How do I know if *.pem is password protected using ssh-keygen?
I have got a file myfile-privkey.pem
.
How do I check if the private key file is password protected using ssh-keygen?
ssh-keygen -y -f myfile-privkey.pem
If the key is password protected, you will see a "password:" prompt.
The flags in this command are:
-y Read private key file and print public key.
-f Filename of the key file.
As extra guidance, always check the command someone, especially online, is telling you to use when dealing with your private keys.
It is pretty easy to see if an SSH key has been encrypted. Simply look for the Proc-Type: 4,ENCRYPTED
in the body. Here are a few example keys in various forms.
RSA with password
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,AF51A101888567A12C6E384AFBD2B963
AAp6xVAtPP/qmr8T1WjAac8jjfQmToW8Hd4ik95zA/fkH2SJgy7hwuyl1AuVyQuq
RSA without password
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAwwXQEPzdutisd8Wl/TSNrp4HVnY7R87at30OiN46GcPPcV6q
DSA with password
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2B9F1E1503F57CCC663397AB03CBF3F9
MVJ+F/AoJKW/XGtx0N2yrmLfJc276XIZzGYHRuCHmxUXlRkWpmi9gSUO8bNWgymf
DSA without password
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQD1qn6U7ve6yqHTu1XuiOyF/9A+n3MJFXNrTt9jHg7Pn5zssqwO
ECDSA with password
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,5A3BB12B9B9E17A9A569001A0498969D
LrGoz5tXNI4KMxx7zb1H6beJZ8kEwc2FLLglD0kNzilTLeNMooC1NoMNhRD9XCo6
ECDSA without password
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILU3EwLQa2rSZdIMkbiE5VDrjlcoeJEF5IsYfGy0Hz4JoAoGCCqGSM49
AwEHoUQDQgAEHJCNvU9hVeByhp9CpSmvHphb82iSp52pL0ZJqVvqFY/swXPB1NMU
If the following command asks for the key then it is password protected.
openssl rsa -in myfile-privkey.pem -noout
If is not protected, you can setup the password:
ssh-keygen -p -P "" -N "strong-password" -f unprotected.pem