How to add RSA key to authorized_keys file?

Question

I've created an RSA public key and I want to add that to authorized_keys file, but there is no such file in my Ubuntu 11.10 machine.

How can I add the key to authorized_keys?

score 147 · Answer 1 · edited Jul 16 '21 at 11:02

147

Make sure when executing Michael Krelin's solution you do the following

cat <your_public_key_file> >> ~/.ssh/authorized_keys

Note that without the double >> the existing contents of authorized_keys will be over-written (nuked!) and that may not be desirable.

edited Jul 16 '21 at 11:02

Jesse Nickles

1,435
1
17
25

answered Jan 21 '14 at 11:51

donden1

1,535
1
10
3

You need to include how to properly cat the public key information, simply copying and pasting it won't do. For example: – eco Mar 03 '16 at 01:25
6

Can you explain why copying / pasting won't work? I am sincerely curious. – mcsilvio Jan 07 '19 at 09:58
Remember, if running systemd to restart the ssh service, or it won't suck up the new keys `sudo systemctl restart sshd` and won't work – Kes Dec 04 '20 at 17:04
1

@Kes, it will. User's `authorized_keys` aren't kept in memory, but read when the user connects. – Michael Krelin - hacker May 27 '21 at 20:08
1

Thanks @MichaelKrelin-hacker, I did'nt know that! – Kes May 27 '21 at 20:26
1

@Kes, you're welcome. What you were talking about applies to the files in `/etc/` like `sshd_config`, host keys, etc. – Michael Krelin - hacker May 28 '21 at 08:06

score 70 · Answer 2 · answered Nov 10 '17 at 14:03

70

There is already a command in the ssh suite to do this automatically for you. I.e log into a remote host and add the public key to that computers authorized_keys file.

ssh-copy-id -i /path/to/key/file user@host.com

If the key you are installing is ~/.ssh/id_rsa then you can even drop the -i flag completely.

Much better than manually doing it!

answered Nov 10 '17 at 14:03

tkarls

3,171
3
27
27

1

This advice should be much higher, because this variant does not run the critical danger of damaging your `authorized_keys`-File in a way that might leave you stranded without *any* way to log in. – Torque Mar 17 '21 at 13:53
Not default port? Go for `ssh-copy-id -p PORT_NUMBER USER@REMOTE_MACHINE` – Augusto May 05 '21 at 07:33
This answer shows how important and how overlooked reading documentation is. And to add something of merit: you can skip `-i file` and it will copy your default key. – Nebril Jul 17 '21 at 19:03
`ssh-copy-id...` is a chicken-egg problem. If the host requires and SSH key to connect, then `ssh-copy-id` can add my SSH key to `authorized_keys` on the host, no matter how hard I try. – RickC Sep 01 '21 at 12:53
@RickC if password login is disabled it still works with ssh-agent or you can pass another key for ssh-copy-id to authenticate with using -o "IdentityFile hostkey.rsa" before the host. You may need to use the -f flag too – tkarls Sep 02 '21 at 15:34
this should be the accepted answer – pycvalade Oct 27 '21 at 15:08
'log into a remote host and add the public key'... This answer seems to imply you have first login to the remote host and then issue the stated command. As such it is not clear from this answer that the`ssh-copy-id` command should be executed on the client machine (i.e. your PC), not on the ssh host. – Sam De Meyer Mar 16 '22 at 08:47
@SamDeMeyer no, What I tried to indicate is that ssh-copy-id command first logs in to the remote host and then adds the public key on that machine. – tkarls Mar 17 '22 at 14:51
@tkarls ah I see. My comment sounded a bit harsh, sorry for that. I didn't know about `ssh-copy-id` and now I use it all the time, so thanks for sharing this piece of knowledge :) – Sam De Meyer Mar 17 '22 at 15:37
@tkarls , not sure if one is willing to add their private key to authorized key on remote host. So better you may want change line to hold eg file name as `~/.ssh/id_rsa.pub` – vinWin Nov 23 '22 at 06:04
@vinWin you should never expose your private key to anyone! This is why you should use ssh-copy-id since it copies the public key, rather than the private one. So no risk of exposing your private key by mistake. – tkarls Nov 23 '22 at 12:34

