How to change the pass phrase on a private key

10 Apr 2016

I've been meaning to do this for a while; change the pass phrases on my private keys. This serverfault entry gives the details:

$ ssh-keygen -p -f .ssh/id_rsa

This can also be done using openssl, as described in this Stack Exchange entry and this Superuser entry, and it's nice because you can specify the cipher (in this case, aes256):

$ openssl rsa -aes256 -in .ssh/github_id_rsa -out .ssh/new_github_id_rsa
$ mv .ssh/new_github_id_rsa .ssh/github_id_rsa

Finally, as with all things security, you can always go further, as specified here, and here.