Possible to change email address in keypair?

Solution 1:

I've created an RSA keypair that I used for SSH, and it includes my email address. (At the end of the public key.)

That part of an ssh key is just a comment. You can change it to anything you want at any time. It doesn't even need to be the same on different servers. You can remove it as well. It is only there to help you or someone else figure out what to delete when you have many keys in an authorized_keys file and you need to revoke or change one of them.

ssh-rsa AAAAB3N....NMqKM= this_is_a_comment

When I create my keys with ssh-keygen I usually use a command like this to set a different comment. I don't think the [email protected] is very useful. You can certainly put it whatever comment that you like that will be useful to you and any other admins to help identify who the key belongs to.

ssh-keygen ... -C YYYYMMDD_surname_givenname

Solution 2:

You can change the comment for RSA1 keys using ssh-keygen -c.

from the ssh-keygen manpage:

 -c      Requests changing the comment in the private and public

key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.

So, to change the comment of a key located at ~/.ssh/some_key, use the following command:

ssh-keygen -c -f ~/.ssh/some_key -C "my new comment"

Where the -f option is followed by the key you want to change, and -C is followed by the new comment.


Solution 3:

From OpenSSH 6.5 onwards, works with all key types, not just RSA1:

ssh-keygen -f ~/.ssh/keyfilename -o -c -C "here goes your comment"

Command options explained:

  • -f: private key file
  • -o: convert the private key from PEM to the new OpenSSH format
  • -c: change the comment in the private and public key files
  • -C: comment text

See also: ssh-keygen(1) man page (current)

Tags:

Security

Rsa