Remove passphrase (password) from private RSA key

By neokrates, written on April 7, 2010

howto

  • Join date: 11-30-99
  • Posts: 224
View Counter:
  • 23,569 views
Rate it
Ad
Poll
  • Best shells (or command line language) are?

    View Results

    Loading ... Loading ...
Feeds:
  • bodytext bodytext bodytext

It is there secure yet annoying, to have a password encrypted rsa key.
You want to automatically login and/or run remote commands per ssh. No interaction.
Here is how you remove the passphrase from you rsa key.

Software:

✔ OpenSSH

✔ Ubuntu 9.10

Should also work for:

✔ any OpenSSH installation

Given, your key is in id_rsa

1

Passphrase is needed?

Try some host which has your public key (id_rsa.pub)

> ssh my_user@myhost

 
You should get Enter passphrase for key kind of response

2

Remove passphrase

openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new

 
and enter your old passphrase

3

Replace key

Backup and replace your private ssh key

cp ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
rm ~/.ssh/id_rsa
cp ~/.ssh/id_rsa_new ~/.ssh/id_rsa

4

Set key permissions

chmod 400 ~/.ssh/id_rsa

5

Test it

Now, following should log your into remote system, no questions asked

> ssh my_user@myhost

 

💡 REMARKS
1. In case you used passphrase, your key was really encrypted using your phrase, so openssl rsa -in call actually removes encryption.

2. If your forget to set proper permission flags, following may occur:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/home/myname/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/myname/.ssh/id_rsa
Be Sociable, Share!
 
Does that help to solve your problem?
VN:F [1.8.5_1061]
Rating: +45 (from 57 votes)
51 votes 'YES'  6 votes 'NO'

LEARN MORE (amazon bookstore)

TAGS

SOCIAL
Be Sociable, Share!

INCOMING SEARCH TERMS


12 Responses to “Remove passphrase (password) from private RSA key”

  1. I ended up choosing a ucc ssl certificate after my third domain needed security. The break-even seemed to be at somewhere between 2 and 3 domain. SSL certs are pretty much commodity items now, so I’d recommend shopping by price. Wikipedia has a good comparison of ssl certificate providers.

  2. duze says:

    ssh-keygen -p -P old_passphrase -N “” -f /home/myname/.ssh/id_rs

  3. eggmatters says:

    This didn’t work for me . . . I’m still asked for a passphrase.

  4. Geminy says:

    Worked for me!!!!!!!!!!!!!
    Thank you.

  5. Jean says:

    Worked! Thank you.

  6. […] have found some instructions to remove the passphrase from my private key, but, when I go to /home/jverstrynge/.ssh/, there is […]

Leave a Reply