public key matches, the server sends an encrypted challenge (a random string) to the client.
The client uses its private key to decrypt the challenge sent by the server. The decrypted message is sent back to the server as a response. If the response matches the expected value, the server authenticates the client. Once authenticated, a secure, encrypted SSH session is established between the client and the server. From here, you can run commands or transfer files securely.
Conclusion
SSH key authentication isn’t just a security best practice — it’s a professional standard. When used right, public/private key authentication offers a rare combination in tech: it’s more secure and more convenient.
Now’s a good time to check your own SSH setup. Are you using keys? Are they strong and protected? If not, make it a priority — your servers (and future self) will thank you.
Thank you for reading.