SSH Keys:authorized keys

From CELS IT Wiki
Jump to: navigation, search

< SSH keys

In order to be able to have your public keys installed, you must upload a valid OpenSSH authorized_keys file.

File format and syntax

An OpenSSH authorized_keys file contains a list of OpenSSH public keys, one per line. There can be no linebreaks in the middle of a key, and the only acceptable key format is OpenSSH public key format, which looks like this:

ssh-rsa AAAAB3N[... long string of characters ...]UH0= key-comment 

or

ssh-dss AAAAB3N[... long string of characters ...]UH0= key-comment 

There are slight modifications we can make to this format as outlined below, but the important pieces to know are that:

  • Each key is on a single line.
  • The key itself is the long string of characters that starts with the AAAA, and there are no spaces until the end of the key.
  • There are no lines that have ---- BEGIN or ---- END. If you have that in the file, you have a key of the wrong format in there.
  • It's perfectly acceptable to have more than one key in an authorized_keys file.

Knowing that, you can construct your keys file following the outline below.

Creating the file

Use your favorite text editor. It should be one that will not insert linebreaks for you (pico or nano users take note, the default behavior of these editors is to place linebreaks in long lines). For Windows users, notepad.exe will work fine. MacOS users can use TextEdit or any of the command line tools.

The simplest authorized_keys file is simply a collection of one or more keys in the format specified above. If you only have a single public key, you can create this file simply by copying the public key.

If you have multiple keys, just append the keys to the end of the file.

Here's an example of an authorized_keys file that allows two keys to gain access to the account.

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0KJDLOiiXj9XdMxiCT9KvaKfuxFQi+CIiklaN5hHsNgYOu7TijqyONEu5fONLoAo/cshLa+KuargyTrtizwcP4TPcTXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESlnDDg3Gq5xSsB9Okqm3V5t8GpFaJbV68BxQ4BK6HJ21A3CinV4LdV3hR/OBUbDG2EcI+ZKRDjlpJuu4YU= stace@pretend-machine
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZePxtjtZOENFpOjufycaYso2nTlzNwnAQEQRfbqsUxKVtOtGxgApIkUvjRIjNBdJE6iOzvBXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESuXC9wkSeFZCEyMJ+RgJxMkBXNZmyycbwsSqAeGJpMEUDlwzu2GD0obBz0HXqg9J1Xallop5AVDKfeszZcc= stace@another-machine

Perhaps you want to put a tighter limit on what a key is used for. See the SSH key FAQ on the details of why you might want to do that. Here's a simple example of what that might look like.

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0KJDLOiiXj9XdMxiCT9KvaKfuxFQi+CIiklaN5hHsNgYOu7TijqyONEu5fONLoAo/cshLa+KuargyTrtizwcP4TPcTXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESlnDDg3Gq5xSsB9Okqm3V5t8GpFaJbV68BxQ4BK6HJ21A3CinV4LdV3hR/OBUbDG2EcI+ZKRDjlpJuu4YU= stace@pretend-machine
command="/bin/ls ~/files" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAywWhrwq4FjHt+UuwZcZePxtjtZOENFpOjufycaYso2nTlzNwnAQEQRfbqsUxKVtOtGxgApIkUvjRIjNBdJE6iOzvBXZhhJrM0GUDJragw7SMVIs/5xJBGAyHKJ1YUMGO7+nJTmsCLx6PFOlQYveuriiVVCCZerGCLH+UtSXK3z+l7hx9NiDg3/ylOLc3f3SLxrJKn0gMTgK7BHJFXo4PguuPjWZLVdUDX+XKiqtT2n4IsYs6N9qVFG3zUgNlEjZM47NK/ytAC0max98pK+QNzsuaQOo/IShJ1TOw5wwScflPArVJ2AyROqAe7cfQg7q12I9olASFd3U5NazfZCTYAvWA1kz9UZEWLJ1Br1XOkPqOleMM8KCp/PXzz8H0kISkMIji0/QuiZOPEBsKlszXjlALcXR8Mg1uiZVWy48i9JheyXyj1ToCj6cPScpgFHp3DAGSlKKbE1EFaVfeeyGAnHESuXC9wkSeFZCEyMJ+RgJxMkBXNZmyycbwsSqAeGJpMEUDlwzu2GD0obBz0HXqg9J1Xallop5AVDKfeszZcc= stace@another-machine

If you're stuck and can't figure this out, let us know and we'll help you.

Uploading the file

See here.