An SSH identity is a sequence of bits that says, “I am really me.” It is a mathematical construct that permits an SSH client to prove itself to an SSH server, so the SSH server says, “Ah, I see, it’s really you. You are hereby authenticated. Come in.”

Figure 6-1. SSH user key and agent configuration (highlighted parts)

An identity consists of two parts, called the private key and the public key. Together, they are known as a key pair.

The private key represents your identity for outgoing SSH connections. When you run an SSH client in your account, such as ssh or scp, and it requests a connection with an SSH server, the client uses this private key to prove your identity to the server.

The public key represents your identity for incoming connections to your account. When an SSH client requests access to your account, using a private key as proof of identity, the SSH server examines the corresponding public key. If the keys “match” (according to a cryptographic test), authentication succeeds and the connection proceeds. Public keys don’t need to be secret; they can’t be used to break into an account.

A key pair is typically stored in a pair of files with related names. In SSH, the public-key filename is the same as the private one, but with the suffix ...