Does the right half of the rsa public key matter?
This right part of a public key (either "id_rsa.pub" or "id_dsa.pub") is just a comment and is usually filled with the < login>@< hostname> who generated the key. This in a way similar to the comment field from the SSH Public Key File Format (see RFC 4716).
So, as being purely informational and optional, you can change it to whatever you like, but keeping the < login>@< hostname> is a practical way to keep track of what is what.
For more about OpenSSH "authorized_keys" format:
Related videos on Youtube
merlin2011
I am a student. A perpetual student. For the convenience of those who Google and copy & paste resulting URL, feel free to try my plugins for Firefox and Chrome. I have recently released my primary project Arachne, a lightning-fast cooperative threading library. Please give it a whirl and create an issue if you see any problems. I have also written a few simple tools, such as one for tmux automation, an improved version of the venerable Unix column, and a tool for adding color to text in the terminal based on user-specified patterns.
Updated on September 18, 2022Comments
-
merlin2011 over 1 year
In a public key file "id_rsa.pub" generated by ssh-keygen, does the part after the == matter?
I ask because when I changed "[email protected]" to "root", it seems to still work.
More generally, I am curious about what the purpose of that half is.
-
merlin2011 over 11 yearsIs there an RFC or similar document for this format as well? I've seen other funny things in these authorized_keys files as well, such as actual commands.
-
Ouki over 11 yearsThis format seems openssh specific... but one of the most widely used. You can find some info about it in the openssh sshd manpage, in the "AUTHORIZED_KEYS FILE FORMAT" section.
-
Chirael almost 8 yearsThe openssh sshd manpage is now at http://www.freebsd.org/cgi/man.cgi?sshd(8)
-
Ouki almost 8 yearsOpenSSH reference should be OpenBSD, not FreeBSD. Here is the right man page: openssh sshd manpage
-
Jossef Harush Kadouri almost 5 yearsin Google Cloud Platform, they implemented it in a way that the right part must be the username