SSH keys are added to default location and not to specified AuthorizedKeysFile in sshd_config

Question

I want to change the location where the Authorized SSH keys are saved. Therefore, I changed the location of the authorized keys file in /etc/ssh/sshd_config to

AuthorizedKeysFile  /etc/ssh/authorized_keys/%u/authorized_keys

The ssh service was restarted with sudo systemctl restart ssh and the owner and group of the /etc/ssh/authorized_keys/user directory is the right user/group.

The server is accessible for the already included ssh keys in /etc/ssh/authorized_keys/user/authorized_keys, but adding a new ssh key from some other device to the server with ssh-copy-id -i ~/.ssh/id_rsa user@server saves the key in the default directory ~/.ssh/authorized_keys.

Grateful for any advice or help!

Answer 1

For anybody coming by this later, ssh-copy-id is on the client, and the sshd_config is on the server. It cannot know where to write to. It assumes the default location.

Furthermore, you don't want every user able to write into /etc/ssh/authorized_keys anyway. If you've specifically set ownership to the user for /etc/ssh/authorized_keys/user then there's no obvious benefit vs having it in the default location. The advantage of doing what you've suggested is for centralized management of keys, an advantage you only have if the users are NOT permitted to write to it.