Where Are The Keys to Your Digital Castle?

A breach of your trust infrastructure is one of the most costly (and embarrassing) cybersecurity threats, and where a single breach of an encryption could call into question many elements of a security infrastructure. It basically happened with Solarwinds, where an intruder managed to acquire the private key used to sign for software and then inserted a backdoor into a new release.

Overall, a system is only as strong as the weakest link in the chain, and so in cybersecurity we often need to understand the elements that would allow our digital walls to come crashing down. One of these is the access to your private keys, and one of the most fundamental of elements of this is often your OpenSSH keys.

If you’re a developer, a security architect or a cloud engineer, you will probably know all about using your OpenSSH keys and how you can use them to log into remote sites for both SSH connections and for authentication. Many use it for GitHub and Cloud integration, and thus to avoid having to continually enter login details. And, so, if Bob (the client) wants to connect to Alice (the server), he will generate an OpenSSH key pair and then place the public key on the server, and where he can then log in with his private key: