SSH - Authorized Keys file (on Server)
Table of Contents
About
In public key authentication, the authorized keys are the public keys used to verify the authentication of the client via the digital signature verification.
In a PKI model, once an SSH server or client receives a public key from a client or server and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file.
The AuthorizedKeysFile keyword specifies the file containing public keys for public key authentication.
Format
The file contains a list of public keys, one per line.
ssh-rsa key key-comment
ssh-dss key key-comment
Example
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+Mh3U/3We4VYtV1QmWUFIzFLTUeegl1Ao5/QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q= [email protected]
# Comments allowed at start of line
ssh-rsa AAAAB3Nza...LiPk== [email protected]
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== [email protected]
command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S==
ssh-rsa [email protected]
zos-key-ring-label="KeyRingOwner/SSHAuthKeysRing uniq-ssh-rsa"
from="*.example.com",zos-key-ring-label="KeyRingOwner/SSHAuthKeysRing uniq-ssh-dsa"
- With configuration and command
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"packer\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAYRwgsk6fxOJYR6plf3Vcwu...
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"packer\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSQvCliGGSQkywgvFQjbhARqo0ZA....
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"hdsshadm\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA3NcgK9ScckgtWOlKD5MMIMBEpsEk3wDur4SUHlyg7Jb9PWPidU6gqT...
Management
Location
Default
If none is specified, the default is in the user's home directory:
- ~/.ssh/authorized_keys
- and ~/.ssh.authorized_keys2.
This means that each user can add permanent credentials for themselves and/of for friends … :)
Conf
In the ssh server conf file, you can set it to a root place
Example:
AuthorizedKeysFile /etc/ssh/authorized-keys/%u