Public/Private Key Pairs

Kissell · 12-29-2008, 10:25 AM

So, I setup an RSA public/private key pair for my brother to login to my machine from over the internet using SSH...

But I'm curious how important it is that he protect his private key... what if someone else grabs his private key from his computer? It requires a passphrase, so is it safe even if a hacker obtains that private key file?

How important is it to keep the private key private?

I understand that if you use an unencrypted private key (with no passphrase) that it's very important to protect the key, because anyone who gets the key has access to all systems with the correstponding public key...

But what if you used a passphrase on your private key... and then your private key was leaked on the internet... is it really a concern?

I'm just not really sure how things work... if the passphrase decrypts the key and then the decryption is sent to the server as the private key, then if they guess the passphrase wrong it would be an unsuccessful login attempt at the server, and the server would stop talking to them after a few attempts as long as your using something like "fail2ban".

So, if you can throw unlimited passphrases at a private key, and try to brute force hack it, so what... cause you never know if you successfully decrypted it without using it to login to the server, which only allows a few attempts.

Now, if on the other hand, the private key can be brute force hacked, and it be known that the passphrase was entered successfully without any connection to the server, then yes, the security of the private key is extremely important.

Anyone know which of these two ways the passphrase on the private key works?

jschiwal · 12-29-2008, 10:41 AM

The passphrase unlocks the private key on the client. It isn't sent to the server. As a matter of fact, you can unlock it once with ssh-agent and log into different servers while in the same bash session.

Code:

eval $(ssh-agent)
ssh-add

So it is important that a long passphrase be used. That shouldn't be a problem, because you can use a nonsensical sentence which is very long. Passphrases like "Obama Ate my MATH homework In 1965" are easy to remember but difficult to crack because they are very long.

Read through the sshd_config, ssh_config and ssh manpages. You can use "AllowUsers" to only allow certain usernames. You can include the IP address or hostname in a field of the public key in the authorized_keys file.

---

This isn't about ssh, but an easy demonstration on why strong passwords are important and precautions like using salt for hashes are used.

Take a dictionary word and calculate the md5sum hash.

Code:

$ echo -n 'banana' | md5sum
72b302bf297a228a75730123efef7c41 *-

Next enter the hash into Google Search:
Google Hash: md5(banana) = 72b302bf297a228a75730123efef7c41

sundialsvcs · 12-29-2008, 07:32 PM

First, let me review what a "public/private key pair" is, and what it is for. