How To Remove SSL Certificate and SSH Key Passphrase in Linux

Read Time: 2 minsCategories Commandline Tools, Security, SSH Leave a comment
Take Your Linux Skills to the Next Level All courses, certifications, ad-free articles & community — from $8/mo
Join Root →
Ad-free access to all premium articles
Access to all courses: Learn Linux, AI for Linux, Bash Scripting, Ubuntu Handbook, Golang and more.
Access to Linux certifications (RHCSA, RHCE, LFCS and LFCA)
Access new courses on release
Get access to weekly newsletter
Priority help in comments
Private Telegram community
Connect with the Linux community
From $8/mo · or $59/yr billed annually · Cancel anytime

Brief: Have you created a certificate key or private key with a passphrase and wish to remove it? In this guide, we will show how to remove a passphrase using the openssl command line tool and from an ssh private key.

A passphrase is a sequence of words used to secure and control access to a private key. It is a key or secret used to encrypt the file that contains the actual encryption key.

To use the private key for encryption, for instance for ssh public-key-based connections, you are required to decrypt the private key file using the decryption key (the passphrase) – you are prompted to enter the passphrase.

Removing a Passphrase from SSL Certificate using OpenSSL

The header of a TLS/SSL private key with a passphrase looks like what is shown in the following screenshot. The parameter “DEK-Info” stores information required to decrypt the key using the passphrase.

$ cat private.pem
View SSL Private Key Passphrase
View SSL Private Key Passphrase

When you or any application such as NGINX webserver is using the private key, which invokes it for encrypting data, you or the application will be prompted to supply the passphrase before the key can be used, for example:

$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Enter Private Key Passphrase
Enter Private Key Passphrase

To remove the passphrase of an SSL private key using the openssl command line tool, simply copy the old file to a new file name. After, the new private key will not have a passphrase as shown in the following screenshot.

$ openssl rsa -in private.pem -out private_new.pem 
$ cat private_new.pem
Remove SSL Private Key Passphrase
Remove SSL Private Key Passphrase

Remove Passphrase from SSH Private Key

Usually, when you generate an SSH key pair, you are prompted to set a passphrase for the private key as shown in the following screenshot. If you leave it empty, no passphrase is set.

Generate SSH Private Key Passphrase
Generate SSH Private Key Passphrase

When you invoke a private ssh key that has a passphrase, before the ssh client can use the key for the connection, it prompts you to supply the passphrase as shown.

$ ssh -i .ssh/tecmint [email protected]
Enter SSH Private Key Passphrase
Enter SSH Private Key Passphrase

To remove the passphrase, use the ssh-keygen command with the -p option which prompts you for the existing passphrase, and -f to specify the private key file:

$ ssh-keygen -p -f .ssh/tecmint

Enter the old passphrase, and leave the new passphrase empty.

Remove SSH Private Key Passphrase
Remove SSH Private Key Passphrase

[ You might also like: Basic SSH Command Usage and Configuration in Linux ]

That’s all! Remember that is recommended to use passphrases to increase the security of your SSH keys. To share your thoughts with us about this guide, use the comment form below.

Root Plan
Premium Linux Education for Serious Learners

Take Your Linux Skills to the Next Level

Root members get full access to every course, certification prep track, and a growing library of hands-on Linux content — with new courses added every month.

What You Get
Ad-free access to all premium articles
Access to all courses: Learn Linux, AI for Linux, Bash Scripting, Ubuntu Handbook, Golang and more.
Access to Linux certifications (RHCSA, RHCE, LFCS and LFCA)
Access new courses on release
Get access to weekly newsletter
Priority help in comments
Private Telegram community
Connect with the Linux community
Join Root Plan → $8/mo · or $59/yr billed annually Cancel anytime

Previous article:

GhostBSD – A Simple Unix-like Desktop OS Based on FreeBSD

Next article:

An Easy Way to Hide Files and Directories in Linux
Photo of author
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.

Root Plan Premium Linux Education for Serious Learners

Before You Go - Upgrade Your Linux Skills

Root members get everything in one place, with new courses added every month.

What You Get
Ad-free access to all premium articles
Access to all courses: Learn Linux, AI for Linux, Bash Scripting, Ubuntu Handbook, Golang and more.
Linux certifications: RHCSA, RHCE, LFCS and LFCA
Access new courses on release
Weekly newsletter, priority support & Telegram community
Join Root Today and Start Learning Linux the Right Way
Structured courses, certification prep, and a community of Linux professionals - all in one membership.
Join Root Plan →
$8/mo · or $59/yr billed annually