How to store your ssh public key in a different directory

You’re probably coming from a previous related post (Resolved: “Permission denied (publickey).” when trying to access via ssh an Ubuntu Server), but if not, you should take a look at it so you can get an idea of why you might want to store your ssh public key outside your home directory. I am no security expert so maybe this is not a great practice on shared server but in my scenario, all are trusted users so storing the ssh public keys of the users elsewhere was an acceptable choice.

How to store your ssh public key in a different directory

The key here is in the configuration file located at /etc/ssh/sshd_config. We are going to be looking for the following setting:

RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile     %h/.ssh/authorized_keys

That last line is the key here. Right now, it is commented out, but you can see the default behavior of the program: %h means the home folder, so it will basically store in the home folder of each user the authorized_keys for said user. In my case, the home folder was encrypted so I kept getting a “Permission denied (publickey).” error when trying to connect via SSH to my server as the SSH service could not decrypt my home folder and validate my public key(s). Solution? I moved it to another location, take this one for example: /etc/ssh/authorized_keys/%u. what that does is store in the /etc/ folder which is readable by the service the authorized keys of every user under a file with their username. So, this is how the line would look:

AuthorizedKeysFile      /etc/ssh/authorized_keys/%u

so, as each user needs to be able to write to the folder to store their keys, you need to make it writable by them or you need to manually create the files and set their respective owners. If you have many users option one makes most sense, but if you only have a handful then just manually set the file and permissions to be safer. Go ahead and restart the service and you’ll see things work again as they should.

Hope you find this helpful!

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.