2

I used ssh-keygen -t rsa to generate a pair of keys. The public key is stored in the file "id_rsa.pub", which contains "ssh-rsa AAA...idJ tom@toms-MacBook-Pro.local".

Then I used ssh-keygen -y (mentioned in how can I check my rsa passphrase?) to get the SSH public key. However, the public key obtained using this method contains "ssh-rsa AAA...idJ" only. (i.e. it does not have the last part " tom@toms-MacBook-Pro.local")

I would like to ask why is there a difference in the public key generated via these two methods.

Yaofeng Wang
  • 23
  • 4

1 Answers1

2

There is no difference in the key itself. The last part is a "comment" field.

If you're using the traditional-format id_rsa key file (the one that starts with "RSA PRIVATE KEY"), it simply did not have any standard place to store the comment, so ssh-keygen has nowhere to get it from. (It's a generic key format that OpenSSH adopted because its crypto library already had it.)

The "new" OpenSSH private key format (the one which says "OPENSSH PRIVATE KEY") does have a comment field and ssh-keygen can extract it just fine. If you want to convert your private key, you can use ssh-keygen -p on new OpenSSH versions; ssh-keygen -o -p on slightly older ones, followed by actually setting a new comment using ssh-keygen -c.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966