Why is my username/hostname in the SSH public key?
When generating a SSH key i used the
cat command on the file
id_rsa.pub and noticed the hostname/username of my account was within the file. Why is this there? If I was copying this onto a server wouldn’t it make sense for this to not be here or be the hostname/username of the server? And the username to use with SSH? Am I going all about this wrong? My process is this:
chmod 600 ~/.ssh/authorized_keys
And then I write the generated
I finish up by copying over the key to the server.
The last field in the ssh public key is a comment. By default it’s initialized with the user@host value when the key was generated as a reminder. You can choose to edit it, it won’t alter the key. This comment doesn’t affect any authentication, it’s only here to help manage multiple entries.
The location of the public key on the remote server is what affects it: it will allow access to the account where it was put inside its
~/.ssh/authorized_keys file. Only owning the private key will allow access to the remote account. There’s no concept of which user access the account from the point of view of the server: the only relevant thing is that the SSH connection can be successfully established (using ssh key) only from an entity having the private key. If this private key was copied elsewhere (or stolen) it wouldn’t make a difference. If you need access by ssh key from different users and/or systems to this account, don’t copy the private key, just generate one per different location and add it to the
authorized_keys file, it’s better security hygiene.
Your method looks fine (you might also have to
chmod 700 ~/.ssh) , but if you also have usual password access to the remote account, the easiest way to copy the ssh key is with the
ssh-copy-id command. For example to copy the default key to the remoteuser account on remoteserver:
which will automatically add the key to the remote account’s
authorized_keys file (creating it with correct access rights if not existing).