Michael Krelin - hacker · Answer 3 · 2020-12-30T22:54:52.953

64

mkdir -p ~/.ssh/

To overwrite authorized_keys

cat your_key > ~/.ssh/authorized_keys

To append to the end of authorized_keys

cat your_key >> ~/.ssh/authorized_keys

edited Dec 30 '20 at 22:54

answered Sep 12 '12 at 16:27

Michael Krelin - hacker

138,757
24
193
173

i have generated key at client side and copied that key to server machine,but using **ssh 192.168.2.7** command it does not allow login. – Raji A C Sep 13 '12 at 06:52
Does not allow login saying what? – Michael Krelin - hacker Sep 13 '12 at 08:54
when executing this command it asks for password of server.i want a passwordless login – Raji A C Sep 13 '12 at 09:39
Is the id (pub part) in ~/.ssh/authorized_keys on the remote? Is the id (non pub part) used by ssh when trying to log in? You can try specifying it explicitly with `-i`. Also, you can try `ssh -v` and you can check permissions of your authorized_keys on the remote. And check the logs there. – Michael Krelin - hacker Sep 13 '12 at 10:19
Can we somehow check if key is already added? Like it is done by ssh-copy-id for remote system – Dmitriusan Sep 02 '15 at 09:26
@Dmitriusan, of course we can. For instance by grepping the `authorized_keys` file. But if the answer becomes obscure and implement all the features of `ssh-copy-id`, it would probably make sense to replace it with a pointer to ssh-copy-id ;-) – Michael Krelin - hacker Sep 02 '15 at 14:26
thanks, I've already figured out that plain grep works since every entry is a single string – Dmitriusan Sep 03 '15 at 16:46
1

Remember that `.ssh` folder has to be `700`. The `authorized_keys` file should be `600` – Naramsim May 27 '21 at 10:28
@Naramsim, that's right, but if you forget sshd will remind you (assuming you look up logs when things don't go your way). – Michael Krelin - hacker May 27 '21 at 20:04
that's what I often use but the ssh-copy-id way should be the accepted answer – pycvalade Oct 27 '21 at 15:09
@pycvalade, for starters, the accepted answer should *be* :D And it should be whatever OP accepts. `ssh-copy-id` is definitely the tool one would use if available, but as an answer it may not give a whole picture. Assuming SO is a bit of a learning resource, not just copypaste resource. – Michael Krelin - hacker Oct 27 '21 at 19:48

score 42 · Answer 4 · edited Aug 13 '17 at 09:14

42

I know I am replying too late but for anyone else who needs this, run following command from your local machine

cat ~/.ssh/id_rsa.pub | ssh user@192.168.1.1 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

this has worked perfectly fine. All you need to do is just to replace

user@192.168.1.1

with your own user for that particular host

edited Aug 13 '17 at 09:14

Aditya Kresna Permana

11,869
8
42
48

answered Feb 23 '16 at 07:41

Faisal Sarfraz

641
6
18

Just what I was looking for. Simplest way to add key to remote server, thanks! – Maxime Lafarie Mar 30 '21 at 08:05

score 3 · Answer 5 · answered Mar 20 '19 at 10:50

3

>ssh user@serverip -p portnumber 
>sudo bash (if user does not have bash shell else skip this line)
>cd /home/user/.ssh
>echo ssh_rsa...this is the key >> authorized_keys

answered Mar 20 '19 at 10:50

i_tanova

667
4
5

think its better to indicate last line with public key content with file name as part of echo! – vinWin Nov 23 '22 at 06:06

How to add RSA key to authorized_keys file?

5 Answers5

To overwrite authorized_keys

To append to the end of authorized_keys

Linked