There are two primary authentication methods for logging onto an SSH server as a user. The first is password based authentication, and the second is public key authentication. The public/private RSA key pair for public key authentication can be created using OpenSSH’s “ssh-keygen” application.
I’m not going to go into the exact method on accomplishing this because instructions can be found on countless other places on the internet. However, I was curious yesterday as to what exactly was in the public key (.pub) files created by ssh-keygen, as the data payload was larger than I expected (2232 bits for a 2048 bit key). I couldn’t find documentation on this ANYWHERE on the internet, so I downloaded the OpenSSH source code and looked at the generation code of the files. The format of the files is as follows:
- The public key files are ASCII based text files with each public key taking up exactly one line.
-
Each line is formatted with 2 pieces of data as follows:
KEY_TYPE DATA_PAYLOAD
- KEY_TYPE is the type of public key, which in our case (and most cases nowadays) is “ssh-rsa”.
- DATA_PAYLOAD contains the actual public key information encoded in base64 with the following format:
| Type | Byte length | Name | Description | Default Value |
|---|
| unsigned int | 4 | KEY_TYPE_LENGTH | Length of the next entry | 7 |
| String | See previous | KEY_TYPE | See above | ssh-rsa |
| unsigned int | 4 | E_LENGTH | Length of the next entry | 3 |
| BigInt | See previous | e | this is the public key exponent in RSA | 65537 |
| unsigned int | 4 | N_LENGTH | Length of the next entry | KEY_BIT_SIZE/8 (optional +1) |
| BigInt | See previous | n | this is the “modulus for both the public and private keys” in RSA | Key dependent |
I also checked putty public key authentication files and they seemed to contain the exact same DATA_PAYLOAD.
