Today I needed to add a passphrase to an ssh key. The key had previously been used for automated batch processing work in cronjobs, and thus didn't have a passphrase set — a bit of a security no-no. A quick scan of the ssh-keygen manpage led me to the -p flag, which updates or creates a passphrase on an existing ssh key. So I was able to type
$ ssh-keygen -p -f .ssh/id_rsa
Key has comment '.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
Pretty nifty. I can still log in to my servers as I describe in hassle free passwordless ssh login using the exact same key. But now the key has a passphrase set, so I can feel more secure if my machine gets compromised.