I used the -C command line option of ssh-keygen to change the comment
of a public key and got confused with the output. For example, if the
original comment was 'mark@home', this is what would happen trying to
amend the comment to 'mark@work' via -C:
$ ssh-keygen -f test_rsa -c -C mark@work
Key now has comment 'mark@home'
The comment in your key file has been changed.
$
The line "Key now has comment 'mark@home'" suggested to me that the
comment had been changed to 'mark@home'. But thats not really a change.
However, the comment had actually changed in the .pub file. It looks like
the wording has been designed to work without the -C option and _only_ the
-c option:
$ ssh-keygen -f test_rsa -c
Key now has comment 'mark@home'
Enter new comment: mark@work
The comment in your key file has been changed.
$
Everything becomes clear when you run the command interactively via -c
only.
The diff below attempts to make the wording make sense which ever way you
try to change a comment on a .pub file:
$ ssh-keygen -f test_rsa -c
Old comment: mark@home
New comment: mark@work
Comment 'mark@work' applied
$
$ ssh-keygen -f test_rsa -c -C mark@work
Old comment: mark@home
Comment 'mark@work' applied
$
It also compares the old and new comments and informs if there is no
change:
$ ssh-keygen -f test_rsa -c -C mark@home
Old comment: mark@home
No change to comment
$
$ ssh-keygen -f test_rsa -c
Old comment: mark@work
New comment: mark@work
No change to comment
$
ok?
Mark
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.329
diff -u -p -u -p -r1.329 ssh-keygen.c
--- ssh-keygen.c 25 Mar 2019 16:19:44 -0000 1.329
+++ ssh-keygen.c 22 May 2019 18:21:42 -0000
@@ -1466,15 +1466,15 @@ do_change_comment(struct passwd *pw, con
sshkey_free(private);
exit(1);
}
- if (comment)
- printf("Key now has comment '%s'\n", comment);
+ if (strlen(comment) > 0)
+ printf("Old comment: %s\n", comment);
else
- printf("Key now has no comment\n");
+ printf("No existing comment\n");
if (identity_comment) {
strlcpy(new_comment, identity_comment, sizeof(new_comment));
} else {
- printf("Enter new comment: ");
+ printf("New comment: ");
fflush(stdout);
if (!fgets(new_comment, sizeof(new_comment), stdin)) {
explicit_bzero(passphrase, strlen(passphrase));
@@ -1483,6 +1483,12 @@ do_change_comment(struct passwd *pw, con
}
new_comment[strcspn(new_comment, "\n")] = '\0';
}
+ if (strcmp(comment, new_comment) == 0)
+ printf("No change to comment\n");
+ else if (strlen(new_comment) > 0)
+ printf("Comment '%s' applied\n", new_comment);
+ else
+ printf("Comment removed\n");
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
@@ -1516,7 +1522,6 @@ do_change_comment(struct passwd *pw, con
free(comment);
- printf("The comment in your key file has been changed.\n");
exit(0);
}
