How do I add SSH Keys to authorized_keys file?

Question

I have an Ubuntu server on Amazon EC2, that I use for development, and today I stupidly cleared everything out of my ~/.ssh/authorized_keys file. Luckily I have an SSH open, so I am still connected, and can fix the file, but when I try to put my key file back, it doesn't work. I still get permission denied from the server on my local machine.

authorized_keys has the permissions 600. I have tried appending my SSH key with ssh-rsa and leaving the ssh-rsa off. I also tried making the SSH key all one line, but that didn't work either.

Is there something else that I have to do like reload the file some how?

score 332 · Accepted Answer · edited May 23 '17 at 12:39

You should never save the file with its contents starting with -----BEGIN RSA PRIVATE KEY----- on the server, that is your private key. Instead, you must put the public key into the ~/.ssh/authorized_keys file.

This public key has the .pub extension when generated using ssh-keygen and its contents begin with ssh-rsa AAAAB3. (The binary format is described in the answers to this question).

The permissions of ~/.ssh on the server should be 700. The file ~/.ssh/authorized_keys (on the server) is supposed to have a mode of 600. The permissions of the (private) key on the client-side should be 600.

If the private key was not protected with a password, and you put it on the server, I recommend you to generate a new one:

ssh-keygen -t rsa

You can skip this if you're fully sure that nobody can recover the deleted private key from the server.

If this does not help, run ssh with options for more verbosity:

ssh -vvv user@example.com

On the server side, you can review /var/log/auth.log for details.

score 297 · Answer 2 · edited Dec 25 '22 at 04:29

An alternative way to install your public key in the remote machine's authorized_keys:

cat ~/.ssh/id_rsa.pub | ssh USER@HOST "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Some advantages:

does not require ssh-copy-id to be installed.
guarantees that mkdir works before attempting to append id_rsa.pub to authorized_keys.

There is a chance that a newly created authorized_keys file or .ssh folder will not have the correct file permissions. This may result in ssh attempting to fallback to password authentication (if it is still enabled).

To fix this, log back in the server and run:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

See this answer for more details, as well as the other answer to this question.

score 193 · Answer 3 · edited Feb 27 '13 at 19:30

193

If you have login based authentication then use ssh-copy-id to append your public keys to remote server.

ssh-copy-id user@host

edited Feb 27 '13 at 19:30

Marius Butuc

5,081

answered Jun 01 '11 at 16:32

Shoaib Nawaz

2,389

jjg · Answer 4 · 2021-11-10T00:00:08.130

54

local> scp .ssh/id_rsa.pub remote.com:
local> ssh remote.com
remote> cat id_rsa.pub >> .ssh/authorized_keys
remote> rm id_rsa.pub
remote> exit

edited Nov 10 '21 at 00:00

answered Jun 01 '11 at 18:23

jjg

1,477

score 29 · Answer 5 · answered Sep 07 '15 at 18:42

Easiest way is to copy and paste...

First view/copy the contents of your local public key id_rsa.pub including the beginning "ssh-rsa" until it ends with your email address:

cat ~/.ssh/id_rsa.pub

Then edit authorized_keys on the server and paste contents of your clipboard below any other keys in that file:

nano ~/.ssh/authorized_keys

And save Ctl+O, exit the file Ctl+X, exit the SSH session exit and try logging back in to confirm it worked. If it didn't ask for a password it worked.

score 8 · Answer 6 · edited Dec 07 '16 at 22:35

Get a shell on the remote machine where you want to put the key and then you can run this one-liner to create the necessary files and directories, set their permissions and append the key to the file. Of course you have to change the KEYGOESHERE part below and the comment after it.

mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && echo "ssh-rsa KEYGOESHERE user@remotehost or note" >> ~/.ssh/authorized_keys

eco · Answer 7 · 2016-07-21T00:14:30.897

I thought I can contribute to this since it is about AWS instances specifically and all the answers only treat the problem as a Linux issue, as if it was a piece of hardware. First thing you need to understand is that you should never, ever, don't treat EC2 instances as hardware. That's just going to create more work for you Treat them as volatile. That's the biggest hurdle I see people having with AWS. Make an AMI of your instance and inject the key you need into the new instance. cloud-init will take care of it for you. In more detail all you have to do is use the correct public key when creating the new instance out of the AMI of the original. If, like in the comments of the approved answer you want to generate your own key pair of pub and pem files AWS provides you with the option to upload your public keys for use in EC2.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws

score 4 · Answer 8 · answered Apr 23 '14 at 19:59

4

After saving public key you should save the private key into a directory and file on your pc. And in the auth section of ssh on putty you should point to the private key file that you saved on your desktop. It will work. It works for me.

answered Apr 23 '14 at 19:59

user273266

41

score 2 · Answer 9 · edited Dec 07 '16 at 22:36

2

Here's a variation whereby you might have a list of public key filenames in a text file and the big batch of public key files are also in the same directory.

This variation can be helpful if you were giving a huge list of public key files to import :-)

$ for i in $(cat ListOfPubKeyFiles.txt) ; do cat $i | ssh User@Hostname "cat >> ~/.ssh/authorized_keys"; done

edited Dec 07 '16 at 22:36

Zanna

72,312

answered Aug 23 '16 at 17:32

jlmontes

73

How do I add SSH Keys to authorized_keys file?

9 Answers9

Linked

Related