Your browser does not allow storing cookies. We recommend enabling them.

Authorized Key

An authorized key in SSH is a public key used for granting login access to users. The authentication mechanism is called public key authentication.

Authorized keys are configured separately for each user - usually in the .ssh/authorized_keys file in the user's home directory. However, the location of the keys can be configured in SSH server configuration files, and is often changed to a root-owned location in more secure environments.

Technically, an authorized key looks like this:


Authorized keys are Access Credentials

Authorized keys configure access credentials and grant access to servers. They must be properly managed as part of identity and access management and are relevant for all compliance standards and cybersecurity-related laws, such as Sarbanes-Oxley for public companies, HIPAA for health care, and FISMA/NIST SP 800-53 for US government agencies.

Universal SSH Key Manager is a popular solution for managing the keys and establishing proper provisioning and termination processes.


Authorized keys are the only kind of credential that users are commonly able to self-provision. It is possible to prevent self-provisioning in SSH, but that requires a configuration change. The operation is often called lock-down, and it is usually one of the first steps in SSH key management.

Each SSH implementation has its own tools for creating and distributing SSH keys. Different implementations also use different formats for the key files.

Typically provisioning an authorized key involves generating a key pair, installing the public key as an authorized key, and using the private key as an identity key.

Various SSH clients have their own key generation tools. PuTTY comes with PuTTYgen.

Authorized Key Provisioning in OpenSSH

With OpenSSH, a key pair can be created using the ssh-keygen tool. The public key can then be copied to a server using the ssh-copy-id tool.

The whole process is very simple and only takes a few minutes. With default configuration, anyone with access to a user account on a server can configure additional SSH keys for it.

Beware of the Key Management Problem

Given that generating and and installing SSH keys is so easy, they can easily proliferate and expose the organization to attack spread and other disks. It is important to pay attention to key management and address it in security policies and audits early on. Even in an organization of only a few dozen people there can be hundreds or thousands of authorized keys. Some larger enterprises have several million keys granting access to their production servers.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now