0
0
Linux CLIscripting~10 mins

Key-based authentication in Linux CLI - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Key-based authentication
Generate SSH key pair
Copy public key to remote server
Attempt SSH login
Server checks public key
Match
Login granted
Session starts
This flow shows how a user generates a key pair, copies the public key to the server, and then logs in using the private key. The server checks the key and grants or denies access.
Execution Sample
Linux CLI
ssh-keygen -t rsa -b 2048
ssh-copy-id user@server
ssh user@server
Generate SSH keys, copy the public key to the server, then log in using key-based authentication.
Execution Table
StepCommandActionResultOutput
1ssh-keygen -t rsa -b 2048Generate RSA key pairKeys createdYour identification has been saved in ~/.ssh/id_rsa Your public key has been saved in ~/.ssh/id_rsa.pub
2ssh-copy-id user@serverCopy public key to serverPublic key addedNumber of key(s) added: 1 Now try logging into the machine, with: "ssh user@server"
3ssh user@serverAttempt SSH loginServer checks keyWelcome to server! [user@server ~]$
4ssh user@serverIf key missing or wrongLogin deniedPermission denied (publickey).
5exitEnd sessionDisconnectedConnection to server closed.
💡 Login ends when session is closed or permission denied.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
Private Key (~/.ssh/id_rsa)NoneCreatedExistsUsed for loginExists
Public Key (~/.ssh/id_rsa.pub)NoneCreatedCopied to serverChecked by serverExists on server
SSH SessionNoneNoneNoneActive if key acceptedClosed after exit
Key Moments - 3 Insights
Why do we need to copy the public key to the server?
The server uses the public key to verify your private key during login. Without copying it (see step 2 in execution_table), the server cannot authenticate you.
What happens if the private key is missing or wrong?
The server denies access with 'Permission denied (publickey).' as shown in step 4 of execution_table, because it cannot match your key.
Why is the private key never copied to the server?
The private key stays on your local machine for security. Only the public key is shared with the server to verify your identity.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what output appears after copying the public key to the server?
AYour identification has been saved in ~/.ssh/id_rsa
BPermission denied (publickey).
CNumber of key(s) added: 1
DConnection to server closed.
💡 Hint
Check the output column in row 2 of execution_table.
At which step does the server check the public key during login?
AStep 2
BStep 3
CStep 1
DStep 5
💡 Hint
Look at the Action column for 'Server checks key' in execution_table.
If the private key is deleted locally after step 1, what will happen at step 3?
APermission denied (publickey).
BLogin granted
CPublic key copied again
DSession starts normally
💡 Hint
Refer to key_moments about what happens if private key is missing.
Concept Snapshot
Key-based authentication uses a pair of keys: private (kept secret) and public (shared with server).
Generate keys with ssh-keygen.
Copy public key to server with ssh-copy-id.
Login with ssh uses private key to prove identity.
Server grants access if keys match.
No password needed, more secure and convenient.
Full Transcript
Key-based authentication is a way to log into a remote server without typing a password each time. First, you create a pair of keys on your local computer: a private key and a public key. The private key stays on your computer and should be kept secret. The public key is copied to the server you want to access. When you try to log in, your computer uses the private key to prove your identity. The server checks if this matches the public key it has. If they match, you get access. This method is safer and faster than passwords. The main steps are: generate keys with ssh-keygen, copy the public key with ssh-copy-id, then log in with ssh. If the keys don't match or the private key is missing, the server denies access. This process helps keep your connections secure and easy to use.