This one goes out to Michael @Voretaq7 Graziano. He’s been sharpening his collection of wiggle blade daggers ever since he discovered that I access one server of mine using a password-less RSA keypair. I finally got around to rectifying that situation the other evening.
Obviously I didn’t want to recreate keypairs on my host machine and break all of the other applications that depend on them. Can one add a password to an existing RSA or DSA private key? Yes! Yes you can!
The key to the situation (pun intended) is to use the –p option for ssh-keygen (assuming that you’re using OpenSSH, of course) and then pointing it to the private key that you want to protect. For example:
ssh-keygen –p –f ~/.ssh/id_rsa
This also works to change the password on an existing protected private key.
Michael, this ssh-agent -D is for you. =)