In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?
I ask because when I changed "[email protected]" to "root", it seems to still work.
More generally, I am curious about what the purpose of that half is.
Asked
Active
Viewed 3.1k times
1 Answers
56
This right part of a public key (either "id_rsa.pub" or "id_dsa.pub") is just a comment and is usually filled with the < login>@< hostname> who generated the key. This in a way similar to the comment field from the SSH Public Key File Format (see RFC 4716).
So, as being purely informational and optional, you can change it to whatever you like, but keeping the < login>@< hostname> is a practical way to keep track of what is what.
For more about OpenSSH "authorized_keys" format:
-
Is there an RFC or similar document for this format as well? I've seen other funny things in these authorized_keys files as well, such as actual commands. – merlin2011 Dec 09 '12 at 09:53
-
2This format seems openssh specific... but one of the most widely used. You can find some info about it in the [openssh sshd manpage](http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8&arch=&apropos=0&manpath=OpenBSD+Current), in the "AUTHORIZED_KEYS FILE FORMAT" section. – Ouki Dec 09 '12 at 10:02
-
The openssh sshd manpage is now at [http://www.freebsd.org/cgi/man.cgi?sshd(8)](http://www.freebsd.org/cgi/man.cgi?sshd(8)) – Chirael Jul 01 '16 at 17:11
-
OpenSSH reference should be OpenBSD, not FreeBSD. Here is the right man page: [openssh sshd manpage](http://man.openbsd.org/OpenBSD-current/man8/sshd.8) – Ouki Jul 01 '16 at 19:49
-
in Google Cloud Platform, they implemented it in a way that the right part must be the username – Jossef Harush Kadouri Jul 11 '19 at 12:52