Ubuntu: Adding SSH Keys to authorized_keys


I have an Ubuntu server on Amazon EC2, that I use for development, and today I stupidly cleared everything out of my ~/.ssh/authorized_keys file. Luckily I have an SSH open, so I am still connected, and can fix the file, but when I try to put my key file back, it doesn't work. I still get permission denied from the server on my local machine.

authorized_keys has the permissions 600. I have tried appending my SSH key with ssh-rsa and leaving the ssh-rsa off. I also tried making the SSH key all one line, but that didn't work either.

Is there something else that I have to do like reload the file some how?


You should never save the file with its contents starting with -----BEGIN RSA PRIVATE KEY----- on the server, that is your private key. Instead, you must put the public key into the ~/.ssh/authorized_keys file.

This public key has the .pub extension when generated using ssh-keygen and its contents begin with ssh-rsa AAAAB3. (The binary format is described in the answers to this question).

The permissions of ~/.ssh on the server should be 700. The file ~/.ssh/authorized_keys (on the server) is supposed to have a mode of 600. The permissions of the (private) key on the client-side should be 600.

If the private key was not protected with a password, and you put it on the server, I recommend you to generate a new one:

ssh-keygen -t rsa  

You can skip this if you're fully sure that nobody can recover the deleted private key from the server.

If this does not help, run ssh with options for more verbosity:

ssh -vvv user@example.com  

On the server side, you can review /var/log/auth.log for details.


An alternative way to install your public key in the remote machine's authorized_keys:

cat ~/.ssh/id_rsa.pub | ssh USER@HOST "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"  

Some advantages:

  • does not require ssh-copy-id to be installed.

  • guarantees that mkdir works before attempting to append id_rsa.pub to authorized_keys.


If you have login based authentication then use ssh-copy-id to append your public keys to remote server.

ssh-copy-id user@host  


local> scp .ssh/id_dsa.pub remote.com:  local> ssh remote.com  remote> cat id_dsa.pub >> .ssh/authorized_keys  remote> rm id_dsa.pub  remote> exit  


Easiest way is to copy and paste...

First view/copy the contents of your local public key id_rsa.pub including the beginning "ssh-rsa" until it ends with your email address:

cat ~/.ssh/id_rsa.pub  

Then edit authorized_keys on the server and paste contents of your clipboard below any other keys in that file:

nano ~/.ssh/authorized_keys  

And save Ctl+O, exit the file Ctl+X, exit the SSH session exit and try logging back in to confirm it worked. If it didn't ask for a password it worked.


After saving public key you should save the private key into a directory and file on your pc. And in the auth section of ssh on putty you should point to the private key file that you saved on your desktop. It will work. It works for me.


I thought I can contribute to this since it is about AWS instances specifically and all the answers only treat the problem as a Linux issue, as if it was a piece of hardware. First thing you need to understand is that you should never, ever, don't treat EC2 instances as hardware. That's just going to create more work for you Treat them as volatile. That's the biggest hurdle I see people having with AWS. Make an AMI of your instance and inject the key you need into the new instance. cloud-init will take care of it for you. In more detail all you have to do is use the correct public key when creating the new instance out of the AMI of the original. If, like in the comments of the approved answer you want to generate your own key pair of pub and pem files AWS provides you with the option to upload your public keys for use in EC2.



Get a shell on the remote machine where you want to put the key and then you can run this one-liner to create the necessary files and directories, set their permissions and append the key to the file. Of course you have to change the KEYGOESHERE part below and the comment after it.

mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && echo "ssh-rsa KEYGOESHERE user@remotehost or note" >> ~/.ssh/authorized_keys  


Here's a variation whereby you might have a list of public key filenames in a text file and the big batch of public key files are also in the same directory.

This variation can be helpful if you were giving a huge list of public key files to import :-)

$ for i in $(cat ListOfPubKeyFiles.txt) ; do cat $i | ssh User@Hostname "cat >> ~/.ssh/authorized_keys"; done  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »