Transcript from the "SSH" Lesson
[00:00:00]
>> Jem Young: Let's talk about SSH by now we're in the portion of DigitalOcean where it says hey how do you wanna log in you can use SSH keys or you can use a one time password. And it's tempting to use a password because it's simpler that is email to you, you log in you're good to go you only think about it.
[00:00:19] But we want to use an SSH key.
>> Jem Young: And this a whole bit on security. And security is really important. But what I'll tell you about security there is basic two ways of getting into a server if you're securing something their SSH keys. And there's username and password.
[00:00:37] SSH stands for Secure Socket Shell, it is a, well, I'll get to it in a minute. But it's a very large key that is as of now unbreakable. And so it's a much secure way of logging into your server. The switch is made up of two parts, that's why it's usually, for all us, a key pair but I'll just call it key.
[00:01:00] There's a public key There's a private key. And the way that works is the private key stays on your computer on your phone wherever you wanna keep it. The public key goes on a server. And what happens is everything is encrypted with the private key. So when it's encrypted, it goes in transit, and no one can intercept what's happening.
[00:01:24] That's actually called a tunnel or a pipe, if you will, because everything when you establish that connection, everything in the pipe is unbreakable for the most part. I say everything in caveats because if the NSA wants to come after you, they're gonna get you. [LAUGH] All the SSH keys in the world won't save you.
[00:01:40] But generally, SSH keys are not generally. SSH keys are the strongest authentication we can get right now. And it's such a really, I like the idea of SSH keys because it's just a really powerful concept, where I encrypt something, or you can encrypt something, and the only way to decrypt it is with a key that only I have.
[00:01:59] So you can send me a message using my public key. And the only way that any and anybody can get it you can get that you'll just get like a blob of text that means nothing. But the only way to decrypt it was my private key. So it's like it's a good one way encryption where you don't have to trust me.
[00:02:14] You don't have to know me. You just encrypt it, and I can decrypt it. I'm the only one and anybody can intercept it in transit and won't mean anything to them. It's really a brilliant system that we kind of take for granted that's really simple, versus what are the alternatives?
[00:02:29] User name and password, where I need to know a username and I need to know a password. And if someone steals that username and password I have to reset everything. And at some point I need the transmit that username and password over the pipe, and if someone's sitting in the middle, they can intercept that.
[00:02:41] And they're like, cool. I got your username password versus SSH key that the private key never leaves my computer and never leaves the network. So you can send me all the data you want. They can be a person in the middle, aka man in the middle, intercepting all your traffic.
[00:02:54] And it means jibberish. versus using a username password. That's why we're using SSH keys.