SSH - Authorized Keys file (on Server)

> SSH (Secure Shell) - Remote Access

1 - About

In a PKI model, once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys.

The AuthorizedKeysFile keyword specifies the file containing public keys for public key authentication.

Advertising

3 - Format

The file contains a list of public keys, one per line.

ssh-rsa key key-comment 
ssh-dss key key-comment 

4 - Example

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+Mh3U/3We4VYtV1QmWUFIzFLTUeegl1Ao5/QGtCRGAZn8bxX9KlCrrWISIjSYAwCajIEGSPEZwPNMBoK8XD8Q= [email protected]
# Comments allowed at start of line
ssh-rsa AAAAB3Nza...LiPk== user@example.net 
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== [email protected]
command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S==
ssh-rsa [email protected]
zos-key-ring-label="KeyRingOwner/SSHAuthKeysRing uniq-ssh-rsa"
from="*.example.com",zos-key-ring-label="KeyRingOwner/SSHAuthKeysRing uniq-ssh-dsa"
  • With configuration and command
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"packer\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAYRwgsk6fxOJYR6plf3Vcwu...
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"packer\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSQvCliGGSQkywgvFQjbhARqo0ZA....
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"hdsshadm\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA3NcgK9ScckgtWOlKD5MMIMBEpsEk3wDur4SUHlyg7Jb9PWPidU6gqT...

5 - Management

5.1 - Location

5.1.1 - Default

If none is specified, the default is in the user's home directory:

  • ~/.ssh/authorized_keys
  • and ~/.ssh.authorized_keys2.

This means that each user can add permanent credentials for themselves and/of for friends … :)

Advertising
5.1.1.1 - Conf

In the ssh server conf file, you can set it to a root place

Example:

/etc/ssh/sshd_conf
AuthorizedKeysFile /etc/ssh/authorized-keys/%u

6 - Documentation / Reference

ssh/authorized_keys.txt · Last modified: 2019/01/23 14:53 by gerardnico