Difference between revisions of "~/.ssh/authorized keys"

From wikieduonline
Jump to navigation Jump to search
Tags: New redirect, Mobile web edit, Mobile edit
 
 
(37 intermediate revisions by the same user not shown)
Line 1: Line 1:
#redirect [[Configure OpenSSH to allow Public-key authentication]]
+
* <code>[[touch]] ~/[[.ssh]]/authorized_keys && [[chmod]] og-r ~/.ssh/authorized_keys</code>
 +
* <code>[[chmod]] 600 ~/[[.ssh]]/authorized_keys or chmod ogw-r ~/.ssh/authorized_keys</code>
 +
 
 +
[[chown]]
 +
 
 +
* [[Configure OpenSSH to allow Public-key authentication]]
 +
 
 +
[[sshd_config]]
 +
#[[AuthorizedKeysFile]] .ssh/authorized_keys .ssh/authorized_keys
 +
 
 +
https://linux.die.net/man/5/sshd_config [[sshd_config]]
 +
 
 +
AUTHORIZED_KEYS FILE FORMAT
 +
    AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is ~/.ssh/authorized_keys and
 +
    ~/.ssh/authorized_keys2.  Each line of the file contains one key (empty lines and lines starting with a ‘#’ are ignored as comments).  Public keys consist of the following
 +
    space-separated fields: options, keytype, [[base64]]-encoded key, comment.  The options field is optional.  The supported key
 +
types are:
 +
 
 +
          [email protected]
 +
          ecdsa-sha2-nistp256
 +
          ecdsa-sha2-nistp384
 +
          ecdsa-sha2-nistp521
 +
          [email protected]
 +
          ssh-[[ed25519]]
 +
          ssh-dss
 +
          ssh-rsa
 +
 
 +
    The comment field is not used for anything (but may be convenient for the user to identify the key).
 +
 
 +
== Example files ==
 +
[[ssh-ed25519]] AAAAC3NzaC1lZDI1NTE5AAAAIEBiBqpWXhPTH9RIo9UR3ED9xUv6O/SqpWRn16UH/gHD TEXT@TEXT
 +
[[ssh-rsa]] .../...
 +
 
 +
 
 +
Additional information about format key:
 +
 
 +
:https://serverfault.com/questions/526399/why-do-my-two-ssh-public-keys-have-the-same-beginning/526404
 +
:https://tools.ietf.org/html/rfc4253
 +
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...
 +
      |  "ssh-rsa"  |exponent|  modulus
 +
 
 +
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKy...
 +
          |  "ssh-ed25519"  |  32 byte public key
 +
 
 +
== Errors ==
 +
 
 +
[[sshd logs]]
 +
Apr 26 11:45:37 ip-10-10-10-10.eu-west-1.compute.internal sshd[18174]: Authentication refused: [[bad ownership or modes for file]] /home/your_user/.ssh/authorized_keys
 +
 
 +
== Related terms ==
 +
* [[sftp configuration]]
 +
* <code>[[expiry-time]]</code> in [[OpenSSH 7.7]] ([[2018]])
 +
* <code>[[ssh-import-id]]</code>
 +
* [[AuthenticationMethods]]
 +
* <code>[[visudo]]</code>
 +
 
 +
== See also ==
 +
* {{OpenSSH}}
 +
* {{ssh}}
 +
 
 +
[[Category:SSH]]

Latest revision as of 14:56, 11 September 2023

  • touch ~/.ssh/authorized_keys && chmod og-r ~/.ssh/authorized_keys
  • chmod 600 ~/.ssh/authorized_keys or chmod ogw-r ~/.ssh/authorized_keys
chown 

sshd_config

#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys

https://linux.die.net/man/5/sshd_config sshd_config

AUTHORIZED_KEYS FILE FORMAT
    AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is ~/.ssh/authorized_keys and
    ~/.ssh/authorized_keys2.  Each line of the file contains one key (empty lines and lines starting with a ‘#’ are ignored as comments).  Public keys consist of the following
    space-separated fields: options, keytype, base64-encoded key, comment.  The options field is optional.  The supported key 
types are:
          [email protected]
          ecdsa-sha2-nistp256
          ecdsa-sha2-nistp384
          ecdsa-sha2-nistp521
          [email protected]
          ssh-ed25519
          ssh-dss
          ssh-rsa
    The comment field is not used for anything (but may be convenient for the user to identify the key).

Example files[edit]

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEBiBqpWXhPTH9RIo9UR3ED9xUv6O/SqpWRn16UH/gHD TEXT@TEXT
ssh-rsa .../...


Additional information about format key:

https://serverfault.com/questions/526399/why-do-my-two-ssh-public-keys-have-the-same-beginning/526404
https://tools.ietf.org/html/rfc4253
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...
      |  "ssh-rsa"   |exponent|   modulus
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKy...
          |   "ssh-ed25519"   |   32 byte public key

Errors[edit]

sshd logs

Apr 26 11:45:37 ip-10-10-10-10.eu-west-1.compute.internal sshd[18174]: Authentication refused: bad ownership or modes for file /home/your_user/.ssh/authorized_keys

Related terms[edit]

See also[edit]

Advertising: