DevInTheMiddle_

Did you put a password on your SSH private key?

Published on Oct 26, 2020

If the answer is no, my second question is: why?

Add a passphrase, it is so easy...

It is so easy to put a passphrase on it, and you just need to remember one passphrase to access all your machines...

If you didn't add a passphrase during the creation phase, don't worry, you can always add it with a simple command:

$ ssh-keygen -p -f ~/.ssh/id_ed25519

In case you want to add a passhprase to a key without passphrase you will be asked to enter a new passphrase:

Key has comment 'fabio@zambroid.ch'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

Change you current passphrase

In case you realize that you must change your passphrase for whatever reason (your passphrase is compromised, or you want to update it with your new favourite superhero name - it's a joke, really), well, the procedure and the commands are the same.

$ ssh-keygen -p -f ~/.ssh/id_ed25519
Enter old passphrase: 
Key has comment 'fabio@zambroid.ch'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

As you can see, this time you are asked to enter the old passphrase first, and then to add the new one (twice obviously...).

Forgot passphrase, forget your key

Yes, unfortunately if you forgot the passphrase of your private key password there is no way to recover the private key. So, put a passphrase, remember it or store it safely!

Written by

Fabio Zambrino

GitHub •  Fingerprint

Senior System Engineer with a genuine passion for Information Security. Making professional mistakes since 2005.
Thinks of himself to be a real Security Guru... But always forget to lock the car!