Solve ssh-keygen Problem: No Passphrase Needed

  • Thread starter Thread starter Borek
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around the challenges faced when attempting to add a passphrase to an existing SSH private key file, particularly in the context of using different tools like ssh-keygen and PuTTY. Participants explore the implications of key management and the compatibility of key formats across platforms.

Discussion Character

  • Technical explanation
  • Debate/contested
  • Exploratory

Main Points Raised

  • One participant recalls generating a key without a passphrase and suggests that the command ssh-keygen -p -f id_rsa_priv.ppk should work, but encounters issues when prompted for an old passphrase.
  • Another participant describes their experience where changing a passphrase does not require entering an old passphrase if it was initially empty, suggesting the possibility of an unknown old passphrase in the original case.
  • There is a suggestion that the participant may have another key-pair that allows access without a passphrase, indicating potential confusion about which key is being used.
  • Multiple participants propose generating a new key-pair for travel and dropping the public key on remote servers as a workaround.
  • One participant notes the complexity of using PuTTY, which generates .ppk files, and suggests that this may complicate the use of ssh-keygen.
  • A later reply confirms that using PuTTY's tool (puttygen) successfully added a passphrase, highlighting compatibility issues between different tools.

Areas of Agreement / Disagreement

Participants express differing experiences and solutions regarding the use of ssh-keygen and PuTTY, indicating that there is no consensus on the best approach to add a passphrase to the key file. The discussion remains unresolved regarding the specific reasons for the initial issues faced.

Contextual Notes

There are limitations regarding the assumptions about the key's original state and the compatibility of different key formats across tools. The discussion does not resolve the underlying reasons for the passphrase prompt encountered by the original poster.

Borek
Mentor
Messages
29,204
Reaction score
4,626
I have a private key file used to log into remote servers. As the file resides only on a desktop computer, key file was prepared without a passphrase (or at least that's what I remember and I am never asked to enter a passphrase when I use ssh, which makes me think I remember right). However, now I am going on a trip and I want to be able to use the same key on my laptop - so to be safe I wanted to add a passphrase. Judging from the man page to change a passphrase I should use something like

ssh-keygen -p -f id_rsa_priv.ppk

but it doesn't work - that is, I am asked to enter the old passphrase, but when I just press Enter I am told it is a bad one. Any ideas what should I do? I already tried using -P "" to no avail.
 
Computer science news on Phys.org
When I first generate a key with an empty pass phrase (with just $ ssh-keygen), I can change it with:
$ ssh-keygen -p -f id_rsa
When I do, it does not ask for the old pass phrase, but just for a new one.
If I repeat it, it asks for the old pass phrase that I had just entered as new phrase.

Seems to me that you do have an old pass phrase, but apparently you do not know it any more.
Although that doesn't really explain why it usually doesn't ask for a pass phrase.
Can it perhaps be that there is another key-pair involved that allows you to log in without pass phrase?

Anyway, easiest way to resolve it, is by preparing new key-pairs, and dropping off the public keys at your remote servers in the authorized_keys file.
(Note that public key files and the authorized_keys file are just text files that you can edit.)
 
Last edited:
Try:
Code: 
# ssh-keygen -p -f id_rsa_priv.ppk -N newpasswd

Another option you could consider is generating a second ssh key for your laptop to use while traveling and then revoke it after you get back.
 
Btw, are you using PuTTY or something?
I seem to recall that it typically generates files with the .ppk extension.
Typically with PuTTY things are a little less straight forward than with native linux tools.
 
jhae2.718 said:
Try:
Code: 
# ssh-keygen -p -f id_rsa_priv.ppk -N newpasswd

Tried that as well, didn't work. Asks for a passphrase.

I like Serena said:
Btw, are you using PuTTY or something?
I seem to recall that it typically generates files with the .ppk extension.
Typically with PuTTY things are a little less straight forward than with native linux tools.

PuTTy on windows, but I am using exactly the same key file with ssh on a Linux machine.

But your question suggested a solution. ssh-keygen was not able to add a passphrase, while puttygen did it without a problem. Apparently just because a key file works OK with ssh doesn't mean it works OK with ssh-keygen.

Why do I still feel surprised by such things after programming for 30 years
grumpy_borek.png


Thank you! Case closed.
 

Similar threads

Trouble installing MySQL on Ubuntu 20.04 — asks for root password
  • · Replies 6 ·
Replies
6
Views
9K
Print from Linux CUPS to printer on Win8.1 with server side rendering [sort of solved]
  • · Replies 4 ·
Replies
4
Views
3K
Problems with a USB network adapter for a PC
  • · Replies 15 ·
Replies
15
Views
3K
What is the computer hardware needed by a physicist?
  • · Replies 18 ·
Replies
18
Views
5K
Problem with importing an address book (.csv format) to yahoo.com
  • · Replies 3 ·
Replies
3
Views
5K
Windows 10 Update - Caused Loop (Need a Computer )
  • · Replies 12 ·
Replies
12
Views
4K
Is My Windows Genuine? Seeking Help for a Fake Installation
  • · Replies 11 ·
Replies
11
Views
2K
Gentoo Linux PC in a Mazda: Amazing Audio & Automobile Control
  • · Replies 7 ·
Replies
7
Views
9K
Solving Unusual Mouse Behavior on Windows 7
  • · Replies 14 ·
Replies
14
Views
4K
Can Third Party Software Monitor Your Computer?
  • · Replies 3 ·
Replies
3
Views
3K