[Linux] ssh-key public key file format

The SSH Protocol (Secure Shell Protocol) was originally developed by the Tatu Ylönen in Finland in 1995 and is a network working group of the IETF (Internet Engineering Task Force) (Networks working Grou p) Set standards.

Tatu Ylönen designed the SSH protocol in 1995 and, in the same year, established an SSH Communications Security Corporation in Finland to develop and sell SSH commercial software. To eliminate copyright effects, the OpenSSH project first appeared in the Open source World in October 1999, when the project was originally designed to replace the commercial SSH software of SSH Communications Security Corporation, and OpenSSH eventually became Linux system standard configuration becomes the de facto SSH protocol standard implementation.

The SSH protocol supports both password and key security authentication modes, but regardless of that pattern, it is ultimately necessary to use the key to encrypt the data to ensure security, while the SSH key typically uses the algorithm used for RSA and DSA.

The SSH 1 protocol only supports RSA algorithms, and the SSH 2 protocol supports RSA and DSA algorithms. In recent years, DSA has become less secure, so it is recommended to use a key based on the RSA algorithm to establish an SSH secure connection.

The basic use of SSH key is to randomly generate a private key file, this file can only be properly stored by you, must not be disclosed to other people, according to this private key to calculate the public key file, the public key file sent to the SSH connection object for public key registration. When you request to establish a connection with the other side, the connection will be sent to the other side of your public key, the other side to the registered public key to compare, compared to qualified to agree to establish a connection, unqualified may refuse to connect. When you request a connection, the other person will also send you his public key, and you need to verify that the other public key is legitimate. Once both parties have determined the identity of the other party, the two sides formally establish a connection, after which both sides of the communication using the other side of the public key encryption data, received the other side using their own public key encryption data, and then use their private key to decrypt the data, thus ensuring the security of the communication data.

Tools such as Xshell and SECURECRT have SSH Key management capabilities to generate and use SSH keys for secure authentication. In Linux, OpenSSH provides an SSH protocol-based tool that can be used.

SSH 1 Public key format

Cat ID-204865537  2291067424290195137210970051422230591100540438272982682830373320272724627112915178080932811131414244493764370819706533634 4061806573173759249496873454280552699704169728818376102327988617178797568649601671735522868137145364100426211002912160142 6686441150405078601063049625122718030012640273594065878636516642280145722321306101862287866002764551878053012823746692362 1783282527406508807840128116802879388511078570094559601677511253767869443153257032816904925296803909040723462302895447998 3169424889698023716686474015246450335458030057416596685148084608420001646747215709382718194528577791195697244767428069870 538621149641 [email protected]

SSH 1 Public key format for all fields separated by a single space character, each field is an option, a number of digits, an exponent, a factor, a comment. The first field is optional, indicating whether the entry (row) starts with a number, and the option field does not start with a number. The last field comment, if there is no given comment when generating the key, the default comment is the creator of the key (usually the [email protected] format), the comment is only provided to the user to view the key as an identification token, in the SSH use does not have any effect.

SSH 2 Public key format

Cat ID-rsa.pubssh-rsa aaaab3nzac1yc2eaaaadaqabaaabaqdmg/ 9hoc98c6ailepyk6vqe3ztlmlfxqn2vgu0napxermyx+ Jhyzxa5axmntd8kgziuilk23qzzkby0hgoo9ddpsbg98pf4nlkhjtcjppfx1tbd6rwo/ox/g4un+gzh1/zoreja4fit8ssg2v2goqkqrhfrycy +a9mqx29zvolfyk/amvjb+yfzljychdvv3cqkdvkd5r/dhnu6zq3pyieja/cuqqqmgxqj0f72y8ixv8zesxtjxaakg17r2osn1mndzo/ Y4M426MYXL4MMQMVM5YR3UVHD93PGNGAR8LY/VSPCIEE6CJZSGL21OYTRDZ/GDMF5ULMGWJIDFTJRLVB [email protected]

　　

The SSH 2 public key format is delimited by a single space character for all fields, with the fields followed by options, key types (keytype), Base64 encoded keys, and annotations. The first field is optional, indicating whether the entry (row) starts with a number, and the option field does not start with a number. The last field comment, if there is no given comment when generating the key, the default comment is the creator of the key (usually the [email protected] format), the comment is only provided to the user to view the key as an identification token, in the SSH use does not have any effect.

The key type (keytype) may be ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, Ssh-dss, or Ssh-rsa.

SSH 2-ietf secsh Public key format

----BEGIN SSH2 public KEY----aaaab3nzac1yc2eaaaabiwaaaieap7drpa+Zgaztknqbvxywu5lyphs5hpzbyoza+ kgxpholhi1bvoxqfsgae2ouwoy8bpzpib+UUKILHYUEYCT9RWV+  3OVGEZXUQ4KO9Y3SK1PDXYCVSKWWGXPIISLVO3ZF9DZ7HR0WKZC3+iomxfdpceyhrvn4snsctpxa8bvbsys=----END SSH2 public KEY- ---

The SSH public key format specified by the IETF is defined in the RFC4716 file, which specifies:

The starting and ending lines must be:

start line:----BEGIN SSH2 public key---- End line:----end SSH2 Public key----

You can add other headers, such as comment Comment: [email protected]. See RFC4716 for details.

Report:

1. RFC4716

2. OpenBSD SSHD Manual

[Linux] ssh-key public key file format