Using a global SSH key for all users

With so many people now using Virtual Private Servers for their web hosting needs it can sometimes become frustrating when you need to remember a password for each different account hosted on your server. To alleviate this, you use a public/private key pair which makes logging in via SSH or SFTP much a lot easier while also making it more secure since you are not relying on passwords that can be brute forced. The downside is that you need to install the public key on every new account. This can become cumbersome, especially if you already have several different accounts on your server that has not been configured to use your public key.

The solution is to install a global SSH public key on your server. Note that this method should be used with caution as it will open up every account on your server to anyone with the matching private key. If you have other users on your server you should never give them your private key or install their public key via this method.

This is a great option for sysadmins, web developers hosting several clients on a single server or for anyone that has a server in which they would want access to all the accounts with a single key.

I am going to assume you already know how to generate your own public/private key pair. I would recommend generating a unique pair specifically for this.

The first thing you need to do is create a new authorized_keys file and set the correct permissions. I created mine in the /etc/ssh/ directory. You can do this by running the following commands…

Now that this file is created, you can add your public key to this file. Open it with your favorite text editor and paste in you public key. Make sure you open it as root or with the sudo command so you are able to save it.

Next you will open the sshd_config file and let it know to look at our new authorized_keys file when authenticating users. On most Linux distributions, this file is located at /etc/ssh/sshd_config

Once opened, look for a line that starts with AuthorizedKeysFile

This line may be commented out with a #, if it is, remove the # that is in front of AuthorizedKeysFile

You now just need to add the location of the previously created authorized_keys file

Save the file and restart sshd to complete.

If you are using a CentOS based distribution, you can restart sshd with the following command

You will now be able to log in as any user using that key.

Leave a Reply

Your email address will not be published. Required fields are marked *