95

I know I can simply open up the pubkey and change the comment after the ==s, but is the comment field decided upon at creation stored in the private key as well? If so, how can I change that field without generating an entirely new key from scratch?

Improve this question
2
  • 1
    See @jhcaiced's response below; that apparently won't work, which is what I feared. Commented Nov 27, 2011 at 15:31
  • 3
    Also see Possible to change email address in keypair? on ServerFault. The short answer is ssh-keygen -c changes the comment. Commented Apr 9, 2018 at 5:05

4 Answers 4

Reset to default
112

I came across this question in my own search for changing the comment in the ssh key in my new ubuntu installation.

I then did a search in man pages (man ssh-keygen) and the answer was right there-

ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] -c Requests changing the comment in the private and public key files. The program will prompt for the file containing the pri‐ vate keys, for the passphrase if the key has one, and for the new comment.

So, for me, all I had to do was

ssh-keygen -c -C "my new comment" -f ~/.ssh/my_ssh_key

On a side note: ssh-keygen can be used to change the password used to protect the key file, including removing the password.

Improve this answer
3
  • 1
    I was able to change the comment of both my RSA and ED25519 private keys with the command. (The manpage above says This operation is only supported for RSA1 keys) Commented Apr 4, 2020 at 1:56
  • 1
    Ed25519 keys are probably "keys stored in the newer OpenSSH format" as per the manpage. Commented May 12, 2020 at 9:58
  • @lxgr: yes, ed25519 keys have always since 6.5 in 2014-01 been written in new format, because no OpenSSL 'legacy' format for them exists; other (SSH2) types originally required -o but have defaulted to new unless you use -m pem since 7.8 in 2018-08 (shortly before this answer was written) Commented Dec 27, 2021 at 0:27
7

I've just created a RSA key with ssh-keygen -t rsa -b 4096, no pass, no comment (so standard comment). I've uploaded it to GitHub and then changed it's comment. No re-upload was necessary, key worked before and after change and stopped working upon deletion from GitHub (though if it was cached and worked only due to that, I haven't tested).

Session log:

lafk-T470% ssh-keygen -c -f ~/.ssh/id_rsa -C "a new comment" Comments are only supported for keys stored in the new format (-o). lafk-T470% ssh-keygen -c -f ~/.ssh/id_rsa -C "a new comment" -o Key now has no comment The comment in your key file has been changed. lafk-T470% vim ~/.ssh/id_rsa.pub lafk-T470% tail -1 ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocnoRyM7Oy5XA0dLIaiHHQiPnimJvXifliTZI7OX5lqkACsZmUL/D7kUV2uPDyyPZ6lm0UGUHXhOw2QjStQ6ubPRFOKWQyNDkemaQAJtHPYTkT4pGHbsddyko3SRG0Vp4A9CSLRLJXVGuGn1UpfjB/AD0aUcLWVJdgWDuovR09t1YsHbakDpDh4a/2JS52Cvg6x9kEGakZK7ffUQZ64yZvqisEH//e7SbYtpHIp4ZdBMSIIsFIBWvqMXZowahvSMbV7MeLFuwt90dMOFiGJIe0n8oPt/ilQ0FTRcEP7UODyLKbESHkZqoGAHKeQ4ZMCCv7T00KtB98HvWylqvzHg2rIpLMHkVcRGjwlaZUlZB5Zxk6dAJ5HHg1irF+05UeIbQ9YQF/0x63KWQvreEcmLrkbnZ++XeF2ipE7M7CfkYhpJ9XbKZBG4pOQIqLio2rBV9c3+y+sPq4BABXdJKAnIX+h3kFrvOVA7Gy9/YxgQfCJ0ZSmaAV08uqMm91GYGRU9lt2Uf/ALqhW0rH93UWUj232w35rY8GtXucWAjtw3zi6QtZsIAStRzT3Br+Qrqv4MrKvEk+4rzswytaYjCGLrsMDYL7hI/YEJh9vv/v3wGvJGAqLDk1FeBL8tdwEMr1eM9JKl5gVkmBa4MdJkNMe4rHwUIidrW8LW2EEBY3DmDTQ== a new comment lafk-T470% git clone [email protected]:GH_User/a-repository.git Cloning into 'a-repository'... remote: Counting objects: 8, done. remote: Compressing objects: 100% (4/4), done. remote: Total 8 (delta 0), reused 8 (delta 0), pack-reused 0 Receiving objects: 100% (8/8), done.

So, this works for keys stored in NEW FORMAT. Steps detailed here, in my ServerFault answer.

All operations were done on Xubuntu 18.04 default OpenSSH ssh-keygen.

Private key will change in this manner. Not due to it's comment, but rather due to change in it's format. See the comparison here on a key created just for that comparison.

private key comparison - format has changed

Note that for pub-key I've effectively broken it so Meld shows better what changed: spaces have been changed with line breaks (this breaks the format).

(broken) public key comparison, only comment has changed

Improve this answer
1
  • I can confirm that this command works with my rsa2 key ssh-keygen -f ~/.ssh/mykey -c -C 'a new comment' -o Commented May 1, 2019 at 1:42
5

I just did a small test modifying the "Comment:" line of my private RSA key and it appears to be fixed at creation of the key.

It is a RSA key generated with Putty, and after modifying the comment in the key, the passwd did not work, i have to reverse the edit to the same original comment for it to work again.

Improve this answer
3
  • 1
    I can confirm this. I had tried the same before and i couldn't do it by text editing. I ended up creating a new key by importing the same private key details, changing the comment and saving it again, using the tools included with putty. Commented Dec 14, 2012 at 8:07
  • 1
    man ssh-keygen -c Requests changing the comment in the private and public key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. I tried creating an RSA key with -C to specify a comment at creation time. It doesn't do anything. I have lots of RSA keys I'd like to be able to distinguish when running ssh-add -l. Commented Oct 29, 2013 at 6:56
  • As An Vad wrote in a different answer: you can change the comment with ssh-keygen -c -C "my new comment" -f ~/.ssh/my_ssh_key. Commented Dec 4, 2018 at 17:07
2

If it is about the key generated by PuTTY (when it says MAC failed) then probably the best way to change comment is to use puttygen tool.

putty

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.