Change the passphrase for an SSH RSA key file

Posted in Linux/Unix/BSD -

Use the ssh-keygen command with the -p flag to change or remove the passphrase for an SSH RSA private key file.

Change or remove the passphrase

Run ssh-keygen with -p only will prompt you for the location of the keyfile (defaulting to ~/.ssh/id_rsa) the old passphrase and the new passphrase:

ssh-keygen -p

You will be prompted for the location of the file, which you can specify or hit <enter> to leave as the default:

Enter file in which the key is (/home/chris/.ssh/id_rsa):

Now enter the old passphrase, the new one and confirm it:

Enter old passphrase:
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again:  Your identification has been saved with the new passphrase.

To remove the existing passphrase, simply hit <enter> at the steps where you enter the new one and then confirm it.

Other command line flags

You can also specify the path to the file when first calling ssh-keygen:

ssh-keygen -p -f /path/to/file

And even supply the old pass phrase and new ones of the command line, although I wouldn't recommend it unless you clear the bash session history afterwards:

ssh-keygen -p -f /path/to/file -P old_passphrase -N new_passphrase

To remove the passphrase without having to hit <enter> twice in the prompts, but have to type in the existing one so it's not visible on the command line:

ssh-keygen -p -N ""

You can of course optionally add the -f flag to this one too.

Related posts: