openssl how to protect your .pem key file with a passphrase

Situation/Task: When creating a virtual machine on AWS EC2, you can create and download a new SSH key for this instance.  These keys do not come with passphrase protection.  This means if someone “finds” your key they can use it without restriction.


Action: Good news, we can add a layer of protection by adding a passphrase password on your .pem key file:

  • You can overwrite the existent file but I recommend to do the “output” into a new file
  • test the new file
  • and if you are happy, then delete the original keyfile that is not password protected.

Result: The new file is now protected with a password

sample command:

openssl rsa -in MyEC2_key.pem -out MyEC2_key_protected.pem -aes256

ssh -i MyEC2_key_protected.pem user@server
Enter passphrase for key 'MyEC2_key_protected.pem': ******


Source that helped building this article:


All the best!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.