SSH authorized_keys file is a file that contains a list of public keys. SSH daemon on SSH server side verifies the SSH key by reading this file. If the SSH key is correct, it allows user to login without asking username or password.
The primary purpose of this guide is to illustrate the use of the ~/.ssh/authorized_keys file. After reading this article, we will know how ssh authentication works, what ssh authorized_keys file is, and how to protect our account using ssh authorized_keys.
Understanding key-based authentication in SSH
The ssh protocol has 2 sides: the client and the server. The SSH key-based authentication uses ssh keys to verify that the user is authorized. If the ssh key is correct, it allows user to login without asking username or password.
- SSH keys do not provide any kind of network level access like telnet does.
- SSH keys are used for authentication and encryption.
- SSH keys are used to ssh into remote machine, not for remote desktop access.
Example of SSH authorized_keys file
This file contains SSH public key and ssh public key only. SSH daemon on server side checks that SSH key is correct or not by calculating SSH key fingerprint. SSH daemon also checks if ssh key is expired. An example for user bob is the following:
Understanding SSH authorized_keys file
- ssh authorized_keys file is private. The ssh authorized_keys file should be placed in a directory which is only accessible by the user. For example, the ~/.ssh directory.
- ssh authorized_keys file permissions should be set to 600 which means that only the user who owns the file can read and write to it.
- ssh server daemon usually looks into ssh authorized_keys file for ssh key fingerprint. ssh authentication protocol uses ssh keys to verify that the user is authorized to login.
where is the SSH authorized_keys file located?
The authorized_keys file is located in the .ssh directory. This directory is located in the user’s home directory. To add an SSH public key to the authorized_keys file, you can use the ssh-keygen command on client side. This command will generate an SSH key pair. The public key can be added to the authorized_keys file on server side.
You can also add an SSH public key to the authorized_keys file manually. To do this, you will need to edit the file using a text editor.
How to add multiple keys from different accounts to SSH authorized_keys file?
You can add multiple keys from different accounts to your authorized_keys file by concatenating the files together. For example, if you have two files named id_rsa.pub and id_dsa.pub, you would type: cat id_rsa.pub id_dsa.pub >> ~/.ssh/authorized_keys
What is the best way to enable SSH login without password?
The best way to enable SSH login without password is to use an SSH key. SSH keys are more secure than passwords, and they can be used to authenticate with multiple accounts on different systems.
You can use the ssh-keygen command to generate an SSH key. For example, if you want to generate an RSA key, you would type: ssh-keygen -t rsa
Why is the ssh public key not working for me when trying to log in?
There could be a number of reasons why your ssh public key is not working. Make sure that you are using the correct key, and that the key has been added to the authorized_keys file on the server.
Is it possible to use a public and private key with one account on different systems?
Yes, it is possible to use a public and private key with one account on different systems. You will need to generate a separate key for each system, and add the public key to the authorized_keys file on each system.