Why is my username/hostname in the SSH public key?

When generating a SSH key i used the cat command on the file id_rsa.pub and noticed the hostname/username of my account was within the file. Why is this there? If I was copying this onto a server wouldn’t it make sense for this to not be here or be the hostname/username of the server? And the username to use with SSH? Am I going all about this wrong? My process is this:

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

And then I write the generated id_rsa.pub to authorized_keys
I finish up by copying over the key to the server.

Asked By: MOE Bama


The last field in the ssh public key is a comment. By default it’s initialized with the user@host value when the key was generated as a reminder. You can choose to edit it, it won’t alter the key. This comment doesn’t affect any authentication, it’s only here to help manage multiple entries.

The location of the public key on the remote server is what affects it: it will allow access to the account where it was put inside its ~/.ssh/authorized_keys file. Only owning the private key will allow access to the remote account. There’s no concept of which user access the account from the point of view of the server: the only relevant thing is that the SSH connection can be successfully established (using ssh key) only from an entity having the private key. If this private key was copied elsewhere (or stolen) it wouldn’t make a difference. If you need access by ssh key from different users and/or systems to this account, don’t copy the private key, just generate one per different location and add it to the authorized_keys file, it’s better security hygiene.

Your method looks fine (you might also have to chmod 700 ~/.ssh) , but if you also have usual password access to the remote account, the easiest way to copy the ssh key is with the ssh-copy-id command. For example to copy the default key to the remoteuser account on remoteserver:

ssh-copy-id remoteuser@remoteserver

which will automatically add the key to the remote account’s authorized_keys file (creating it with correct access rights if not existing).

Answered By: A.B
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.