What is SSH?
SSH is the encrypted protocol you use to log into and run commands on remote machines. Key-based authentication — a private key you hold and a public key on the server — replaces passwords with something far more secure and automation-friendly.
Why it matters
Almost every server access, git push over SSH, and remote automation depends on it. Keys done right are convenient and secure; keys done wrong are a common way infrastructure gets breached. As DevOps, you manage access for machines and people, so SSH hygiene is part of the job.
What to learn
- Public/private key pairs and how the handshake works
- Generating keys with
ssh-keygen(prefer ed25519) authorized_keysand granting access- The SSH agent and passphrase-protected keys
~/.ssh/configfor hosts, users, and jump boxes- Disabling password auth on servers
- Key rotation and revoking access
Common pitfall
Reusing one private key everywhere and never protecting it with a passphrase. If that key leaks, every machine it can reach is compromised at once. Use a passphrase-protected key with an agent, scope keys per purpose, and rotate them — treat the private key like the master credential it is.
Resources
Primary (free):
- SSH.com — SSH protocol · docs
- Arch Wiki — SSH keys · docs
- GitHub — Connecting with SSH · docs
Practice
Generate an ed25519 key with a passphrase, add the public key to a server's
authorized_keys, and log in without a password. Add a ~/.ssh/config entry so
you connect with a short alias. Disable password authentication on the server.
Done when key login works and password login is refused.
Outcomes
- Generate and use a passphrase-protected SSH key pair.
- Grant and revoke access via
authorized_keys. - Simplify connections with an SSH config and agent.
- Harden a server by disabling password authentication.