48
7
In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?
I ask because when I changed "root@somedomain.com" to "root", it seems to still work.
More generally, I am curious about what the purpose of that half is.
merlin2011
Posted 2012-12-09T08:48:35.453
Reputation: 1 409
49
This right part of a public key (either "id_rsa.pub" or "id_dsa.pub") is just a comment and is usually filled with the < login>@< hostname> who generated the key. This in a way similar to the comment field from the SSH Public Key File Format (see RFC 4716).
So, as being purely informational and optional, you can change it to whatever you like, but keeping the < login>@< hostname> is a practical way to keep track of what is what.
For more about OpenSSH "authorized_keys" format:
Ouki
Posted 2012-12-09T08:48:35.453
Reputation: 1 017
The openssh sshd manpage is now at http://www.freebsd.org/cgi/man.cgi?sshd(8)
– Chirael – 2016-07-01T17:11:51.173OpenSSH reference should be OpenBSD, not FreeBSD. Here is the right man page: openssh sshd manpage
– Ouki – 2016-07-01T19:49:00.647in Google Cloud Platform, they implemented it in a way that the right part must be the username – Jossef Harush – 2019-07-11T12:52:55.300
Is there an RFC or similar document for this format as well? I've seen other funny things in these authorized_keys files as well, such as actual commands. – merlin2011 – 2012-12-09T09:53:37.590
2
This format seems openssh specific... but one of the most widely used. You can find some info about it in the openssh sshd manpage, in the "AUTHORIZED_KEYS FILE FORMAT" section.
– Ouki – 2012-12-09T10:02:03.660