How does the RSA private key passphrase work under the hood?

Question

RSA private keys may be assigned a \"passphrase\" which - as I understand it - is intended to provide some secondary security in case someone makes off with the private key

Answer 1

The passphrase is just a key used to encrypt the file that contains the RSA key, using a symmetric cipher (usually DES or 3DES). In order to use the key for public-key encryption, you first need to decrypt its file using the decryption key. ssh does this automatically by asking your for the passphrase.

If somebody got a hold of the key's file, they wouldn't be able to use it unless they knew the passphrase used to encrypt the file.