Earlier today I was setting up a brand new server for a migration and just as I was typing scp .ssh/authorized_keys2 my brain went and asked a question..
What is the difference between authorized_keys and authorized_keys2?
I’ve been working with Linux for well over a decade and some of my practices stem from things I learned in the ’90s that still work, putting all my public keys in ~/.ssh/authorized_keys2 is one of those things.
authorized_keys vs authorized_keys2
In OpenSSH releases earlier than 3, the sshd man page said:
The $HOME/.ssh/authorized_keys file lists the RSA keys that are permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the $HOME/.ssh/authorized_keys2 file lists the DSA and RSA keys that are permitted for public key authentication (PubkeyAuthentication) in SSH protocol 2.0.
Which is pretty self explanatory, so that’s what the key difference in the files were originally, authorized_keys for RSA in SSH 1.3 and 1.5 and authorized_keys2 for 2.0
What is the difference between authorized_keys and authorized_keys2?
However, that’s from releases of OpenSSH earlier than 3.0, which was released in 2001, a long time ago.. looking back at the OpenSSH 3.0 release announcement authorized_keys2 is now actually deprecated. We should all just be using authorized_keys instead from now (er, 2001..) onwards!