diff --git a/internal/db/models/node_grant_dao.go b/internal/db/models/node_grant_dao.go
index 10d6eda9..4ddfe3e6 100644
--- a/internal/db/models/node_grant_dao.go
+++ b/internal/db/models/node_grant_dao.go
@@ -73,7 +73,7 @@ func (this *NodeGrantDAO) FindNodeGrantName(tx *dbs.Tx, id uint32) (string, erro
 }
 
 // CreateGrant 创建认证信息
-func (this *NodeGrantDAO) CreateGrant(tx *dbs.Tx, adminId int64, name string, method string, username string, password string, privateKey string, description string, nodeId int64) (grantId int64, err error) {
+func (this *NodeGrantDAO) CreateGrant(tx *dbs.Tx, adminId int64, name string, method string, username string, password string, privateKey string, passphrase string, description string, nodeId int64) (grantId int64, err error) {
 	op := NewNodeGrantOperator()
 	op.AdminId = adminId
 	op.Name = name
@@ -87,6 +87,7 @@ func (this *NodeGrantDAO) CreateGrant(tx *dbs.Tx, adminId int64, name string, me
 	case "privateKey":
 		op.Username = username
 		op.PrivateKey = privateKey
+		op.Passphrase = passphrase
 	}
 	op.Description = description
 	op.NodeId = nodeId
@@ -96,7 +97,7 @@ func (this *NodeGrantDAO) CreateGrant(tx *dbs.Tx, adminId int64, name string, me
 }
 
 // UpdateGrant 修改认证信息
-func (this *NodeGrantDAO) UpdateGrant(tx *dbs.Tx, grantId int64, name string, method string, username string, password string, privateKey string, description string, nodeId int64) error {
+func (this *NodeGrantDAO) UpdateGrant(tx *dbs.Tx, grantId int64, name string, method string, username string, password string, privateKey string, passphrase string, description string, nodeId int64) error {
 	if grantId <= 0 {
 		return errors.New("invalid grantId")
 	}
@@ -114,6 +115,7 @@ func (this *NodeGrantDAO) UpdateGrant(tx *dbs.Tx, grantId int64, name string, me
 	case "privateKey":
 		op.Username = username
 		op.PrivateKey = privateKey
+		op.Passphrase = passphrase
 	}
 	op.Description = description
 	op.NodeId = nodeId
diff --git a/internal/db/models/node_grant_model.go b/internal/db/models/node_grant_model.go
index 557fdaa9..b6cc6bab 100644
--- a/internal/db/models/node_grant_model.go
+++ b/internal/db/models/node_grant_model.go
@@ -9,7 +9,8 @@ type NodeGrant struct {
 	Username    string `field:"username"`    // 用户名
 	Password    string `field:"password"`    // 密码
 	Su          uint8  `field:"su"`          // 是否需要su
-	PrivateKey  string `field:"privateKey"`  // 密钥
+	PrivateKey  string `field:"privateKey"`  // 私钥
+	Passphrase  string `field:"passphrase"`  // 私钥密码
 	Description string `field:"description"` // 备注
 	NodeId      uint32 `field:"nodeId"`      // 专有节点
 	Role        string `field:"role"`        // 角色
@@ -25,7 +26,8 @@ type NodeGrantOperator struct {
 	Username    interface{} // 用户名
 	Password    interface{} // 密码
 	Su          interface{} // 是否需要su
-	PrivateKey  interface{} // 密钥
+	PrivateKey  interface{} // 私钥
+	Passphrase  interface{} // 私钥密码
 	Description interface{} // 备注
 	NodeId      interface{} // 专有节点
 	Role        interface{} // 角色
diff --git a/internal/installers/credentials.go b/internal/installers/credentials.go
index 0b78a242..0745fd12 100644
--- a/internal/installers/credentials.go
+++ b/internal/installers/credentials.go
@@ -6,5 +6,6 @@ type Credentials struct {
 	Username   string
 	Password   string
 	PrivateKey string
+	Passphrase string
 	Method     string
 }
diff --git a/internal/installers/installer_base.go b/internal/installers/installer_base.go
index e22f734d..51b3314b 100644
--- a/internal/installers/installer_base.go
+++ b/internal/installers/installer_base.go
@@ -59,7 +59,13 @@ func (this *BaseInstaller) Login(credentials *Credentials) error {
 			methods = append(methods, authMethod)
 		}
 	} else if credentials.Method == "privateKey" {
-		signer, err := ssh.ParsePrivateKey([]byte(credentials.PrivateKey))
+		var signer ssh.Signer
+		var err error
+		if len(credentials.Passphrase) > 0 {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(credentials.PrivateKey), []byte(credentials.Passphrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(credentials.PrivateKey))
+		}
 		if err != nil {
 			return errors.New("parse private key: " + err.Error())
 		}
diff --git a/internal/installers/installer_ns_node_test.go b/internal/installers/installer_ns_node_test.go
index a8ee85f0..fdd561e1 100644
--- a/internal/installers/installer_ns_node_test.go
+++ b/internal/installers/installer_ns_node_test.go
@@ -6,7 +6,7 @@ import (
 )
 
