LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-17-2015, 03:32 PM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
Passphrase on SSH Key


If I run this...
Code:
ssh-keygen

Where is the Passphrase stored?

How is it stored?


(I am on a Mac with OS-X 10.8)


Rob
 
Old 02-17-2015, 04:00 PM   #2
millgates
Member
 
Registered: Feb 2009
Location: 192.168.x.x
Distribution: Slackware
Posts: 840

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
From ssh-keygen man page:

Quote:
Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/identity,
~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the sys‐
tem administrator may use this to generate host keys, as seen in /etc/rc.

Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
name but “.pub” appended.
Passphrases and passwords are not usually stored in the computer (that would be a security risk). Only their hashes are.
 
Old 02-17-2015, 04:10 PM   #3
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by millgates View Post
From ssh-keygen man page:

Passphrases and passwords are not usually stored in the computer (that would be a security risk). Only their hashes are.
So the file ~/.ssh/id_rsa just contains a hash?

Any clue as to which hash is used?

And how secure is it?

Is there anything a person would want to do to protect the id_rsa file?


Rob
 
Old 02-17-2015, 04:38 PM   #4
millgates
Member
 
Registered: Feb 2009
Location: 192.168.x.x
Distribution: Slackware
Posts: 840

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
As far as I understand it, the passphrase is used as one of the parameters for generating the private key. There is also a random part (I thing it's called salt) that contributes to both private and public key. If you rerun ssh-keygen, you'll end up with a different public and private keys. Changing the passphrase will only affect the private key.
The point of cryptographic hashes that if you know the password, it is easy to compute the hash, but if you know the hash, it is impossible (or, at least very difficult) to find the password. So, even if someone knows the hash, they're still a long way from breaking in. Still, setting the read permissions on your private key file so that nobody else can read it doesn't hurt.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
No key available with this passphrase packets Linux - Security 3 06-09-2013 07:46 AM
SSH not saving key passphrase. Trying every key Wnt2bsleepin Linux - Software 0 05-27-2013 10:45 PM
ssh inside ssh asks for "Enter passphrase for key..." hedpe Linux - Newbie 1 04-30-2012 10:20 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 04:20 AM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 07:21 PM


All times are GMT -5. The time now is 03:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration