What significance does the user/host at the end of an SSH public key file hold?
I can’t figure out why does an SSH public key file generated by ssh-keygen
have a user and host at the end of it.
Example: id_rsa.pub
ssh-rsa ... rest of file ... /CA9gyE8HRhNMG6ZDwyhPBbDfX root@mydomain
Notice the root@mydomain
at the end of the file.
If I can use the public key anywhere with any user to authenticate using my private key, what significance does the root@mydomain have on the authentication process?
Or is it just a place holder to figure our who was it issued by?
Solution 1:
This field is a comment, and can be changed or ignored at will. It is set to user@host
by default by ssh-keygen
.
The OpenSSH sshd(8)
man page describes the format of a public key thus:
Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. . . . The comment field is not used for anything (but may be convenient for the user to identify the key).
The ssh-keygen(1)
man page says:
The key comment may be useful to help identify the key. The comment is initialized to “user@host” when the key is created, but can be changed using the -c option.
Solution 2:
This is briefly explained in manual page for sshd(8)
in section about authorized keys:
Protocol 2 public key consist of: options, keytype, base64-encoded key,
comment
.
In openssh
context of authorized keys, there is only meaning of comment. But there are SSH implementation, that give the meanings to this part, as for example SSH implementation in LANCOM modems is using this comment as a username for which the key is valid.