Menu
Is it possible that ssh-keygen & openssl can generate two different public keys from same private key? Command ssh-keygen -y -f ./my.key gives (contents after ssh-rsa in the same line) different public key to the one generated (contents between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----) with command openssl rsa -in my.key -pubout .
746
ssh-keygen , the OpenSSH command used to generate keys, uses the OpenSSL library, so there's really no difference between the two methods. You can safely use ssh-keygen which is the default and more immediate tool to create a key pair for SSH pubkey authentication. OpenSSH can be built without OpenSSL since 2014.
Yes, it's possible for a single user to accept multiple public SSH keys. The text of the key files all have to be copied into /home/deploy/. ssh/authorized_keys (deploy was the user in the above example).
You can't have two different public keys for the same RSA private key.
If you want extra security you can, just run ssh-keygen again and overwrite your old key. > Overwriting ssh keys is perfectly fine as long as you know what it means: it's like changing your password so old ssh connections won't work any more.
It's the same key but different representations. OpenSSL uses X.509 SubjectPublicKeyInfo in ASN.1, usually (including here) wrapped in PEM; OpenSSH (except 'rsa1' keys for SSHv1 which is broken and you shouldn't use) uses the XDR-like SSH wire format, in base64.
Dupe or neardupe:
Convert pem key to ssh-rsa format
RSA Public Key format
Convert RSA public key to RSA DER
Converting an OpenSSL generated RSA public key to OpenSSH format (PHP)
How to convert RSA key to ssh-rsa
How to store/retrieve RSA public/private key (buried in the middle)
and less obvious cross-stack https://security.stackexchange.com/questions/42268/how-do-i-get-the-rsa-bit-length-with-the-pubkey-and-openssl
148
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