 func TestDNSNodeInstaller_Install(t *testing.T) {
-	var installer InstallerInterface = &DNSNodeInstaller{}
+	var installer InstallerInterface = &NSNodeInstaller{}
 	err := installer.Login(&Credentials{
 		Host:       "192.168.2.30",
 		Port:       22,
diff --git a/internal/installers/queue_node.go b/internal/installers/queue_node.go
index e5554f55..0fa291b2 100644
--- a/internal/installers/queue_node.go
+++ b/internal/installers/queue_node.go
@@ -185,6 +185,7 @@ func (this *NodeQueue) InstallNode(nodeId int64, installStatus *models.NodeInsta
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
@@ -274,6 +275,7 @@ func (this *NodeQueue) StartNode(nodeId int64) error {
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
@@ -379,6 +381,7 @@ func (this *NodeQueue) StopNode(nodeId int64) error {
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
diff --git a/internal/installers/queue_ns_node.go b/internal/installers/queue_ns_node.go
index 88b42038..1d305bfa 100644
--- a/internal/installers/queue_ns_node.go
+++ b/internal/installers/queue_ns_node.go
@@ -185,6 +185,7 @@ func (this *NSNodeQueue) InstallNode(nodeId int64, installStatus *models.NodeIns
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
@@ -274,6 +275,7 @@ func (this *NSNodeQueue) StartNode(nodeId int64) error {
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
@@ -379,6 +381,7 @@ func (this *NSNodeQueue) StopNode(nodeId int64) error {
 		Username:   grant.Username,
 		Password:   grant.Password,
 		PrivateKey: grant.PrivateKey,
+		Passphrase: grant.Passphrase,
 		Method:     grant.Method,
 	})
 	if err != nil {
diff --git a/internal/rpc/services/service_node_grant.go b/internal/rpc/services/service_node_grant.go
index c4b09c61..3640c3fc 100644
--- a/internal/rpc/services/service_node_grant.go
+++ b/internal/rpc/services/service_node_grant.go
@@ -26,7 +26,7 @@ func (this *NodeGrantService) CreateNodeGrant(ctx context.Context, req *pb.Creat
 
 	tx := this.NullTx()
 
-	grantId, err := models.SharedNodeGrantDAO.CreateGrant(tx, adminId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Description, req.NodeId)
+	grantId, err := models.SharedNodeGrantDAO.CreateGrant(tx, adminId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId)
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func (this *NodeGrantService) UpdateNodeGrant(ctx context.Context, req *pb.Updat
 
 	tx := this.NullTx()
 
-	err = models.SharedNodeGrantDAO.UpdateGrant(tx, req.NodeGrantId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Description, req.NodeId)
+	err = models.SharedNodeGrantDAO.UpdateGrant(tx, req.NodeGrantId, req.Name, req.Method, req.Username, req.Password, req.PrivateKey, req.Passphrase, req.Description, req.NodeId)
 	return this.Success()
 }
 
@@ -162,6 +162,7 @@ func (this *NodeGrantService) FindEnabledNodeGrant(ctx context.Context, req *pb.
 		Password:    grant.Password,
 		Su:          grant.Su == 1,
 		PrivateKey:  grant.PrivateKey,
+		Passphrase:  grant.Passphrase,
 		Description: grant.Description,
 		NodeId:      int64(grant.NodeId),
 	}}, nil
@@ -231,7 +232,12 @@ func (this *NodeGrantService) TestNodeGrant(ctx context.Context, req *pb.TestNod
 			methods = append(methods, authMethod)
 		}
 	} else if grant.Method == "privateKey" {
-		signer, err := ssh.ParsePrivateKey([]byte(grant.PrivateKey))
+		var signer ssh.Signer
+		if len(grant.Passphrase) != 0 {
+			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(grant.PrivateKey), []byte(grant.Passphrase))
+		} else {
+			signer, err = ssh.ParsePrivateKey([]byte(grant.PrivateKey))
+		}
 		if err != nil {
 			resp.Error = "parse private key: " + err.Error()
 			return resp, nil