I'm setting up OpenSSH on a server and I've created my keys on my client, but I don't know where I'm supposed to put the public key on the host. I understand it needs to be added to the authorized_keys file, but where is the authorized keys file? In sshd_config it has it at
%h/.ssh/authorized-keysI look around a bit and I've seen people refer to %h as being a shortcut for the home directory, but is it home directory as in /home/.ssh or is it /home/user/.ssh?
Forgive my ignorance and thank you in advance!
The .ssh directory is at neither locations, I already looked.
2 Answers
According to man 5 sshd_config:
%h is replaced by the home directory of the user being authenticated
This means the file will be /home/user/.ssh/authorized_keys. If the .ssh directory is missing (which seems normal if not previously configured) you can create it and also the authorized_keys file within and then populate the file's contents with your public key.
The %h placeholder can have one of two (unrelated) meanings, depending on where it is used in configuration for sshd (deamon/server) or ssh (client).
The man page for sshd_config(5) documents %h as the file path to your home directory, and is accepted by multiple keywords relating to files and directories:
TOKENS
Arguments to some keywords can make use of tokens, which are expanded at runtime:
- [..]
%h- The home directory of the user.- [..]
AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u.
AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.
AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u.
ChrootDirectory accepts the tokens %%, %h, %U, and %u.
The man page for ssh_config(5) documents %h as the specified hostname in the ssh command.
TOKENS
%h- The remote hostname.[..]
HostNameaccepts the tokens %% and %h.
This is commonly used to create shortcuts on the command-line. See also .
