How to change password on ssh key. I can't figure it out, please help!
I can't find anything similar to my problem on Google.I don't know much about Linux.
CodePudding user response:
sudo ssh-keygen -f ~/.ssh/YOU_PRIVATE_SSH_KEY -p
If the terminal displays the message Permissions 0644
then run the command as root
If the terminal displays the message failed: Permission denied
To fix permission issues, first you need to set the correct permissions for the home directory and directory.ssh:
sudo chown -R user:user $HOME sudo chmod 750 $HOME sudo chmod -R 700 $HOME/.ssh
This creates the strictest permissions for all files in .ssh that will satisfy SSH requirements for these files. SSH recommendations and requirements (underlined) for individual directory files.ssh are listed below (from the manual page):
~/.ssh/id_rsa (or any PRIV KEY — private, primary key) — These files contain confidential data and should be readable by the user, but not accessible to others (read/write) — only 0600. The ssh program will simply ignore the private key file if it is available to others.
sudo chmod 600 ~/.ssh/id_rsa
~/.ssh/config — due to the possibility of abuse, this file must have strict permissions: read/write for the user and inaccessible for others - it is enough to install 0644.
sudo chmod 644 ~/.ssh/config
~ /.ssh/authorized_keys — This file is not highly sensitive, but the recommended read and write permissions for the user and are not available for others are 0644.
sudo chmod 644 ~/.ssh/authorized_keys
~ /.ssh/known_hosts — This file is not highly sensitive, but the recommended read and write permissions for the user and are not available for others are 0644.
chmod 644 ~/.ssh/known_hosts
~/.ssh/ — There is no general requirement to keep all the contents of this directory secret, but the recommended read/write/execute permissions are for the user and inaccessible to others — 0700 is enough.
sudo chmod 700 ~/.ssh
~ / .ssh /id_rsa.pub (OR ANY PUBLIC KEY) — These files are not confidential and can (but not necessarily) be readable by anyone.
CodePudding user response:
Form the man page:
ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
[-P old_passphrase]