40

In ~/.ssh/id_rsa.pub my public key is stored as:

ssh-rsa magicmagicmagicmagic...magicmagic username@hostname

When publishing my public key, should I include the username@hostname bit? Can I replace it with something else? My concerns are that:

  • I may want to change the label for vanity purposes (super@wishihadbetterhostname) - but I don't want to mess things up by doing this (for example, if a common tool assumes this convention is upheld)
  • I'm concerned that I'm making it that much easier to get onto my machine by giving away my username and hostname!
lofidevops
  • 3,590
  • 6
  • 24
  • 32
  • Under what circumstances would you want to publish your public SSH key? I can understand privately sharing it with operators of remote services that accept SSH logins (like GitHub), but I don't see the benefit of "publishing" it in the sense of exposing it to the wider public. – Psychonaut Jun 22 '16 at 06:43
  • @Psychonaut One example is that when you upload your public ssh key to launchpad.net, it's viewable to the whole world. – wisbucky Aug 02 '17 at 20:42
  • @wisbucky In which case the question becomes, why does Launchpad publish the SSH keys uploaded by its users? I'm still not seeing any benefit over keeping the key private to the two parties involved. – Psychonaut Aug 02 '17 at 22:38

1 Answers1

55

The user@hostname part is just a comment, you can set your own comment by using the -C option or for existing keys change it with -c (http://man7.org/linux/man-pages/man1/ssh-keygen.1.html) changing it will not affect your key, so yes, you can change it to superduperuser@somfancehostname.

Snippet for these ssh-keygen options:

 -C comment
         Provides a new comment.

 -c      Requests changing the comment in the private and public key
         files.  This operation is only supported for RSA1 keys.  The
         program will prompt for the file containing the private keys,
         for the passphrase if the key has one, and for the new comment.

For instance,

You'd simply do ssh-keygen -C thebiglebowski@thedude.com and that results in the following:

thebiglebowski@thedude.com appears as a comment when you cat the pub file

lofidevops
  • 3,590
  • 6
  • 24
  • 32
BadSkillz
  • 4,444
  • 25
  • 29
  • thanks! - any comments / references / horror stories on exposing username and hostname? – lofidevops Feb 04 '14 at 12:48
  • 2
    looks like those queries are answered by https://security.stackexchange.com/questions/4729/should-usernames-be-kept-secret and https://security.stackexchange.com/questions/43315/should-a-hostname-ever-be-considered-a-secret – lofidevops Feb 17 '14 at 16:55
  • so the answer to "should I include the username@hostname bit?" is: no. right? – Trevor Boyd Smith Feb 07 '18 at 16:27
  • @Trevor This depends, like I said: it's just a comment. If it helps you can still use the hostname, but it is not obligatory. – BadSkillz Feb 07 '18 at 16:59