How safe is it to make my SSH Public key, very public?

12

1

Is it a security risk to allow anyone to see your SSH public key?

My public key(s) are on all the machines I login to regularly, and I've also given other sysadmins my .pub file so they allow me access to their servers, as required.

But: how safe is it to publish my public SSH keys for the entire world to see? There are plenty listed in various github repos, dotfiles and the like, and I'm also considering doing the same. I'm a sysadmin, and paranoid (but I repeat myself...) and so would appreciate some clarification.

Alister Bulman

Posted 2012-03-24T11:33:50.877

Reputation: 891

4@LazyBadger is not too lazy to complain about the given answer, but too lazy to provide the correct answer – 75th Trombone – 2015-05-12T16:34:59.913

2I'm afraid, you selected wrong place to ask. IT Security or CS or Math sites seems as more appropriate places. And accepted by you answer is wrong, plain crystal-clearly wrong in all three statements – Lazy Badger – 2012-03-24T15:16:50.637

Answers

15

Making your public key really public will of course make your key pair less secure than if the public key was also secret. Nobody can pick a lock if they have never seen the lock.

But even if someone has your public key, there still is no known, viable option of finding your private key based on it.

Of course, if someone tomorrow finds a way to calculate the private key based on your public key, then it would have been safer to have never given the public key out. But that simply isn't going to happen. And if it does, nobody is going to care about your public key, believe me :P

Der Hochstapler

Posted 2012-03-24T11:33:50.877

Reputation: 77 228

Also see SSH Key Management Overview & 6 Best Practices.

– Martin Zeitler – 2020-01-17T23:05:49.790

2Well said, however, not quite true. There are ways of calculating the private key given the public key. This doesn't on the other hand make giving out your public key 'unsafe', since it would in most cases take decades or even hundreds/thousands of years to calculate the two primes, which are needed to decrypt the message. – 0sh – 2012-03-24T12:18:30.350

8@Milosz: Saying there are ways of calculating the private key is just misinformation. Might as well say "You might get hit by a rainbow colored van tomorrow, then hit by a blue truck all the while drinking milk in your house!! It really is possible" -_- but unlikely* – surfasb – 2012-03-24T12:35:38.097

4Well, the alternative is saying there is no way of calculating the private key from a public key, which is simply false. – Marcks Thomas – 2012-03-24T14:10:44.880

Asked: 2012-03-24T11:33:50.877

Viewed: 3 298 times

Active: 2016-08-02T10:32:32.523