Menu
What is the purpose of:
username@hostname
at the end of the RSA public key? I know that it matches the the generator of the key, but is it ever used for anything significant?
481
Save this question. Show activity on this post. Usually, at the end of an RSA public key, you find something like 'username@hostname' by default or something else otherwise you specified. It is said that it is just a comment and doesn't matter at all.
Definition(s): A public key used for authenticating a host in the SSH protocol to hosts that want to communicate with it (each host also generally has its own private host key). Some hosts may have more than one host key (e.g., one for each algorithm).
The public key is placed into the home directory of the user on the server who used ssh-keygen and ssh-copy-id to generate it and put it there. If you use ssh to connect to the machine with no username, it will attempt to connect with the username of whoever is logged in.
A host key fingerprint is also known as RSA key, host key, and key fingerprint. Every SSH server is configured to use a host key to verify that the client is connecting to the correct host. The SSH server administrator provides the host key fingerprint to the various clients.
It is only a comment, to help you keep straight where each public key comes from.
In the openSSH source (v6.3,auth-rsa.c:57-65):
/*
* The .ssh/authorized_keys file contains public keys, one per line, in the
* following format:
* options bits e n comment
* where bits, e and n are decimal numbers,
* and comment is any string of characters up to newline. The maximum
* length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a
* description of the options.
*/
And reading:
case KEY_RSA1:
/* Get number of bits. */
if (*cp < '0' || *cp > '9')
return -1; /* Bad bit count... */
for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
bits = 10 * bits + *cp - '0';
if (bits == 0)
return -1;
*cpp = cp;
/* Get public exponent, public modulus. */
if (!read_bignum(cpp, ret->rsa->e))
return -1;
if (!read_bignum(cpp, ret->rsa->n))
return -1;
/* validate the claimed number of bits */
if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
verbose("key_read: claimed key size %d does not match "
"actual %d", bits, BN_num_bits(ret->rsa->n));
return -1;
}
success = 1;
break;
It doesn't even parse the comment.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
