Home CentOS How to Create an SSH Key Passphrase in Linux

How to Create an SSH Key Passphrase in Linux

Categories CentOS, Debian, Security, SSH, Ubuntu Leave a comment

SSH keys are commonly used without a passphrase. This is especially true when automating tasks because no human is expected to be available to type in the passphrase. Nevertheless, the use of SSH key passphrases is recommended for interactive users. This will add an extra layer of security in case the private key is stolen or accidentally disclosed.

Related Read: How to Disable SSH Login to Specific User in Linux

In this guide, we will describe how to create an SSH key with a passphrase by using the ssh-keygen utility in Linux. We will also show you how to add and change a passphrase for an existing SSH key.

Create an SSH Key with a Passphrase

You can use the ssh-keygen utility in Linux or other Unix-like systems to create an SSH key with a passphrase as follows.

$ ssh-keygen

Firstly, you would be prompted to choose a location to save your private key. The default location is the .ssh hidden directory in your home directory. You may press the enter key to accept the default location or specify a different location.

After that, you would be prompted to enter a passphrase for your new SSH key.

Create SSH Key Passphrase
Create SSH Key Passphrase

Add a Passphrase for an Existing SSH Key

To add a passphrase to an existing SSH key that does not already have one, run the command below.

$ ssh-keygen -p

The first prompt requires you to provide the file path where the SSH key is stored. If the SSH key file is stored in the default location, then press the enter key to proceed. Otherwise, type in the file path accordingly.

Thereafter, you would be prompted to enter a new passphrase.

Add SSH Passphrase to an Existing SSH Key
Add SSH Passphrase to an Existing SSH Key

Change the Passphrase for an Existing SSH Key

Run the command below to change the passphrase for an existing SSH key.

$ ssh-keygen -p

After specifying the location of the SSH key, you would need to enter the old passphrase for the SSH key. Without the old passphrase, you may not be able to change the passphrase for the SSH key.

Change Passphrase for an Existing SSH Key
Change Passphrase for an Existing SSH Key

Delete the Passphrase for an Existing SSH Key

You may have already noticed, but the -p option of the ssh-keygen command also allows you to remove the passphrase for an existing SSH key by pressing enter on the keyboard.

Of course, you must provide the old passphrase before you will be allowed to remove it. If you do not remember the old passphrase, you would not be able to remove the passphrase for the SSH key. You may have to generate a new SSH key pair in that case.

Conclusion

In this article, we described how to create and change SSH key passphrases. Each time a protected SSH key is used, a passphrase will be required for authorization. This is highly recommended for protecting your SSH key from unauthorized use in case it gets into the wrong hands.

How to Generate Self-Signed SSL Certificates using OpenSSL

Getting Started with VirtualBox in Linux – Part 1

Photo of author
Ravi Saive
I am an Experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies. Founder of TecMint.com, LinuxShellTips.com, and Fossmint.com. Over 150+ million people visited my websites.

Each tutorial at UbuntuMint is created by a team of experienced writers so that it meets our high-quality standards.

Was this article helpful? Please add a comment to show your appreciation and support.

RECOMMENDED ARTICLES

Got something to say? Join the discussion.

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published or shared. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.