Password protect a pem file
I'd like to SSH into my EC2 instance with a password protected pem file. How do I password protect a pem file? I've done this in the past but can't remember how I did it. I took a pem file generated by AWS and ran some command on it and it generated something that looked like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<BlahBlahBlah>
<encrypted stuff is here>
-----END RSA PRIVATE KEY-----
Then when I SSH into the box, i'm specifying my password protected pem file and it asks me to enter the password before decrypting and sshing in.
I found this: https://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
Which tells me to use this command
ssh-keygen -t rsa -N 'super secret passphrase' -f test_rsa_key
But the resulting encrypted file (that has the correct header i'm looking for) doesn't seem to work. I'm getting "Permission denied (publickey)." when I try to ssh using that encrypted pem file. I am able to SSH into the box with the unencrypted pem file.
Answer
It is because the command you are using generates a new key pair instead of protecting your existing private key.
Try using -p option of ssh-keygen
ssh-keygen -p -f my_private_key
It will prompt you for passphrase and protect your private key.
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
Now if you use my_private_key in ssh, it will prompt for passphrase and it will succeed.
-p Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for
the new passphrase.