howtouselinux

Understanding SSH authorized_keys file with Examples

Table of Contents

The SSH authorized_keys file is a file that contains a list of public keys that are authorized to log in to the server. This file is used to prevent unauthorized users from connecting to the SSH server.

SSH daemon on the server side checks whether the SSH key is correct or not by calculating the SSH key fingerprint.  If the SSH key is correct, it allows the user to log in without asking username or password.

The primary purpose of this guide is to illustrate the use of the ~/.ssh/authorized_keys file. After reading this article, we will know how ssh authentication works, what the ssh authorized_keys file is, and how to protect our account using ssh authorized_keys. SSH daemon on the SSH server side verifies the SSH key by reading this file.

Understanding SSH authorized_keys

The ssh protocol has 2 sides: the client and the server. The SSH key-based authentication uses ssh keys to verify that the user is authorized. If the ssh key is correct, it allows user to login without asking username or password.

  • SSH keys do not provide any kind of network level access like telnet does.
  • SSH keys are used for authentication and encryption.
  • SSH keys are used to ssh into remote machine, not for remote desktop access.

 

Format of SSH authorized_keys file

The authorized_keys file contains SSH public key. SSH daemon on server side checks that SSH key is correct or not by calculating SSH key fingerprint. SSH daemon also checks if ssh key is expired.  If the SSH key is correct, it allows the user to log in without asking username or password.

An example for user bob is the following:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJlG20rYTk4o
k+xFjkPHYp/R0LfJqEYDLXA5AJ49w3DvAWLrUg+1CpNq76WS
qmQBmoG9jgbcAB5ABGdswdeMQZHilJcu29iJ3OKKv6SlCulAj1t
HymwtbdhPuipd2wIDAQAB

What is the purpose of SSH authorized_keys file

ssh authorized_keys file is private. The ssh authorized_keys file should be placed in a directory which is only accessible by the user. For example, the ~/.ssh directory.

ssh authorized_keys file permissions should be set to 600 which means that only the user who owns the file can read and write to it.

ssh server daemon usually looks into ssh authorized_keys file for ssh key fingerprint. ssh authentication protocol uses ssh keys to verify that the user is authorized to login.

where is the SSH authorized_keys file located?

The authorized_keys file is located in the .ssh directory. This directory is located in the user’s home directory. To add an SSH public key to the authorized_keys file, you can use the ssh-keygen command on client side.

This command will generate an SSH key pair. The public key can be added to the authorized_keys file on server side. You can also add an SSH public key to the authorized_keys file manually. To do this, you will need to edit the file using a text editor.

How to add multiple keys from different accounts to SSH authorized_keys file?

You can add multiple keys from different accounts to your authorized_keys file by concatenating the files together. For example, if you have two files named id_rsa.pub and id_dsa.pub, you would type: cat id_rsa.pub id_dsa.pub >> ~/.ssh/authorized_keys

FAQ about SSH authorized_keys file

What is the best way to enable SSH login without password?

The best way to enable SSH login without password is to use an SSH key. SSH keys are more secure than passwords, and they can be used to authenticate with multiple accounts on different systems.

You can use the ssh-keygen command to generate an SSH key. For example, if you want to generate an RSA key, you would type: ssh-keygen -t rsa

Why is the ssh public key not working for me when trying to log in?

There could be a number of reasons why your ssh public key is not working. Make sure that you are using the correct key, and that the key has been added to the authorized_keys file on the server.

Is it possible to use a public and private key with one account on different systems?

Yes, it is possible to use a public and private key with one account on different systems. You will need to generate a separate key for each system, and add the public key to the authorized_keys file on each system.