When creating an Ethereum account you generate a private and a public key. The public key is your address that is used whenever someone / something interacts with you. The private key on the other hand is something you have to keep secret, as it allows anyone who knows it to control all your funds. Your wallet (like Metamask) needs access to your private key when making a transaction, to prove it is actually you who is sending it, a process called signing.
The third component in this is your seedphrase, also called mnemonic: This is a list of 12, or 18, or sometimes 24 words, which can be used to reconstruct your private key. The reasoning is that it is way easier for us humans to write down a list of words, compared to a long cryptic number. This also means that your seedphrase kind of equals your private key and should be treated as such.
Takeaways:
The fact that Metamask needs access to private seed to send transactions in our name, while we should keep it very secret, puts us into a tight spot. And this is where Ledger enters the game.
Ledger implements the concept of a cold wallet. You may now ask "What has temperature to do with it?" - Well, in crypto a hot-wallet is a wallet that holds the private key and is connected to the internet in some way, like your typical Metamask browser extension. A cold wallet has no connection whatsoever to outside systems and is generally considered a better safety standard.
Now back to Ledger: Instead of telling MetaMask your private key to send transactions you will let it know that the key is on your ledger. Whenever you send a transaction, MetaMask will now create the template and instead of signing it for itself, it will hand it over to the ledger. You approve it via the ledger device and hand the signed transaction back to MetaMask.
There is also a fantastic article about Ledger, by Ledger, that goes into a lot of details
Security, Safety and Peace of Mind - by Ledger
<aside> đź’ˇ https://www.ledger.com/academy/security/the-safest-way-to-use-metamask
</aside>
Step 1: Connect your Ledger Nano to your computer device using a USB cable. Also, open your MetaMask wallet in full screen on Brave or Chrome browser.
Step 2: Click on the top-right menu of the MetaMask wallet and then find and click on “Connect Hardware Wallet” in the drop-down menu.