Understanding the Difference Between id_rsa, id_rsa.pub, and authorized_keys

When configuring passwordless SSH login between two Linux machines, public-key authentication is used. This method relies on cryptographic algorithms such as RSA or DSA to establish trust without requiring a username and password at each login.

Let’s assume:

• Machine A (192.168.56.206) is the client machine.

• Machine B (192.168.56.208) is the target machine.

Step-by-Step Process

1. Generate key pairs on the client (Machine A):
   Run the command:

   ssh-keygen
   

   This will generate two files in the ~/.ssh/ directory:

   id_rsa → the private key (keep this secure, never share it). 
   id_rsa.pub → the public key (this will be shared)
2. Copy the public key to the target (Machine B):
   Append the content of id_rsa.pub to the authorized_keys file on Machine B:

   cat id_rsa.pub >> ~/.ssh/authorized_keys
   

   If the authorized_keys file does not exist, create it. Ensure it is located in the ~/.ssh/ directory of the target user on Machine B and has the correct permissions.

3. Establish passwordless login:
   Now, when connecting from Machine A to Machine B via SSH, the system uses the private key (id_rsa) on Machine A and matches it against the corresponding public key stored in Machine B’s authorized_keys file. If they match, access is granted without a password.

Key Differences

• id_rsa (Private Key):
  Stays on the client machine (Machine A). It must be kept secret and protected, as anyone with this file can impersonate you.

• id_rsa.pub (Public Key):
  The public counterpart of the private key. This file is meant to be shared with remote machines that you want to access.

• authorized_keys (on Machine B):
  A collection of public keys belonging to all clients that are authorized to log in. Each line typically represents one user’s public key.

In short:

• id_rsa.pub is a single user’s public key.

• authorized_keys is a list of trusted public keys that the target machine will accept.