Numbers and coding schemes were always predominant in computer usage. Moreover, encryption only served to increase this trend by introducing personal keys in the form of long encoded sequences. Since humans can’t easily match such data to accounts, SSH key comments can serve as hints for the purpose.
In this tutorial, we look at SSH keys and ways to add or change key comments. First, we generate a pair of keys. Next, we look at public key comments and how to modify them. Finally, we explore private keys and ways to add or change their comments.
We tested the code in this tutorial on Debian 11 (Bullseye) with GNU Bash 5.1.4, OpenSSH 8.4p1, and PuTTY 0.77. It should work in most POSIX-compliant environments.
2. Key Generation
To begin with, we generate SSH keys with their defaults via both OpenSSH and PuTTY.
2.1. OpenSSH Keys
First, let’s generate our keys with ssh-keygen:
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/baeldung/.ssh/id_rsa): Created directory '/home/baeldung/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/baeldung/.ssh/id_rsa Your public key has been saved in /home/baeldung/.ssh/id_rsa.pub The key fingerprint is: [...]
Now, we have one set of two keys:
- public key: /home/baeldung/.ssh/id_rsa.pub
- private key: /home/baeldung/.ssh/id_rsa
$ ssh-copy-id baeldung@web /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/baeldung/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys baeldung@web's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'baeldung@web'" and check to make sure that only the key(s) you wanted were added. $ cat /home/baeldung/.ssh/id_rsa.pub >> /home/baeldung/.ssh/authorized_keys
In addition, we can create some PuTTY SSH keys.
2.2. PuTTY Keys
Let’s generate a key pair with puttygen:
$ puttygen -t rsa -o pg_id_rsa ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Enter passphrase to save key: Re-enter passphrase to verify:
Now, the contents of pg_id_rsa hold both the public and private keys in the .ppm format.
At this point, we can explore the files involved and see where we have comments.
3. Public Key Comments
To be sure, we use the public key formats of both OpenSSH and PuTTY to see where and how comments are placed.
3.1. OpenSSH Public Key
First, we can check the /home/baeldung/.ssh/authorized_keys file, which already includes the contents of our /home/baeldung/.ssh/id_rsa.pub:
$ cat /home/baeldung/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBg[...]dCmK47BxWV48= baeldung@web
Here, ssh-rsa marks the key type as one for the RSA algorithm. After that, we have the actual key encoded in base64 until the next whitespace. Finally, the line ends with a free-text comment: baeldung@web, i.e., our username and hostname joined via @.
In essence, the assigned key comment is the part of the public key ($HOME/.ssh/*.pub) lines or in the authorized_keys file ($HOME/.ssh/authorized_keys) that sits after the key value and before the newline character.
Moreover, as usual, we can also add comments by starting a line with #. However, such comments are not associated with any key in particular.
3.2. PuTTY Public Key
Critically, neither of the above holds true for the default PuTTYgen public keys:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "baeldung@web" AAAAB3NzaC1yc2EAAAADAQABAAABgQDBgHTwNM/mOpBjkTfM5Z+SZa5hXux5Y4dG kiHt1V7QGjYg4ErPsyrOFSvPuf8yFwn6xn/p8zb6FSHqF7jUCNA0skObXaMreY7z rnqLB6k+LVuqj2mkHVdXLpsOElV8nHmkE864V7gLht8uyx4aTB2KzUsm8nBr67VG a7JAhIsKQhGtq4rNsPXXPzomTcxgiO8/gSApYob0DfPPHShCyFotEepQ2rEli6JG psEddLZOYyTw5AgY0LUk2FNBPB2dOgK25K9LiAz8ATp/XRyshbTttHH3qyc2cgqj zyeDSJjOoDeW496WVOdcJfGv4TLjEc/8SW0IVx5XGrrorSALR/S4rLxIuNQqycQQ mDbrx40QdZh4zSkeC8PNnFXVVlm9EyK7sBxLqUfEc00kn/IkuEDTS1zAZWmqwt+W vyK9NLuuOcobnWsiUJmyMD9/CuUWhHOGbhIjCdOdJ8TjGX5DipU+LLmM8ZJFGnGK TrTEg1PVNelMLw4PfrqdCmK47BxWV48= ---- END SSH2 PUBLIC KEY ----
In this case, the Comment field begins the assigned comment in quotes, and there is no mechanism for additional comments.
Still, no special tools are necessary to change public key comments in either case. Importantly, changes in comments around a public key file do not automatically affect other files with that key.
4. Private Key Comments
Unlike public ones, private keys must be very secure. Thus, they often include password protection to safeguard against malicious activity.
Because of this, we usually do need special tools to modify any part of a private key.
