Aaron Kili Categories Commandline Tools, Security, SSH Leave a comment
Brief: Have you created a certificate key or private key with a passphrase and wish to remove it? In this guide, we will show how to remove a passphrase using the openssl command line tool and from an ssh private key.
A passphrase is a sequence of words used to secure and control access to a private key. It is a key or secret used to encrypt the file that contains the actual encryption key.
To use the private key for encryption, for instance for ssh public-key-based connections, you are required to decrypt the private key file using the decryption key (the passphrase) – you are prompted to enter the passphrase.
Removing a Passphrase from SSL Certificate using OpenSSL
The header of a TLS/SSL private key with a passphrase looks like what is shown in the following screenshot. The parameter “DEK-Info” stores information required to decrypt the key using the passphrase.
$ cat private.pem
When you or any application such as NGINX webserver is using the private key, which invokes it for encrypting data, you or the application will be prompted to supply the passphrase before the key can be used, for example:
$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
To remove the passphrase of an SSL private key using the openssl command line tool, simply copy the old file to a new file name. After, the new private key will not have a passphrase as shown in the following screenshot.
$ openssl rsa -in private.pem -out private_new.pem $ cat private_new.pem
Remove Passphrase from SSH Private Key
Usually, when you generate an SSH key pair, you are prompted to set a passphrase for the private key as shown in the following screenshot. If you leave it empty, no passphrase is set.
When you invoke a private ssh key that has a passphrase, before the ssh client can use the key for the connection, it prompts you to supply the passphrase as shown.
$ ssh -i .ssh/tecmint [emailprotected]
To remove the passphrase, use the ssh-keygen command with the -p option which prompts you for the existing passphrase, and -f to specify the private key file:
$ ssh-keygen -p -f .ssh/tecmint
Enter the old passphrase, and leave the new passphrase empty.
[ You might also like: Basic SSH Command Usage and Configuration in Linux ]
That’s all! Remember that is recommended to use passphrases to increase the security of your SSH keys. To share your thoughts with us about this guide, use the comment form below.
Previous article:
How to Configure FirewallD in RHEL-based Distributions
Next article:
An Easy Way to Hide Files and Directories in Linux
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.
Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.
Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.
Related Posts
How to Keep Linux Process Running After a Crash or Reboot
How to Find a Hard Disk Serial Number in Linux
How to Create, Extract and List RAR Files in Linux
How to Download YouTube Videos in Linux Using YT-DLP
2 Useful Tools to Count Lines of Source Code in Programming Languages
How to Delete Large Directory with Thousands of Files in Linux
