CloudShell Academy LogoCloudShell Academy
Log InSign Up
AcademyTerminal Tactics: Survival in the ShellPhase 2: The Iron Gate (Permissions)

Lesson 3: The Secret Envelope (SSH & Ownership)

Imagine you need to send a secret message to another server. You can't just shout it across the internet — you need a sealed envelope that only the recipient can open. That's exactly what SSH keys do.

How SSH Keys Work

SSH uses a pair of keys:

  1. Private Key 🔑 — Your personal secret. NEVER share this. It stays on your machine.
  2. Public Key 🔓 — The lock you place on the remote server. Anyone can see it, but only your private key can open it.

It's like a mailbox: anyone can drop a letter in (public key), but only you have the key to open it (private key).

Generating Keys: ssh-keygen

ssh-keygen -t rsa -b 2048
  • -t rsa — The encryption algorithm.
  • -b 2048 — Key strength (2048 bits).

File Ownership: chown

Every file has an owner and a group. The chown command changes who owns a file.

chown user:group filename

For example, chown deploy:deploy app.log gives the deploy user ownership of app.log.

booting...

Mission Objective

You're setting up secure access to a production server:

  1. Create the envelope: Generate an SSH key pair with ssh-keygen -t rsa -b 2048 -f mykey -N ''.
  2. Inspect the lock: View the public key using cat mykey.pub.
  3. Reassign ownership: Change the owner of secure.txt to root using chown root:root secure.txt.

Real-World Usage

Every time you push code to GitHub via SSH, or deploy to AWS/GCP, you're using SSH keys. Services like ssh-agent and ~/.ssh/authorized_keys manage these keys automatically.

Mission Control

Generate an SSH key pair

Expected Command

ssh-keygen -t rsa -b 2048 -f mykey -N ''

View the public key

Change ownership of a file

Previous: Permission Override: Cracking the CodeNext: Process Stalking: Hunting the Rogue PID