Charlie Harvey

Tip: Change or add passphrase on existing SSH keys

Today I needed to add a passphrase to an ssh key. The key had previously been used for automated batch processing work in cronjobs, and thus didn't have a passphrase set — a bit of a security no-no. A quick scan of the ssh-keygen manpage led me to the -p flag, which updates or creates a passphrase on an existing ssh key. So I was able to type $ ssh-keygen -p -f .ssh/id_rsa Key has comment '.ssh/id_rsa' Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase.

Pretty nifty. I can still log in to my servers as I describe in hassle free passwordless ssh login using the exact same key. But now the key has a passphrase set, so I can feel more secure if my machine gets compromised.


  • Be respectful. You may want to read the comment guidelines before posting.
  • You can use Markdown syntax to format your comments. You can only use level 5 and 6 headings.
  • You can add class="your language" to code blocks to help highlight.js highlight them correctly.

Privacy note: This form will forward your IP address, user agent and referrer to the Akismet, StopForumSpam and Botscout spam filtering services. I don’t log these details. Those services will. I do log everything you type into the form. Full privacy statement.