Ssh – Is it really possible to directly steal a private key if it uses no passphrase

encryptionkey-authenticationSecurityssh

I've read in various places, such as in this question that using an ssh key pair without a passphrase allows attackers to steal your private key if they gain access to your account. I assumed that by "steal" it meant they could fairly easily do a brute-force attack to try every possible private key until they found one that matched the public key stored in your account. But the accepted answer on the question above assumes that the private keys are essentially stored in plain text somewhere. This is contrary to what I've always understood to be the case: that since (normally) you wouldn't store your private key on the server–only your public key–the main security risk posed by not using a passphrase is that someone could steal the private key off of your local machine and then use it without needing to also know the passphrase.

Which view is correct? Are private keys somehow easily lifted from a server on which you only placed your public key?

Best Answer

That question is worried about private keys stored on the server unencrypted. It's a scenario like:

workstation 1 ---> gateway -> final server
     ⋮               |
workstation n ------/

and the OP is worried about private keys on "gateway", which is a shared machine with multiple users.

It is not possible to steal the private key by compromising the server, only the machine the key is actually stored on. If you use ssh agent forwarding, then its possible to use the key without stealing it (to log into another machine, for example), if you do not have ssh-agent prompt first.

But you should still encrypt your private keys, in case your workstation is compromised. Or, especially in the case of a laptop, lost or stolen.

Related Solutions

Ssh – How to determine if someone’s SSH key contains an empty passphrase

Well, OpenSSH private keys with empty passphrases are actually not encrypted.

Encrypted private keys are declared as such in the private key file. For instance:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,7BD2F97F977F71FC

BT8CqbQa7nUrtrmMfK2okQLtspAsZJu0ql5LFMnLdTvTj5Sgow7rlGmee5wVuqCI
/clilpIuXtVDH4picQlMcR+pV5Qjkx7BztMscx4RCmcvuWhGeANYgPnav97Tn/zp
...
-----END RSA PRIVATE KEY-----

So something like

# grep -L ENCRYPTED /home/*/.ssh/id_[rd]sa

should do the trick.

Ssh – How to validate an SSH public key

Maybe ssh-keygen -lf authorized_keys is enough.

ssh-keygen -lf authorized_keys
key_read: uudecode AAAAB3Nzaf1a8eEABBABIwAAAQEA1y8gXks+s19QFdLP3ddei
  failed
authorized_keys is not a public key file.

(You may copy the respective line to a separate file before checking.) If the hashing function is too stupid to detect errors then converting back and forth may do:

ssh-keygen -ef id_dsa.pub -m PKCS8 | ssh-keygen -i -f /dev/stdin -m PKCS8

I expect that pipeline to fail in case of formatting errors.

Best Answer

Related Solutions

Ssh – How to determine if someone’s SSH key contains an empty passphrase

Ssh – How to validate an SSH public key

Related Question