Solve ssh-keygen Problem: No Passphrase Needed

  • Thread starter Borek
  • Start date
In summary, the individual has a private key file for remote server access without a passphrase, but now wants to add a passphrase for safety while traveling. Attempts to change the passphrase using ssh-keygen were unsuccessful and the individual suspects there may be another key-pair involved. The individual is advised to try using PuTTy's puttygen instead, which successfully adds a passphrase. It is also suggested to generate a second ssh key for traveling and revoke it afterwards.
  • #1
Borek
Mentor
29,007
4,324
I have a private key file used to log into remote servers. As the file resides only on a desktop computer, key file was prepared without a passphrase (or at least that's what I remember and I am never asked to enter a passphrase when I use ssh, which makes me think I remember right). However, now I am going on a trip and I want to be able to use the same key on my laptop - so to be safe I wanted to add a passphrase. Judging from the man page to change a passphrase I should use something like

ssh-keygen -p -f id_rsa_priv.ppk

but it doesn't work - that is, I am asked to enter the old passphrase, but when I just press Enter I am told it is a bad one. Any ideas what should I do? I already tried using -P "" to no avail.
 
Computer science news on Phys.org
  • #2
When I first generate a key with an empty pass phrase (with just $ ssh-keygen), I can change it with:
$ ssh-keygen -p -f id_rsa
When I do, it does not ask for the old pass phrase, but just for a new one.
If I repeat it, it asks for the old pass phrase that I had just entered as new phrase.

Seems to me that you do have an old pass phrase, but apparently you do not know it any more.
Although that doesn't really explain why it usually doesn't ask for a pass phrase.
Can it perhaps be that there is another key-pair involved that allows you to log in without pass phrase?

Anyway, easiest way to resolve it, is by preparing new key-pairs, and dropping off the public keys at your remote servers in the authorized_keys file.
(Note that public key files and the authorized_keys file are just text files that you can edit.)
 
Last edited:
  • #3
Try:
Code: 
# ssh-keygen -p -f id_rsa_priv.ppk -N newpasswd

Another option you could consider is generating a second ssh key for your laptop to use while traveling and then revoke it after you get back.
 
  • #4
Btw, are you using PuTTY or something?
I seem to recall that it typically generates files with the .ppk extension.
Typically with PuTTY things are a little less straight forward than with native linux tools.
 
  • #5
jhae2.718 said:
Try:
Code: 
# ssh-keygen -p -f id_rsa_priv.ppk -N newpasswd

Tried that as well, didn't work. Asks for a passphrase.

I like Serena said:
Btw, are you using PuTTY or something?
I seem to recall that it typically generates files with the .ppk extension.
Typically with PuTTY things are a little less straight forward than with native linux tools.

PuTTy on windows, but I am using exactly the same key file with ssh on a Linux machine.

But your question suggested a solution. ssh-keygen was not able to add a passphrase, while puttygen did it without a problem. Apparently just because a key file works OK with ssh doesn't mean it works OK with ssh-keygen.

Why do I still feel surprised by such things after programming for 30 years
grumpy_borek.png


Thank you! Case closed.
 

Related to Solve ssh-keygen Problem: No Passphrase Needed

1. What is ssh-keygen and why is it used?

SSH-keygen is a command-line utility used to generate, manage, and exchange public and private keys for secure communication over a network. It is commonly used for authenticating remote login sessions and transferring files securely.

2. Why does the "No Passphrase Needed" problem occur?

The "No Passphrase Needed" problem occurs because the user has not set a passphrase for their SSH key. A passphrase is an extra layer of security used to protect the private key from being accessed by unauthorized users.

3. Is it safe to use an SSH key without a passphrase?

While it may be more convenient to use an SSH key without a passphrase, it is not recommended from a security standpoint. Without a passphrase, anyone with access to the private key can gain access to the server or network, making it vulnerable to attacks.

4. How can I set a passphrase for my SSH key?

To set a passphrase for your SSH key, you can use the "-p" option when generating the key with the ssh-keygen command. This will prompt you to enter a passphrase, which should be a strong and unique combination of characters.

5. Can I change or remove the passphrase for my SSH key?

Yes, you can change or remove the passphrase for your SSH key by using the "ssh-keygen -p" command. You will be prompted to enter your old passphrase and then you can choose to set a new one or remove it altogether.

Similar threads

Trouble installing MySQL on Ubuntu 20.04 — asks for root password
    • Computing and Technology
Replies
6
Views
7K
Problems with a USB network adapter for a PC
    • Computing and Technology
Replies
15
Views
2K
Problem with importing an address book (.csv format) to yahoo.com
    • Computing and Technology
Replies
3
Views
4K
What is the computer hardware needed by a physicist?
    • Computing and Technology
Replies
18
Views
4K
Windows 10 Update - Caused Loop (Need a Computer )
    • Computing and Technology
Replies
12
Views
3K
Mathematica Mathematica remote kernel hangs after password
    • MATLAB, Maple, Mathematica, LaTeX
Replies
1
Views
2K
C/C++ What is the difference between cin and getline in C++?
    • Programming and Computer Science
Replies
8
Views
2K
Solving Unusual Mouse Behavior on Windows 7
    • Computing and Technology
Replies
14
Views
2K
Can Third Party Software Monitor Your Computer?
    • Computing and Technology
Replies
4
Views
2K
Help me set-up a home network between my devices
    • Computing and Technology
Replies
12
Views
5K

Hot Threads

Recent Insights

Back
Top