How do I remove the passphrase for the SSH key without having to create a new key?

Question

I set a passphrase when creating a new SSH key on my laptop. But, as I realise now, this is quite painful when you are trying to commit (Git and SVN) to a remote location over SSH many times in an hour.

One way I can think of is, delete my SSH keys and create new. Is there a way to remove the passphrase, while still keeping the same keys?

Answer 1

For me on Mac below steps solved the problem.

1. Open a terminal, go to Users directory (/home on Linux) and enter the below command.

   ssh-keygen -p
   

2. It will ask you

   Enter file in which the key is (`~/.ssh/id_rsa`):
   give the file path, which is shown in the round brackets.
   

3. Then it will ask you to enter the old passphrase. Write your old passphrase and enter. When you enter the passphrase terminal will not show anything.

4. Then it will ask you to enter the new passphrase

   Enter new passphrase (empty for no passphrase)
   If you don't want to keep any passphrase then just press enter.
   

5. Then again it will ask you to confirm the same passphrase

6. Enter same passphrase again. Then again, press enter.

You will get success message

Your identification has been saved with the new passphrase.

Answer 2

$ ssh-keygen -p worked for me:

1. Opened git bash. Pasted : $ ssh-keygen -p
2. Hit enter for default location.
3. Enter old passphrase
4. Enter new passphrase: BLANK
5. Confirm new passphrase: BLANK

BOOM the pain of entering passphrase for git push was gone.

Answer 3

You might want to add the following to your .bash_profile (or equivalent), which starts ssh-agent on login.

if [ -f ~/.agent.env ] ; then
    . ~/.agent.env > /dev/null
    if ! kill -0 $SSH_AGENT_PID > /dev/null 2>&1; then
        echo "Stale agent file found. Spawning new agent… "
        eval $(ssh-agent | tee ~/.agent.env)
        ssh-add
    fi 
else
    echo "Starting ssh-agent"
    eval $(ssh-agent | tee ~/.agent.env)
    ssh-add
fi

On some Linux distros (Ubuntu, Debian) you can use:

ssh-copy-id -i ~/.ssh/id_dsa.pub username@host

This will copy the generated id to a remote machine and add it to the remote keychain.

You can read more here and here.

Answer 4

For Windows;

1. open a cmd screen write this and push enter.

   ssh-keygen -p

2. cmd will ask you the old passphrase. Write your old passphrase and enter. You can't see the old passphrase when you write it.

3. cmd will ask you the new passphrase and its confirmation. You can let it blank.

Congratulations!!!

Answer 5

If you are using Mac

• Go to .ssh folder
• update config file by adding "UseKeychain yes"

Answer 6

If you have set a passphrase before and is using mac, use the keychain instead, you'll need to enter your passpharase for the last time and that's it

ssh-add --apple-use-keychain ~/.ssh/id_rsa
Enter passphrase for /Users/{{user_name}}/.ssh/id_rsa:
Identity added: /Users/{{user_name}}/.ssh/id_rsa(/Users/{{user_name}}/.ssh/id_rsa)

Answer 7

In windows for me it kept saying "id_ed25135: No such file or directory" upon entering above commands. So I went to the folder, copied the path within folder explorer and added "\id_ed25135" at the end.

This is what I ended up typing and worked:
ssh-keygen -p -f C:\Users\john\.ssh\id_ed25135

This worked. Because for some reason, in Cmder the default path was something like this C:\Users\capit/.ssh/id_ed25135 (some were backslashes: "\" and some were forward slashes: "/")

Answer 8

Short answer:

$ ssh-keygen -p

This will then prompt you to enter the keyfile location, the old passphrase, and the new passphrase (which can be left blank to have no passphrase).

---

If you would like to do it all on one line without prompts do:

$ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]

Important: Beware that when executing commands they will typically be logged in your ~/.bash_history file (or similar) in plain text including all arguments provided (i.e. the passphrases in this case). It is, therefore, is recommended that you use the first option unless you have a specific reason to do otherwise.

Notice though that you can still use -f keyfile without having to specify -P nor -N, and that the keyfile defaults to ~/.ssh/id_rsa, so in many cases, it's not even needed.

You might want to consider using ssh-agent, which can cache the passphrase for a time. The latest versions of gpg-agent also support the protocol that is used by ssh-agent.

Answer 9

To change or remove the passphrase, I often find it simplest to pass in only the p and f flags, then let the system prompt me to supply the passphrases:

ssh-keygen -p -f <name-of-private-key>

For instance:

ssh-keygen -p -f id_rsa

Enter an empty password if you want to remove the passphrase.

A sample run to remove or change a password looks something like this:

ssh-keygen -p -f id_rsa
Enter old passphrase: 
Key has comment 'bcuser@pl1909'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

When adding a passphrase to a key that has no passphrase, the run looks something like this:

ssh-keygen -p -f id_rsa
Key has comment 'charlie@elf-path'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

Answer 10

On windows, you can use PuttyGen to load the private key file, remove the passphrase and then overwrite the existing private key file.

Answer 11

On the Mac you can store the passphrase for your private ssh key in your Keychain, which makes the use of it transparent. If you're logged in, it is available, when you are logged out your root user cannot use it. Removing the passphrase is a bad idea because anyone with the file can use it.

ssh-keygen -K

Add this to ~/.ssh/config

UseKeychain yes