Authorized_keys are important files which has the information of public keys for public key authentication. By default location is ~/.ssh/authorized_keys. Here, ~ is users default home directory in system.

While working on SSH, we got requirement to centralize the authorized_keys of all users existing in system. In most of the system for SSH we use the OpenSSH package. Hence, the default location for SSH config file is /etc/ssh/sshd_config .

Centralizing the authorized_keys for all users is quite easy. We believe you already have some experience on public and private ssh key pairs, because for access user need SSH private key.

Step 1: List the users name exist in system

Gather the information of existing users from /etc/passwd file . Make a list of users to whom you want to give access in system with SSH key authentication method.

For example , I found some valid users from system like –

joe
mike
Joseph

Step 2 : Create a new directory

Create a new directory inside /etc/ssh . This we will use this directory for placing all users keys.

mkdir -p /etc/ssh/KEYS

Step 3: Edit the sshd_config file

Now we will edit the sshd_config file. We will edit AuthorizedKeysFile parameter in /etc/ssh/sshd_config file.

First take backup of /etc/ssh/sshd_config file. In case, if something goes wrong we can revert back by copying the backup file to original.

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F).backup

Quickly checking if AuthorizedKeysFile parameter exist in file.

egrep -v '^#|^$' /etc/ssh/sshd_config |grep AuthorizedKeysFile

If AuthorizedKeysFile parameter exist in system then edit in below given format or otherwise add below given line in /etc/ssh/sshd_config

AuthorizedKeysFile  /etc/ssh/KEYS/%u

Step 4: Create directories matches with user name

Create directories matches with user name whose authorized_keys file you want to centralize.

For root user , now we will centralize authorized_keys. Follow the given below steps

mkdir -p /etc/ssh/KEYS/root
chown root:root /etc/ssh/KEYS/root
chmod  755 /etc/ssh/KEYS/root
touch /etc/ssh/KEYS/root/authorized_keys
chmod 644 /etc/ssh/KEYS/root/authorized_keys
chown root:root /etc/ssh/KEYS/root/authorized_keys

Get the public key content and paste in /etc/ssh/KEYS/root/authorized_keys file.
For reference, the ssh public key appear like this. Please take it as an example only.
ssh-key

Set centralized authorized_keys for all users

Just as we have completed in above steps, almost same step you have to follow for all users. For example, our user name is mike . Let’s set authorized_keys file for mike

mkdir -p /etc/ssh/KEYS/mike
chown mike:mike /etc/ssh/KEYS/mike
chmod  755 /etc/ssh/KEYS/mike
touch /etc/ssh/KEYS/mike/authorized_keys
chmod 644 /etc/ssh/KEYS/mike/authorized_keys
chown mike:mike /etc/ssh/KEYS/mike/authorized_keys

Get the public key content for user called mike and paste in /etc/ssh/KEYS/mike/authorized_keys file.

Same steps follow for each users. In case, you are good in scripting you can easily achieve this by using for..loop .

Step 5: Now reload the ssh service

In CentOS 7 / RHEL 7

systemctl reload sshd

In CentOS 6 / RHEL 6

service sshd reload

In Ubuntu / Debian

sudo service ssh reload

Read Some More Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.