I mentioned in a previous article why it's important to secure your ssh key with a passphrase
Securing a private SSH with a passphrase.
To add a passphrase to an existing SSH key, you can use the ssh-keygen command with the -p option.
ssh-keygen -p -f ~/.ssh/id_ed25519
Replace "~/.ssh/id_ed25519" with the path to your SSH private key if it's different.
You'll be asked to enter a new passphrase. Type your desired passphrase and press Enter.
You'll need to confirm the new passphrase by entering it again when prompted.
Here is what it looks like
$ ssh-keygen -p -f ~/.ssh/id_ed25519
Enter new passphrase (empty for no passphrase): ******** + Enter
Enter same passphrase again: ******** +
This process updates the passphrase for your private SSH key without needing to generate a new key pair.
Consequences on your public key
None. Your public key won't change.
There is no need to update your ssh key on ssh servers, git config (if you are signing your commits), or on GitHub/GitLab account settings.
You only secured the way your private key is secured.
Consequences if you forget the passphrase
There is nothing you can do. It's similar to having a comprised or deleted key.
You will have to generate a new SSH key, the private and public key will be different.
How to change the passphrase of an SSH key
If you want to change the passphrase of an ssh key that has already one, simply launch the same command again.
So you will be prompted to enter the old passphrase if one exists, then you can choose a new one.
$ ssh-keygen -p -f ~/.ssh/id_ed25519
Enter old passphrase: ***** + Enter
Enter new passphrase (empty for no passphrase): ******** + Enter
Enter same passphrase again: ******** + Enter
How to remove a passphrase from a SSH key
To remove the passphrase from an existing ssh key, you only have to use an empty passphrase for the new key.
$ ssh-keygen -p -f ~/.ssh/id_ed25519
Enter old passphrase: ***** + Enter
Enter new passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Top comments (0)