OpenSSH on Ubuntu 10.10 (Maverick): should ~/.ssh/authorized_keys file be generated automatically?

Solution 1:

~/.ssh/authorized_keys is a per-user file. Installing a unix program never writes to users' home directories. So by default the file will not exist (which has the same effect as an empty file).

If you're generating the key on a client that is also running OpenSSH, use ssh-copy-id [as described] to transfer the public key to the server, using for that one time your password to log into the server.

If you're generating the key by some other method, copy the id_rsa.pub file from where you generated the key to ~/.ssh/authorized_keys on the server (create the directory ~/.ssh if necessary). Make sure that all three of your home directory, ~/.ssh and ~/.ssh/authorized_keys are writable only to the user (no group or other write permissions). If you want to authorize more than one key, just concatenate them into ~/.ssh/authorized_keys (so ~/.ssh/authorized_keys has one public key per line).

If you use something other than OpenSSH to generate the key, you might need to convert the public key to the OpenSSH format. For example, in PuTTY, use ‘Public key for pasting into authorized_keys file’.

Solution 2:

From that page:

The private key is kept on the computer you log in from, while the public key is stored on the .ssh/authorized_keys file on all the computers you want to log in to.

When creating a keyfile using ssh-keygen, you'll get files named id_rsa and id_rsa.pub. The first is your private key (possibly password-protected) and should be kept secret all times. You are the client.

The latter is your public key which can be given to the other side, the server. The server can allow multiple public keys. The key files are plaintext files, so you can open them with any text-editor. The public keyfile has just one line, this line should be added to the ~/.ssh/authorized_keys file on the server.

The private and public keys below are generated using ssh-keygen -t rsa. The previous command created the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.

A private key file ~/.ssh/id_rsa looks like:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,6D5AD2DF5464E16B4E92E81D095A5E7E

NbCawtGTPOfveFHvV93uw5/veo/fAmbZEcitpNlq/rPEy8ZLo7/0MltFDUupe6dI
...23 lines omitted...
eiau+K6IAbhp84/6ewXPVJ6JbfeS9vyOqkcPaZDlQ3rvbAxU9dfTptc/ZWxVoCDg
-----END RSA PRIVATE KEY-----

The corresponding public key ~/.ssh/id_rsa.pub looks like:

ssh-rsa AAAAB3NzaC1yc2EA[some chars omitted]X3aKKB6lOyr0v user@host

The first word is either ssh-rsa (for RSA keys) or ssh-dss (for DSA keys). The second part (AAAAB3...r0v) is the actual data. user@host is just a comment, and could be replaced with anything, like sysadmin from home.

Solution 3:

Just create it using your favorite editor or touch, but make sure it has the right permissions.

chmod 400 ~/.ssh/authorized_keys