How to Change SSH Private Key Passphrase on Ubuntu

Securing your SSH keys is crucial for maintaining server security. This article provides a quick, step-by-step guide on how to change, add, or remove the passphrase of an existing SSH private key on Ubuntu Linux using the built-in ssh-keygen utility, allowing you to update your credentials without needing to generate a new key pair.

Step 1: Locate Your SSH Private Key

By default, SSH private keys are stored in the hidden .ssh directory in your user’s home directory. Common filenames include: * ~/.ssh/id_rsa (RSA key) * ~/.ssh/id_ed25519 (Ed25519 key) * ~/.ssh/id_ecdsa (ECDSA key)

Step 2: Run the ssh-keygen Command

To change the passphrase, open your terminal and run the ssh-keygen command with the -p flag (which requests changing the passphrase) and the -f flag (to specify the path to your private key file).

Replace ~/.ssh/id_rsa with the actual path to your private key if it differs:

ssh-keygen -p -f ~/.ssh/id_rsa

Step 3: Enter the Passphrases

Once you run the command, the terminal will prompt you for input:

1. Enter old passphrase: Type your current passphrase and press Enter. If your key does not currently have a passphrase, simply press Enter.
2. Enter new passphrase: Type your new, strong passphrase and press Enter.
3. Enter same passphrase again: Retype the new passphrase to confirm it and press Enter.

Once successfully completed, you will see a confirmation message:

Your identification has been saved with the new passphrase.

How to Remove a Passphrase

If you want to completely remove a passphrase from your SSH private key (not recommended for production environments due to security risks), follow the same steps above. When prompted for the “new passphrase” and confirmation, leave the fields blank and press Enter both times.