When you generate a private and public key pair, you can choose to protect the private key with a password. This adds an extra security layer, requiring the password each time the key is used. If you already have a private key without a password, you can add one afterward using the ssh-keygen tool.
Suppose we start with the following unprotected private key saved in the id_rsa file:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEAxR4tYL+c/uyuyP84jqTOhQIwD0MFLX3PtLkegsPT1cEf6YLatGNN
zMx19r3/qMQ1tuOuEt1m5Azyvlb0PqH5ho5nXnmjD8S8J+2pcTG1Agv476XgsOWLSe5s1G
qKBekfxgivI3iyCUjHeD9N1L8MQHZosZmx8hl2oM2fctauUsEAAAII8e99LfHvfS0AAAAH
c3NoLXJzYQAAAIEAxR4tYL+c/uyuyP84jqTOhQIwD0MFLX3PtLkegsPT1cEf6YLatGNNzM
x19r3/qMQ1tuOuEt1m5Azyvlb0PqH5ho5nXnmjD8S8J+2pcTG1Agv476XgsOWLSe5s1GqK
BekfxgivI3iyCUjHeD9N1L8MQHZosZmx8hl2oM2fctauUsEAAAADAQABAAAAgDB/KDLxcb
LWkHorMMMHkTfwPdrDZna2yW9xTCxn+apRhYRyCVTwSafldfBq9oeTHpQMmDtT9YiOFvr1
cconF7iv9sQl0SvzD2ArNK38j3vrYHihpL5gj5Xf9KBd8n2+ltb4N8tTSNM3v6R6W2M7DS
tEyRDESFm1iuJjVGOPZByxAAAAQQDSsl5lEbNYVjTvQF+u9nXWWzP2zicBRqrtDiwlxdsd
gnfDa/9oemRW7oiSBYmxdmNmXmFO+tkN+PGZN+V7s9phAAAAQQD7ygfotwZYHy339i0EWk
yf67PSfVDsn9oWMvbA1n1s9HR1MPDzCThb1jvrnCoX28My575yBQY3j+bm0i3RM/ErAAAA
QQDIahXn6CKBlNwR8qDQvJEM2OczItnCdlpzJTiAcHlKHaPFLPplVOHvwThbkjR9ZRm3Re
0p8aszkBpFcqleA13DAAAAEXJvb3RANGE5MWE2YmZkNjQ2AQ==
-----END OPENSSH PRIVATE KEY-----You can add a password to this key with the following command:
ssh-keygen -p -f id_rsaThis will prompt you to enter and confirm a password.
If you prefer to specify the password without an interactive prompt, you can use the -N option:
ssh-keygen -p -f id_rsa -N "testing123"Here's what the options mean:
-p- change the password of a private key file.-f id_rsa- the filename of the private key to update.-N "testing123"- sets the new password.
Leave a Comment
Cancel reply