HPE Community
Operating System - HP-UX
1825811 Members
2311 Online
109688 Solutions
New Discussion

Change identifer in openssh public key

 
SOLVED
Go to solution
Doug O'Leary
Honored Contributor

‎02-11-2009 10:44 AM

‎02-11-2009 10:44 AM

Change identifer in openssh public key

Hey;

Does anyone know if it's possible and/or syntax to change the identifier that's in a openssh public key?

For instance, my public key ends with

b72aIgf8VwrY2oRwlCBUqty0Jg== dkoleary@localhost

Is there a way to change the dkoleary@localhost. Editing the key directly invalidates the key and ssh-keygen -c apparently only works on rsha1 keys.

Any ideas?

Thanks.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎02-11-2009 11:12 AM

‎02-11-2009 11:12 AM

Re: Change identifer in openssh public key

Shalom

Keys need to be generated.

ssh-keygen -t dsa
ssh-keyge -t rsa

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Matti_Kurkela
Honored Contributor

‎02-11-2009 01:57 PM

‎02-11-2009 01:57 PM

Solution

Re: Change identifer in openssh public key

With the rsa1 keys, the comment field is included inside the *private* key file too. This is why ssh-keygen -c is required to change the comment.

The sshd man page indicates that the comment field in protocol version 2 public keys *is not used for anything*.

So yes, you can just edit the public key file to change the comment part. I have done this successfully several times.

Just remember these things:
- don't remove the space between the base64-encoded public key and the comment, unless you're removing the comment entirely
- don't change anything within the key string
- remember that the openssh public key is supposed to be one *long* line of text: if your editor auto-wraps it to multiple lines when saving it, the key will be corrupted.

Not all editors can handle the line lengths of openssh2 public keys: a simple, robust editor with a well-defined behavior is best. HP-UX vi works fine.

MK
MK
0 Kudos
Doug O'Leary
Honored Contributor

‎02-11-2009 08:04 PM

‎02-11-2009 08:04 PM

Re: Change identifer in openssh public key

>>So yes, you can just edit the public key file to change the comment part. I have done this successfully several times.

Really? I could have sworn I tried this in the past and the key stopped working. I'm off to try that right now.

thanks.

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Doug O'Leary
Honored Contributor

‎02-11-2009 08:11 PM

‎02-11-2009 08:11 PM

Re: Change identifer in openssh public key

Hey;

I'll be damned; you can edit the comment field. I could have sworn I tried that sometime in the past and the key stopped working. I figured it had something to do with the crc value, or some such, and never tried it again.

Pays to check your assumptions.

Thanks alot. That will help my client immensely.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.