Remove passphrase (password) from private RSA key

By neokrates, written on April 7, 2010

howto

View Counter:
  • 4,180 views
Rate it
  • 1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
    Loading ... Loading ...
Ad
Poll
  • Your skill as shell programmer is?

    View Results

    Loading ... Loading ...
Feeds:
  • bodytext bodytext bodytext
Most popular search terms:

It is there secure yet annoying, to have a password encrypted rsa key.
You want to automatically login and/or run remote commands per ssh. No interaction.
Here is how you remove the passphrase from you rsa key.

Software:

[v] OpenSSH
[v] Ubuntu 9.10

Should also work for:

[v] any OpenSSH installation

Given, your key is in id_rsa

1

Passphrase is needed?

Try some host which has your public key (id_rsa.pub)

> ssh my_user@myhost

 
You should get Enter passphrase for key kind of response

2

Remove passphrase

openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new

 
and enter your old passphrase

3

Replace key

Backup and replace your private ssh key

cp ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
rm ~/.ssh/id_rsa
cp ~/.ssh/id_rsa_new ~/.ssh/id_rsa

4

Set key permissions

chmod 400 ~/.ssh/id_rsa

5

Test it

Now, following should log your into remote system, no questions asked

> ssh my_user@myhost

 
[i] REMARKS
1. In case you used passphrase, your key was really encrypted using your phrase, so openssl rsa -in call actually removes encryption.

2. If your forget to set proper permission flags, following may occur:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for '/home/myname/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/myname/.ssh/id_rsa
 
Does that help to solve your problem?
VN:F [1.8.5_1061]
Rating: +39 (from 47 votes)
43 votes 'YES'  4 votes 'NO'


TAGS

RELATED
Pages
Posts
    nope :(

SOCIAL
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • BlinkList
  • Blogosphere News
  • E-mail this story to a friend!
  • Furl
  • LinkArena
  • Live
  • MisterWong
  • Print this article!
  • StumbleUpon
  • Technorati
  • Webnews.de
  • YahooMyWeb

INCOMING SEARCH TERMS


11 Responses to “Remove passphrase (password) from private RSA key”

  1. I ended up choosing a ucc ssl certificate after my third domain needed security. The break-even seemed to be at somewhere between 2 and 3 domain. SSL certs are pretty much commodity items now, so I’d recommend shopping by price. Wikipedia has a good comparison of ssl certificate providers.

    Like or Dislike: Thumb up 0 Thumb down 1

  2. duze says:

    ssh-keygen -p -P old_passphrase -N “” -f /home/myname/.ssh/id_rs

    Like or Dislike: Thumb up 1 Thumb down 0

  3. eggmatters says:

    This didn’t work for me . . . I’m still asked for a passphrase.

    Like or Dislike: Thumb up 0 Thumb down 0

  4. Geminy says:

    Worked for me!!!!!!!!!!!!!
    Thank you.

    Like or Dislike: Thumb up 0 Thumb down 0

  5. Jean says:

    Worked! Thank you.

    Like or Dislike: Thumb up 0 Thumb down 0

  6. Daniel says:

    Thank you!

    Like or Dislike: Thumb up 0 Thumb down 0

Leave a Reply