Back to Commands

authorized_keys

networkingLinux/Unix
The authorized_keys command is one of the most frequently used commands in Linux/Unix-like operating systems. authorized_keys The ~/.ssh/authorized_keys file is a configuration file that specifies which SSH public keys are allowed to log into a user's account without a password. Each line of the file contains one public key, and the file is used by the SSH server to authenticate users via public key authentication.
See ExamplesView Syntax

Quick Reference

Command Name:

authorized_keys

Category:

networking

Platform:

Linux/Unix

Basic Usage:

authorized_keys [options] [arguments]

Common Use Cases

  • 1

    SSH key management

    Manage authorized SSH keys for secure authentication

  • 2

    Security

    Ensure secure communication between systems

  • 3

    Scripting

    Use in shell scripts to automate SSH key management

  • 4

    Remote administration

    Administer remote systems securely

Syntax

Located at: ~/.ssh/authorized_keys

Options

Option Description
command="command" Forces a specific command to be executed when this key is used for authentication
from="pattern-list" Restricts logins with this key to come from specified host names or IP addresses
no-port-forwarding Prevents TCP port forwarding when authenticated with this key
no-agent-forwarding Disables authentication agent forwarding for this key
no-X11-forwarding Prevents X11 forwarding when authenticated with this key
no-pty Prevents allocation of a pseudo-terminal when authenticating with this key
no-user-rc Prevents execution of ~/.ssh/rc by ssh when authenticating with this key
permitopen="host:port" Restricts port forwarding to specified destination only
environment="NAME=value" Sets environment variables when this key is used for login

Examples

How to Use These Examples

The examples below show common ways to use the authorized_keys command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

Basic Examples:

Add a public key to authorized_keys file
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... user@hostname" >> ~/.ssh/authorized_keys
Set proper permissions for SSH directory and files
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Use ssh-copy-id to safely add your key
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host
View the contents of authorized_keys file
cat ~/.ssh/authorized_keys
Check permissions of SSH files
ls -la ~/.ssh/

Advanced Examples:

Add a key with command restriction
echo 'command="only-this-command" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... restricted-access' >> ~/.ssh/authorized_keys
Add a key with source IP restriction
echo 'from="192.168.1.0/24,10.0.0.1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... network-restricted' >> ~/.ssh/authorized_keys
Add a key with multiple restrictions
echo 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="internal-sftp" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... sftp-only' >> ~/.ssh/authorized_keys
Backup existing authorized_keys before modification
cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.backup
Remove a specific key from authorized_keys
sed -i '/user@hostname/d' ~/.ssh/authorized_keys
Add a key for backup purposes only
echo 'command="rsync --server -logDtprze.iLsfx . /backup/" ssh-rsa AAAAB3NzaC1yc2EAAAADAQ... backup-only' >> ~/.ssh/authorized_keys
Verify SSH configuration
ssh-keygen -l -f ~/.ssh/authorized_keys
Create a new authorized_keys file
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

File Purpose and Function:

  • The authorized_keys file is a security mechanism that allows passwordless SSH access to a server
  • It contains a list of public keys that are allowed to authenticate without a password
  • Each user on a system has their own authorized_keys file in their ~/.ssh/ directory
  • The SSH server (sshd) checks this file during login attempts using public key authentication
  • If a connecting client's key matches an entry in this file, access is granted without a password

Security Considerations:

  • File Permissions: The authorized_keys file should have 600 permissions (owner read/write only)
  • Directory Permissions: The ~/.ssh directory should have 700 permissions (owner read/write/execute only)
  • Home Directory: Some SSH server configurations require the user's home directory to not be writable by other users
  • Regular Auditing: Regularly review the authorized_keys file to remove unused or unauthorized keys
  • Key Restrictions: Consider using the options feature to limit what each key can do
  • Server Configuration: Ensure that PubkeyAuthentication is enabled in /etc/ssh/sshd_config

Key Management Best Practices:

  • Use descriptive comments at the end of each key to identify its owner and purpose
  • Implement a process for adding and revoking keys when employees join or leave
  • Consider using a configuration management tool (like Ansible, Puppet, or Chef) to manage keys at scale
  • Rotate keys periodically for critical systems
  • Keep private keys secure with strong passphrases and proper file permissions
  • Consider using SSH certificates instead of authorized_keys for large deployments

Troubleshooting:

  • Permission Denied Errors: Check file permissions on both ~/.ssh/ and ~/.ssh/authorized_keys
  • Log Files: Check /var/log/auth.log or /var/log/secure for SSH connection issues
  • Debug Mode: Run SSH with -v, -vv, or -vvv for increasing levels of verbosity to diagnose issues
  • Key Format: Ensure the public key is in the correct format without line breaks or corruption
  • Server Configuration: Verify that public key authentication is enabled in sshd_config
  • SELinux/AppArmor: Security modules might prevent access to authorized_keys files

Common Use Cases:

  • Automated Backups: Allow backup scripts to connect without passwords
  • Secure File Transfers: Enable passwordless SFTP or SCP for file transfers
  • CI/CD Pipelines: Allow deployment systems to connect to servers
  • System Administration: Enable administrators to access multiple systems without typing passwords
  • Restricted Access: Provide limited access to certain users by restricting what their keys can do
  • Jump Hosts: Configure bastion hosts that allow access to internal networks

Related Files and Commands:

  • ~/.ssh/id_rsa.pub - The public key file generated by ssh-keygen
  • ~/.ssh/id_rsa - The corresponding private key (keep this secure!)
  • ~/.ssh/config - Client configuration file for SSH connections
  • /etc/ssh/sshd_config - Server configuration for the SSH daemon
  • ssh-copy-id - Command to install your public key in a remote machine's authorized_keys
  • ssh-keygen - Command to generate SSH key pairs

Tips & Tricks

1

Use the -a option to append keys to the authorized_keys file

2

Use the -i option to specify the identity file

3

Use the -c option to specify the key comment

4

Use the -m option to specify the key type

5

Use the -t option to specify the key expiration time

Common Use Cases

SSH key management

Manage authorized SSH keys for secure authentication

Security

Ensure secure communication between systems

Scripting

Use in shell scripts to automate SSH key management

Remote administration

Administer remote systems securely

Data transfer

Transfer files between systems securely and efficiently

Related Commands

These commands are frequently used alongside authorized_keys or serve similar purposes:

ssh
ssh-keygen
ssh-copy-id
ssh-add
ssh-agent
scp
sftp
rsync
Explore All Commands

Use Cases

1

SSH key management

Manage authorized SSH keys for secure authentication

2

Security

Ensure secure communication between systems

3

Scripting

Use in shell scripts to automate SSH key management

4

Remote administration

Administer remote systems securely

5

Data transfer

Transfer files between systems securely and efficiently

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the authorized_keys command works in different scenarios.

See ExamplesTry Lab Exercises
$ authorized_keys
View All Commands
authorized_keys - SSH Public Key Authentication File