Your browser does not allow storing cookies. We recommend enabling them.
SSH.COM uses cookies to give you the best experience and most relevant marketing. More info
DECLINE Warning: Some functionality on this site will not work without cookies and our advertising will be less relevant!GOT IT!

PreviousNextUp[Front page] [Index]

Protecting Private Keys with Passwords

Private keys can be encrypted by using the ssh-keytool command (ssh_keytool.exe on Windows). This command can be used to protect the private key of an SSH Tectia Certifier Server, for example.

To set a password, run the following commands for a private key: 

ssh_keytool -o pkcs8s -s password input.prv output.prv
del input.prv
move output.prv input.prv

To change an existing password, run: 

ssh_keytool -o pkcs8s -S oldpass -s newpass input.prv output.prv
del input.prv
move output.prv input.prv

To clear the password, run: 

ssh_keytool -o pkcs8s -S password input.prv output.prv
del input.prv
move output.prv input.prv

If ssh-keytool is used to set a Certifier Server password on Windows, SSH Tectia Certifier cannot be started automatically after reboot. The password is prompted when SSH Tectia Certifier is started from the Start menu under Programs -> SSH Tectia Certifier -> Start -> SSH Certifier.

PreviousNextUp[Front page] [Index]


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now

  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now