There are three ways to access the command line interface in Ubuntu, as on any Linux and UNIX distribution. One is launching the terminal emulator program within the graphical user interface. The other two are about accessing the console directly, independent of the graphical user interface and the windowing system powering it (typically X server), and that’s what we’re concerned with here.

The quickest way to get to the console in Ubuntu is to just press Ctrl-Alt-F1. You will immediately be thrown out of the GUI and into the clean Linux console where you can log in and use the command line. Multiple console terminals are available this way if you press Ctrl-Alt-F2, Ctrl-Alt-F3, and so on.

However, what you might want is to get into the text console when you boot into Ubuntu instead of booting directly into the graphics mode. For that you’ll need to make some configuration changes to your GRUB bootloader. The configuration file you will need to modify is /etc/default/grub, and it is a good idea to make a backup of it first in case you ever want to come back to the original configuration:

sudo cp /etc/default/grub /etc/default/grub.backup

With that out of the way you can start modifying the configuration file by opening it, with superuser privileges, in a text editor such as nano:

sudo nano /etc/default/grub

Enter your password and the file will open. Then look for this line: GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”. Using nano you can search for this line by pressing the Ctrl-W shortcut and typing that line in. You just need to comment it out by putting a hash character in front of it so it looks like this:

# GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

As you might guess this disables booting with the splash screen, and the “quiet” mode, meaning it wouldn’t hide the console output during boot.

Next enable the text mode finding GRUB_CMDLINE_LINUX and adding the “text” option to it. The line will then look like this:

GRUB_CMDLINE_LINUX="text"

This will ensure that you see the text output, but still doesn’t enable the console login. For that find the #GRUB_TERMINAL line, which is likely commented out, uncomment it by removing the # character, and add the “console” option to it so it reads like this:

GRUB_TERMINAL=console

Finally save the file, which in nano you can do by pressing Ctrl-X and then enter, and make sure to update GRUB with the new configuration using the update-grub command:

sudo update-grub

Now you can reboot and Ubuntu should boot in the text mode, and allow you to log in to the console and run the desired commands.

If you need to change or add a passphrase to your existing SSH private key just use ssh-keygen, the same tool which creates the key in the first place. Add the -p option to specify you want to change an existing private key’s passphrase instead of creating a new private key.

Changing SSH key passphrase

Here’s the simplest version of this command, resulting in changing the passphrase of the current user’s private key, stored in ~/.ssh/.

As you can see, you’re asked to confirm the location of the SSH key file, they asked for old passphrase and asked twice for the new passphrase:

greys@server:~$ ssh-keygen -p
Enter file in which the key is (/home/greys/.ssh/id_rsa):
Enter old passphrase:
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

If you have your key elsewhere  or have multiple SSH keys, use the -f option followed by the path to the key file:

greys@server:~$ ssh-keygen -f /home/greys/.ssh/id_rsa2 -p

If you have an existing passphrase ssh-keygen will first ask you to enter that before allowing you to set the new passphrase, and if you haven’t had a passphrase before then it will just allow you to set one.

Adding passphrase to an unencrypted SSH key

Sometimes you have unenrypted SSH private keys. That’s a very bad practice, so you should use ssh-keygen -p to encrypt them as soon as possible.

When we encrypt SSH keys, the risk of SSH key stolen remains the same (still just as easy to copy id_rsa file), but the likelihood of it actually being used is minimised because the key will be encrypted with the passphrase that only you know.

When the SSH key isn’t encrypted, ssh-keygen -p command will not ask for the old passphrase:

greys@server:~$ ssh-keygen -p
Enter file in which the key is (/home/greys/.ssh/id_rsa):
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

Removing passphrase from an SSH key

As bad a practice as it is, removing passphrase protection and encryption from a private SSH key is sometimes necessary, usually when you need to export/import your key into a different keystore.

Use ssh-keygen -p command to remove the passphrase – just press Enter when asked for the new passphrase without typing any phrase.

No Way To Recover Forgotten Passphrase

IMPORTANT: you cannot overwrite a forgotten passphrase. If your SSH key is encrypted, you must have the original passphrase to decrypt the key and save it with the new passphrase. If passphrase is lost, you can’t decript the key so access to it is lost until you recover the passphrase.

Here’s how it will look if you type wrong passphrase:

greys@server:~$ ssh-keygen -p
Enter file in which the key is (/Users/greys/.ssh/id_rsa):
Enter old passphrase:
Failed to load key /Users/greys/.ssh/id_rsa: incorrect passphrase supplied to decrypt private key

See Also

• How To: Generate SSH key
• How To: Change SSH key passphrase
• SSH port
• SSH port forwarding
• How To: Inspect SSH key fingerprints
• SSH