# Ssh-keygen problem

1. Jul 14, 2012

### Staff: Mentor

I have a private key file used to log into remote servers. As the file resides only on a desktop computer, key file was prepared without a passphrase (or at least that's what I remember and I am never asked to enter a passphrase when I use ssh, which makes me think I remember right). However, now I am going on a trip and I want to be able to use the same key on my laptop - so to be safe I wanted to add a passphrase. Judging from the man page to change a passphrase I should use something like

ssh-keygen -p -f id_rsa_priv.ppk

but it doesn't work - that is, I am asked to enter the old passphrase, but when I just press Enter I am told it is a bad one. Any ideas what should I do? I already tried using -P "" to no avail.

2. Jul 14, 2012

### I like Serena

When I first generate a key with an empty pass phrase (with just $ssh-keygen), I can change it with:$ ssh-keygen -p -f id_rsa
When I do, it does not ask for the old pass phrase, but just for a new one.
If I repeat it, it asks for the old pass phrase that I had just entered as new phrase.

Seems to me that you do have an old pass phrase, but apparently you do not know it any more.
Although that doesn't really explain why it usually doesn't ask for a pass phrase.
Can it perhaps be that there is another key-pair involved that allows you to log in without pass phrase?

Anyway, easiest way to resolve it, is by preparing new key-pairs, and dropping off the public keys at your remote servers in the authorized_keys file.
(Note that public key files and the authorized_keys file are just text files that you can edit.)

Last edited: Jul 14, 2012
3. Jul 14, 2012

### jhae2.718

Try:
Code (Text):

# ssh-keygen -p -f id_rsa_priv.ppk -N newpasswd

Another option you could consider is generating a second ssh key for your laptop to use while travelling and then revoke it after you get back.

4. Jul 14, 2012

### I like Serena

Btw, are you using PuTTY or something?
I seem to recall that it typically generates files with the .ppk extension.
Typically with PuTTY things are a little less straight forward than with native linux tools.

5. Jul 14, 2012

### Staff: Mentor

Tried that as well, didn't work. Asks for a passphrase.

PuTTy on windows, but I am using exactly the same key file with ssh on a Linux machine.

But your question suggested a solution. ssh-keygen was not able to add a passphrase, while puttygen did it without a problem. Apparently just because a key file works OK with ssh doesn't mean it works OK with ssh-keygen.

Why do I still feel surprised by such things after programming for 30 years

Thank you! Case closed.