Can passphrase be embedded into private key file?

1

1

I have the some key file

----BEGIN RSA PRIVATE KEY-----
SOMEGARBAGECHARACTERS
-----END RSA PRIVATE KEY-----

but when I am trying to use it with ssh, it asks for some passphrase:

ssh -i mykey.pem myuser@myserver.amazonaws.com
Enter passphrase for key 'mykey.pem':

Is this just mean that inside this file some keyphrase is encoded? Or does mean something else?

UPDATE

No any DEK lines or something. Only homogeneous mass of random characters.

UPDATE 2

Key file was somehow corrupted. I received it by email and copypasted to text editor. There were no apparent differences but actually they were there. After I opened email with raw editor and copy/pasted key this way -- everythin worked.

As @Jakuje suggested, I used openssl tool and it reported an error.

Dims

Posted 2016-07-20T06:49:58.860

Reputation: 8 464

Is there a "DEK-Info:" line at the top? – user1686 – 2016-07-20T06:51:55.547

1

Some example keys, encoded versus un-encoded here. http://serverfault.com/a/628980/984

– Zoredache – 2016-07-20T06:59:27.767

The passphrase isn't within the private key, the passphrase is only in user memory, the passphrase protect the private key. – dan – 2016-07-20T07:03:25.123

@danielAzuelos I swear I have no passphrase in my memory – Dims – 2016-07-20T07:13:15.463

Then, please describe how you created this (private key, public key) pair. The origin of the problem stands there. – dan – 2016-07-20T09:34:28.120

Did you open your private key with a text editor (vi, emacs, Word, TexteEdit, Pages)? If yes, please consider the answer from @Jakuje. – dan – 2016-07-20T12:20:15.557

Answers

3

OpenSSH asks for passphrase for every garbage input. There is open bug for that upstream. It can be very confusing for a lot of users.

Only way to check what is behind that is to use openssl directly:

openssl rsa -text <mykey.pem

It should ask for a passphrase or report any other error in the key.

Jakuje

Posted 2016-07-20T06:49:58.860

Reputation: 7 981

2

It means the key itself was encrypted using a passphrase. To log in with the key, ssh first needs to decrypt it.

user1686

Posted 2016-07-20T06:49:58.860

Reputation: 283 655

Are you absolutely sure? There is no any DEK lines or something inside file. – Dims – 2016-07-20T07:12:14.007

In that case, see Jakuje's answer. – user1686 – 2016-07-20T11:04:14.717

0

When you create a private key, you can choose to protect it with a password. If you are 100% sure nobody (and no virus or anything) will ever copy that key, you can do without. Same if the key is for something that has no value like a local test machine with nothing of importance on it. Otherwise it's good practise to use a password.

If the private key is protected, the key is encrypted using that password, and you need to use the password to unlock the key. So it's normal that SSH asks for a password to use the key.

SPRBRN

Posted 2016-07-20T06:49:58.860

Reputation: 5 185

Asked: 2016-07-20T06:49:58.860

Viewed: 192 times

Active: 2016-07-20T12:31:22.860