How to manage SSH key passphrase: Add, change, or remove

Public and private key pairs are used for publickey authentication method in SSH. When creating the SSH key pair for publickey authentication, you can assign a passphrase to the private key.

A private key without a passphrase would allow passwordless login to SSH servers, whereas if a passphrase is assigned, you'll need to key in the passphrase during the publickey login process.

You can manage the passphrase of your SSH key after you create the key pairs. You can add, edit or remove the passphrase on your existing SSH private key using ssh-keygen.

Methods to manage passphrase of an SSH key.

Add passphrase to an SSH key
Change passphrase of an SSH key
Remove passphrase from an SSH key

Steps to add passphrase to SSH key

Run ssh-keygen with -p option.
```
$ ssh-keygen -p 
```
Specify the location of your SSH private key.
```
Enter file in which the key is (/home/user/.ssh/id_rsa):
```
Default location is selected by default
Comment of the private key will be displayed.
```
Key has comment 'user@host'
```

Enter a passphrase for the key twice.

Enter new passphrase (empty for no passphrase):
Enter same passphrase again:

Confirmation message will be displayed.

Your identification has been saved with the new passphrase.

Steps to change passphrase of SSH key

Run ssh-keygen with -p option.
```
$ ssh-keygen -p 
```
Specify the location of your SSH private key.
```
Enter file in which the key is (/home/user/.ssh/id_rsa):
```
Default location is selected by default
Enter existing passphrase for the private key.
```
Enter old passphrase:
```
Comment of the private key will be displayed.
```
Key has comment 'user@host'
```

Enter a new passphrase for the key twice.

Enter new passphrase (empty for no passphrase):
Enter same passphrase again:

Confirmation message will be displayed.

Your identification has been saved with the new passphrase.

Steps to remove passphrase from SSH key

Run ssh-keygen with -p option.
```
$ ssh-keygen -p 
```
Specify the location of your SSH private key.
```
Enter file in which the key is (/home/user/.ssh/id_rsa):
```
Default location is selected by default
Enter existing passphrase for the private key.
```
Enter old passphrase:
```
Comment of the private key will be displayed.
```
Key has comment 'user@host'
```
Press [ENTER] twice without entering any passphrase to remove current passphrase.
```
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
```

Confirmation message will be displayed.

Your identification has been saved with the new passphrase.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.