

Multi-factor authentication may be implemented with key pairs by entering a passphrase when the key pair is generated (see user key generation below).

If the server-side public key cannot be validated against the client-side private key, authentication fails. When using key authentication with an SSH server, the SSH server and client compare the public key for a user name provided against the private key. The public key is what is placed on the SSH server, and may be shared without compromising the private key. If someone acquires your private key, they can log in as you to any SSH server you have access to. The private key files are the equivalent of a password, and should stay protected under all circumstances. SSH public key authentication uses asymmetric cryptographic algorithms to generate two key files – one "private" and the other "public". Key pairs refer to the public and private key files that are used by certain authentication protocols. If you are unfamiliar with SSH key management, we strongly recommend you review NIST document IR 7966 titled "Security of Interactive and Automated Access Management Using Secure Shell (SSH)".
SSH KEYGEN WINDOWS GITBASH HOW TO
This document provides an overview of how to use these tools on Windows to begin using key-based authentication with SSH.
