Please follow this guide to encrypt your SSH private keys
Self-managed devices
Users on self-managed devices are strongly advised to review the security of their SSH keys and remove them if the are not protected with a passphrase.
You will know if your keys are protected with a passphrase if your get prompted for it when you try to connect to ‘frank’ or any other Compute Server.
Bellow you will find some guidelines to find out if you have unprotected SSH keys for the 3 main Operating Systems:
SSH Private keys generated using Putty or MobaXterm have the extension .ppk. Search your Windows device for files with such extension.
Open the file with Notepad (or any text editor).
Secure Private SSH Key
A secure private key protected with a passphrase has something like that at the top (attention at the ‘Encryption‘ line) :
PuTTY-User-Key-File-2: ssh-rsa Encryption: aes256-cbc Comment: rsa-key-20171114 Public-Lines: 6
The ‘Encryption‘ line shows the encryption algorithm used to protect your private key when you generated.
Unprotected Private SSH Key
An unprotected private key has something like that at the top (attention at the ‘Encryption‘ line) :
PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20200506 Public-Lines: 6
If your private key mentions there is no Encryption, as above, DELETE the private and public keys immediately and generate a new one, following our guide here: http://support.eecs.qmul.ac.uk/services/ssh/
On your self-managed Linux device, open a Terminal and run the following command on your Private SSH key:
$ ssh-keygen -y -P "" -f <PATH_TO_PRIVATE_SSH_KEY>
Secure Private SSH Key
If the output of the command is incorrect passphrase supplied to decrypt private key , it means your key is already encrypted. For example:
$ ssh-keygen -y -P "" -f /home/harry/.ssh/id_rsa_encrypted Load key "/home/harry/.ssh/id_rsa)_encrypted": incorrect passphrase supplied to decrypt private key
Unprotected Private SSH Key
If the output is the Public Key, associated to that particular private key, it means your key is not protected, for .e.g:
$ ssh-keygen -y -P "" -f /home/harry/.ssh/id_rsa_no_encryption ssh-rsa AAFFGFFFAAB3NzaC1yc2EAAAADAQABAAABAQDEzlgGMuIV1dRHo5E7CJbOF8QHMz2G/ndqP8GwKzmqS5jKiwghAKprp1vB2Q5jcHIN7/ycOEYQw4HzvHqKd2BpygArQCiMqnkgHVRogzJEUIuQ0qNAe2ao+krCJz12Ihz
On your self-managed MacOS device, open a Terminal and run the following command on your Private SSH key:
$ ssh-keygen -y -P "" -f <PATH_TO_PRIVATE_SSH_KEY>
Secure Private SSH Key
If the output of the command is incorrect passphrase supplied to decrypt private key , it means your key is already encrypted. For example:
$ ssh-keygen -y -P "" -f /home/harry/.ssh/id_rsa_encrypted Load key "/home/harry/.ssh/id_rsa)_encrypted": incorrect passphrase supplied to decrypt private key
Unprotected Private SSH Key
If the output is the Public Key, associated to that particular private key, it means your key is not protected, for .e.g:
$ ssh-keygen -y -P "" -f /home/harry/.ssh/id_rsa_no_encryption ssh-rsa AAFFGFFFAAB3NzaC1yc2EAAAADAQABAAABAQDEzlgGMuIV1dRHo5E7CJbOF8QHMz2G/ndqP8GwKzmqS5jKiwghAKprp1vB2Q5jcHIN7/ycOEYQw4HzvHqKd2BpygArQCiMqnkgHVRogzJEUIuQ0qNAe2ao+krCJz12Ihz