Naming conventions for OpenSSH public and private key pairs

A possible naming convention could be implemented with the following guidelines: Remove any information that is not specific to a server or purpose, while ensuring that at least one of the pieces of information (either OpenSSH/PuTTy or private/public) is present in the name. Regarding the format information, PuTTy uses “puttygen” for private keys and provides “ssh-keygen” for public keys, which is not suitable for MS Publisher. To maintain consistency, I suggest using the “puttygen” convention for the private key and appending “.pub” to the private key name for the public key (i.e., “privatekey.ppk” and “privatekey.pub”).

Question:

For quite some time now, I’ve been utilizing public/
private key
pairs. However, I’ve been repeatedly contemplating the appropriate file extension to use. It appears that there is no established convention for both the public and private (openssh) keys.

There is a special extension in PuTTy known as

.ppk

for “PuTTy Private Key”. The private key is stored either without an extension or with

.pub

, but I prefer not to use

.pub

since Microsoft uses it for MS Publisher. To avoid confusion, I store both keys with the same name and add

.ppk

to the private key but not to the public key. This way, I can easily identify which key is for PuTTy only, and which one is public.

What is the appropriate way to handle the private openssh key? Should it be stored without an extension or with a specific naming convention like

.openssh

? In case there is no standard convention, I would be grateful if someone has devised a personal concept and can share it.

Thanks in advance!


Solution 1:

Naming keys does not have an official convention, and their filenames are insignificant. The importance of the keys lies only to the person managing them, as the software only focuses on the contents of the files.

It is worth noting that OpenSSH key files can be named with a file extension that is identical to a regular text file, as they are essentially just text files.

When using the

ssh-keygen

tool, I typically follow their convention for naming keys. This involves using

id_{key_algorithm}

for the private key, which can be either

id_rsa

or

id_dsa

, and appending the private key name with

.pub

for the public key, which can be either

id_rsa.pub

or

id_dsa.pub

. If I need to keep multiple keys, I add an additional identifier to the end of the name, resulting in names like

id_rsa_myhost

and

id_rsa_myhost.pub

.


Solution 2:


After considering various naming concepts, I have arrived at the current one. Although PuTTy only has one convention (

.ppk

for PuTTy Private Key), my suggested naming concept is not a strict requirement. It is merely an idea that may be helpful to others who are creating their own naming concepts.

What I want / don’t want

  • I am interested in utilizing both OpenSSH and PuTTY keypairs.
  • To prevent any confusion, I need a clear identification of the keys. Hence, I want to identify them as follows:
  • the algorithm
  • if it’s a private or a public key
  • if it’s OpenSSH or PuTTy format
  • I desire the title to be compatible with both Windows and Unix operating systems, adhering to their standards, even if Linux’s guidelines do not officially prohibit spaces.
  • In the event of a security issue, I am hesitant to change the keys on all servers. Therefore, I may only need to modify specific keys on certain servers, such as those listed:
  • don’t want to use the same keypair for several servers
  • and

  • want to use a keypair for only one purpose (purpose could be a user, a service or a task for example)
  • .


Hence, the title must incorporate these particulars:

  • Details of the proposal, whether it pertains to the username or task name, for instance.
  • If the key is specific to a server, then the name of the server is required.
  • The algorithm
  • Is it a private or public key?
  • Is it OpenSSH or PuTTy format?

A possible name scheme

As heavyd pointed out, it is advisable to adhere to the syntax of the

ssh-keygen

tool. However, I avoid using

.pub

for public keys to prevent any misinterpretation on Windows Systems since this file extension is already used by Microsoft Publisher, which has its own icon. To come up with a suitable naming convention, I combine the

ssh-keygen

syntax with PuTTy’s convention (

.ppk

) and consider the conditions mentioned above.

id___.

With the following rules:

  • Delete

    <servername>

    only if it is not intended for a particular server.
  • Delete

    <purpose>

    unless it serves a particular objective.
  • The name should consist of either

    <purpose>

    or

    <servername>

    information.

The format information (OpenSSH/PuTTy and private/public)

PuTTy offers

.ppk

for private keys and

.pub

for public keys, but I avoid using the latter due to compatibility issues with MS Publisher. Instead, I rely on PuTTy’s

.ppk

which only slightly differs from

ssh-keygen

. I use both naming conventions as a basis to create similar names for other keys. These names are then added as file extensions.

Name of OpenSSH private key:  .pk        an alternative could be .opk or   .ospk
Name of OpenSSH public key:   .pubk      an alternative could be .opubk or .ospubk
Name of PuTTY private key:    .ppk
Name of PuTTy Public Key:     .ppubk


Some examples:

id_rsa_foo_bar.ppk
id_dsa_foo.pk
id_rsa_server01_rsync.pk
id_rsa_server01_rsync.pubk
id_rsa_server01_rsync.ppk
id_rsa_server01_rsync.ppubk

Frequently Asked Questions

Posted in Ssh