14

I'm setting up OpenSSH on a server and I've created my keys on my client, but I don't know where I'm supposed to put the public key on the host. I understand it needs to be added to the authorized_keys file, but where is the authorized keys file? In sshd_config it has it at 

%h/.ssh/authorized-keys

I look around a bit and I've seen people refer to %h as being a shortcut for the home directory, but is it home directory as in /home/.ssh or is it /home/user/.ssh?

Forgive my ignorance and thank you in advance!

The .ssh directory is at neither locations, I already looked.

muru
  • 193,181
  • 53
  • 473
  • 722
A. Franco
  • 143
  • 1
  • 2
  • 6

2 Answers2

14

According to man 5 sshd_config:

%h is replaced by the home directory of the user being authenticated

This means the file will be /home/user/.ssh/authorized_keys. If the .ssh directory is missing (which seems normal if not previously configured) you can create it and also the authorized_keys file within and then populate the file's contents with your public key.

muru
  • 193,181
  • 53
  • 473
  • 722
Jason Stangroome
  • 502
  • 5
  • 10
  • Thank you very much! I have my public key on a flash drive i have mounted at /media/usb and i tried to run this command to create and add the key to the authorized_keys file. sudo cat /media/usb/id_rsa.pub >> /home/user/.ssh/authorized_keys however, that give me a permission denied error -bash: /home/user/.ssh/authorized_keys: Permission denied Whats with that? & how would I go about creating this authorized_keys file? Any particular file format or something? – A. Franco Apr 05 '15 at 06:23
  • If creating it yourself (or even if not) make sure you give correct permissions, 700 for the .ssh directory and 600 for authorized_keys – Jim W Dec 19 '16 at 18:03
0

The %h placeholder can have one of two (unrelated) meanings, depending on where it is used in configuration for sshd (deamon/server) or ssh (client).

The man page for sshd_config(5) documents %h as the file path to your home directory, and is accepted by multiple keywords relating to files and directories:

TOKENS

Arguments to some keywords can make use of tokens, which are expanded at runtime:

  • [..]
  • %h - The home directory of the user.
  • [..]

AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u.

AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u.

AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.

AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u.

ChrootDirectory accepts the tokens %%, %h, %U, and %u.

The man page for ssh_config(5) documents %h as the specified hostname in the ssh command.

TOKENS

  • %h - The remote hostname.

[..]

HostName accepts the tokens %% and %h.

This is commonly used to create shortcuts on the command-line. See also https://superuser.com/q/503687/164493.

Timo Tijhof
  • 103
  • 4