Indeed, we already used ssh-keygen to create our private key at /home/baeldung/.ssh/id_rsa. Yet, we can further employ the same tool to read and write private key comments:
$ ssh-keygen -c Enter file in which the key is (/home/baeldung/.ssh/id_rsa): Old comment: baeldung@web New comment: Baeldung Comment 'Baeldung' applied
Here, we use the -c flag to request a comment change. Consequently, ssh-keygen interactively guides us to enter the key file path, a passphrase (if any), and the new comment. Of course, we can also see the original comment before changing it. To interrupt, we can just use Ctrl+C.
To do the above in one seamless operation, we can combine several flags:
$ ssh-keygen -c -f /home/baeldung/.ssh/id_rsa -P 'PASSPHRASE' -C 'Automatic Baeldung' Old comment: Baeldung Comment 'Automatic Baeldung' applied
In this command, we just supply the file after the -f flag, the key passphrase (if any) after -P, and the new comment – after -C.
Notably, ssh-keygen -c changes the comments in both the public and private key local files.
Of course, the pg_id_rsa file holds both our keys:
$ cat pg_id_rsa PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20221010 Public-Lines: 6 AAAAB3NzaC1yc2EAAAABJQAAAQEAmNv8wpJAo8gF5Wx6ZUtn8FzOoqBjJdo77oyz rBLrz5rVXxPaPuO6AllQW3NNYoHDb/bEvnMH76AlUvJLp2oUNSEAlNVxbRriHFsa Mrad8EDtQjViHnzjghLuUqgJM5nmtNzDEFTt5rEfw933dkyq1Lm+6i8db+Uqf+yh wY5uTLy1D1iKJXgOGZQAKrzE+4tMQJrNf6ZOBKfADYzbpqt+iC5u0GtRzLy6PVUY DD4KChgLnpvzmPkudAsOBeAOS4mMWOzjuNsOP/f3C/aky1F5aI/MELSJkjSM+jl6 7HxDuDdk90qiwXNASvtZUqDkG1rQ2OX2r8OVogwniFceCv9IDQ== Private-Lines: 14 AAABAHfPBGEmhbDNNQ3DueCwuT/aCb27+q73KA3/k744V/W+i4+1nTg18qflI06Y pG/NfYFE32TWszFvro0exay67T5l+YlpBd/ko2JVPgwSl3ceIb5FhEFozf4qg3E3 mIJj3lZn1yh56uU+uAg4WixJ7a2mV12ajLGlx11YmnUcm6PsmnhN75DYbuDxrCj0 Y/A0kGIdbg4GVw/u04QZAVTCQkDnhh6b4qfZMI4/v4roo5YF0R+XM9SWdieAKOyG k9M9u8iOsdrj4GKNNnvyfsNhe4DMqgbKLIHiGa156/ms01KaCvqJ+rnK1Ak8/NPU edotg2YcObtiNldrGuN5xTmc2Y0AAACBAP0TqLP+9UeJgochG+zUG0X99sn9EBws tnuqJrsbQmUwwb8lIrHA6KT2CoVWERVkPkfr1skh1l6T8kwbSMj4wU5ocKilFNOs EE/fyKMqhwODbx1wEk9AyFDOKXWQxBtpXnLQyIkQyxKTC3nJSoiptTMBrHRhzREv ixCPhvL4LfhZAAAAgQCan/zz8h8wRO7Jhe1zIRtODBSIwCQssfWF+KdTz9Ja4U4f CKUMGzG82Gv/buDUfILlBg0UeY77VWxqZIp3EE1XLmURib34+68SNcOmhDOah2sB 1cOXmg34GcPp8QfLPbwh766/UNpc+5k73CzIzgpxx7RkyNF86HzaLtyHt6gW1QAA AIApddk08Sdz2MqqpzbAR+Ev+k6df0R/Kt+OB2L0MAPueRR1pd9XeTzrdYl1HoUX xvkfx56zqphUtMM0FiDLxtpDvgK1tkHJBtDEQHRWc51+Us1Zol+8AcsPzm4CZ3oQ 0UnT7L+M7aqX4H+Ub+2b7aVDnv2eXZ1UxIBiitdQ4Aq/Dw== Private-MAC: aecfb3750e28d698c0ae96666867ecd3f04c12fd
As we can see, the Comment field from earlier is present and directly editable. However, modifying any part of them by hand makes passphrase-protected keys unusable.
Because of this, we use puttygen to safely change the comments under all circumstances:
$ puttygen pg_id_rsa -C 'PG Automatic Baeldung' $ cat pg_id_rsa PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: PG Automatic Baeldung [...]
The change is in effect, and the key is still usable. If the key has a password, we get a simple Enter passphrase to load key prompt.
Naturally, all of these options are also available in the graphical version of PuTTYgen.
In this article, we delved into working with public and private key comments via both the OpenSSH and PuTTY toolsets.
In conclusion, while all comments can be changed, doing so in the proper manner is critical for their correct functioning.