SSH keys remain one of the most secure authorization methods. The keys are generated in pairs. The first one is the public key, which is installed on the server. The second one is the private key, which is used to authenticate on that server. SSH keys are generated using cryptographic algorithms such as RSA, DSA or ECDSA, which makes breaking them with brute-force attacks practically impossible.
SSH keys are most commonly used for authentication on SSH servers to excecute remote commands or to upload files. They are also used for authorization when connecting to Git repositories (
The high level of security they provide makes them also the most popular method of authorization in CI/CD processes. They are used, among others, for:
- Authorization in Git repositories
- Authorization during dependency download
- Authorization while downloading submodules
- Authorization during remote command execution on the server (DB migration scripts, application restart, etc.)
- Authorization during file upload to the server (Rsync, SFTP, SCP)