Hope everyone is in the journey of year 2025. Today, let's talk something which is trivial and usually comes across when you work in DevOps or SRE space. It is about ssh public key.

I have seen many cases that ssh public key label is rarely used to specifically identify perticular public key. Most of the time the keys are generated keeping the default label whcih has the user@hostname format. General usecase is engieer generates the public and private key for automation or authentication and turns the blind eye for -C option which creates lable for public key.

Essentially, it is pretty simple. We can generate the ssh key using label or we can edit manually after ssh keys are generated. Let's learn by doing . Simply generate a ssh key by following command.

ssh-keygen -t rsa -b 4096 -f ./id_rsa

Following is the execution output when above command is run. I would not go to explain more in -t, -b and -f options. man pages could give you details.

[root@jenkin-slave-node .wyoc]# ssh-keygen  -t rsa -b 4096 -f ./id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_rsa.
Your public key has been saved in ./id_rsa.pub.
The key fingerprint is:
SHA256:cDEkDXCL9/I79yVUQ11cm0uuhiwKZLrrWLiPwbedUTY [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|    ..+++     .o=|
|     o o.o   .  =|
|    . + .     o+ |
|     . +     .o..|
|     o.ES   .  o |
|. . + oo. ... .  |
| + + o  .. o.o.  |
|  B + + o.o .o   |
| +o*.o ..o ..    |
+----[SHA256]-----+

The result of this command is following files. One is a private key other one is a public key.

[root@jenkin-slave-node .wyoc]# ls -l id*
-rw------- 1 root root 3243 Jan 13 08:32 id_rsa  <-- private key
-rw-r----- 1 root root  760 Jan 13 08:32 id_rsa.pub <-- public key
[root@jenkin-slave-node .wyoc]#

Let's open the public key using cat command and see the output. Scroll to the right and find string --> [email protected] .
Well, that is the one we called the comment or label which we found after the ssh public key.

[root@jenkin-slave-node .wyoc]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv+QOF1jiZ8C5//btEQkhsDbaG00Ftce9tbsFj2WxnEZPEnWmkG+jMDKAxp3IuXzn1H+NP0uT0whcumClCwrpwH7NFcWigxPbcQhMaIWcYovqmDqY1liCDNoCAjmgQBbypIJXGNkHzeuVOoYhfKah3ZuXNnMv3y6m+KXuLdxko1lUdYmZHYfDTNi0Ho6WeW3tVZ48pvsUsOGrrc7fn5z923CH750oOem/i4Of6cL2qIoSd4Jrfs9T/aUNHGN5G5qw08I/Zkm3J/LiWi+0C7zJFdnVWueHkBIshpqD+7vwWF7/zMzGwidr0YVATc8LEHuKfmwOjmkQFT5VkzKRCxlE711NvtXmqPqF0E603OXTs5QfAznMuFb6y6N71E6b9PM8wZeG5SXgAIMv8kr1xnsBQ2NU5EZu1TfFaO+A3lHBw4YjO0hhqZeDz9QwC02iVBS4lJJjKvYlSlmwPfuR9NZ70f9tefsSG0zEo1K2UiGoHCOacyrR3Bo+rKdiYre6Gam9rZyC7Uksl1b64KtNqkesYCUMG9CtGsTMySbljVv3AuJI/6LG7dAIjnbPTDIaW+CbWyW2yqVAAvHlx19j/Hjc6HYv5ikHhYZm6EZ7bN3C4vnLs+LOdUAi03sc2ETr5ECLN0YMduGfh7IHYcxkxEsUvXZy96OibNdiQef/7md/Lkw== [email protected]_

I would like to add my perspective on labeling ssh public key. Because it gives more clarity and maintainability. So I have mentioned below important notes.

Important Notes

1. You can edit the label manually after ssh public key is generated. This can be done via vim command.

2. Or You can use the ssh key gen command with -C option. For example following command is helpful.

[root@jenkin-slave-node .wyoc]# ssh-keygen -t rsa -b 4096 -f ./id_rsa-a -C "JenkinMasterNodePublicKey"

In conclusion, I hope this is a helpful tip and happy reading who spend time to come here. If you have a different perspective, let's make a comment.

Take care till we meet again with a new post. Cheers!