0

I've generated an ssh key pair with ssh-keygen. The id_rsa.pub file looks like this:

ssh-rsa someLettersAndNumbersABC123 username@host

The host part is what bothers me. Currently it comes from the router. But I want to use that key no matter where I am, whatever the hostname some router gives me. Is it save to simply remove everything after my username? Would that even work?

Once I disabled plain password authentication I wouldn't be able to add another key (or connect at all), if the key depends on the hostname of the client.

user1785730
  • 279
  • 3
  • 15

1 Answers1

3

The format of your public key file is 

<keytype>  <base64-encoded key>  <comment>

where for protocol version 2 the keytype is ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, ssh-dss or ssh-rsa and the comment field is not used for anything at all (but may be convenient for the user to identify the key).

So you can leave it, change it or remove it without repercussion.

When using your public key in an authorized_keys file, the format is: 

<options> <keytype>  <base64-encoded key>  <comment>

where the options may be left empty but can be used to add restrictions to the level of access that is granted with that particular key pair.

Since the comment has no actual use the comment used an authorized_keys file may also be different from the comment you use in the id_rsa.pub file.

HBruijn
  • 1,286
  • 1
  • 7
  • 12