如何去除SSH key中的passphrase

去除passphrase的方法

使用ssh-keygen来重新设置一个空的passphrase, 就相当于去除了原来的passphrase, 答案来自stackoverflow, 回答者还很贴心的提示,输入的passphrase会被记录在~/.bash_history中,别忘记处理这个情况。

1
$ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]

实验

  1. 首先使用ssh-keygen生成一对带passphrase的key, 此处输入的passphrase为helloworld.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    $ ssh-keygen -f ./id_rsa_for_passphrase
    Generating public/private rsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in ./id_rsa_for_passphrase.
    Your public key has been saved in ./id_rsa_for_passphrase.pub.
    The key fingerprint is:
    SHA256:l40jWfZPFe7ItcUJvduSyx/CXVmI27T6y75i/yuAPxs carlshen@carl-186.local
    The key's randomart image is:
    +---[RSA 2048]----+
    |             ... |
    |             .o+o|
    |          o . o+*|
    |         + =.+++=|
    |        S * +o+=+|
    |         + o.++.o|
    |          .Eo+.= |
    |           o+++ .|
    |           oo+O*+|
    +----[SHA256]-----+
    $
    $ ll
    total 16
    -rw-------  1 carlshen  staff  1766  4 19 16:05 id_rsa_for_passphrase
    -rw-r--r--  1 carlshen  staff   405  4 19 16:05 id_rsa_for_passphrase.pub
    $

  2. 去除private key的passphrase

    1
    2
    3
    4
    5
    6
    7
    8
    $ ssh-keygen -p -P helloworld -N "" -f id_rsa_for_passphrase
    Your identification has been saved with the new passphrase.
    $
    $ ll
    total 16
    -rw-------  1 carlshen  staff  1679  4 19 16:07 id_rsa_for_passphrase
    -rw-r--r--  1 carlshen  staff   405  4 19 16:05 id_rsa_for_passphrase.pub
    $

  3. 使用去除passphrase的private key来生成public key的内容,此时已经不需要输入passphrase。同原先的public key比较,可以看出内容是相同的。

    1
    2
    3
    4
    5
    6
    $ ssh-keygen -y -f id_rsa_for_passphrase
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnIM/b01uMtYWlEyWN7RsIynhTPqodAaMkK5jhWqrLj29FUFHbSZwXaMlbxi1yxsp9VHX/YjFXQjesUv+wv+We2I9gNN/emd1zIrFDIU1sLZTwdPPsZ/nBA9e19tncVvUHk07wFmFGE1pH7mCpVHSjYgqhJYKZFn5RVcTn7lir4pIvjGl94+wNCtTueMsAiH8K+F3gcivwFQK9Gng7Fiv1PKwBVuJzlLabM90uaFuGcaVo7s+PE3E70TReXsRkUYCR5CtA4ja4JIVf1rMt0WwSb09KnmRFanEfEYPeZX7I44EPIYEAJWRccOTbWb/ywd5tbKJhgJBnTzcsxtvZHR/v
    $
    $ cat id_rsa_for_passphrase.pub
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnIM/b01uMtYWlEyWN7RsIynhTPqodAaMkK5jhWqrLj29FUFHbSZwXaMlbxi1yxsp9VHX/YjFXQjesUv+wv+We2I9gNN/emd1zIrFDIU1sLZTwdPPsZ/nBA9e19tncVvUHk07wFmFGE1pH7mCpVHSjYgqhJYKZFn5RVcTn7lir4pIvjGl94+wNCtTueMsAiH8K+F3gcivwFQK9Gng7Fiv1PKwBVuJzlLabM90uaFuGcaVo7s+PE3E70TReXsRkUYCR5CtA4ja4JIVf1rMt0WwSb09KnmRFanEfEYPeZX7I44EPIYEAJWRccOTbWb/ywd5tbKJhgJBnTzcsxtvZHR/v carlshen@carl-186.local
    $

Reference

留言