You should, as with all password/passphrase based systems, occasionally change your passphrase. You can do this by using the "-p -t dsa" directive in conjunction with ssh-keygen. Assuming we would like to change the passphrase for the key pair we just generated above, we would issue the following command:
[WOMBATNET:/home/wombat]
$ ssh-keygen -p -t dsa
Enter file in which the key is (/home/wombat/.ssh/id_dsa):
Enter old passphrase:
Key has comment '/home/wombat/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
We are required to specify the type, "-t dsa" and then to enter our old passphrase and new passphrase twice to confirm the correct entry before the change takes place.
NOTE: If you forget your old passphrase, you will have to destroy the existing key pair and generate a new key pair using ssh-keygen. The essential point in passphrase selection is to compose a passphrase that is easy to remember but difficult for anyone else to guess. Again, special sentences make highly effective passphrases, for example "my1pets_name3is_fangg.5sit_fangg".
If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.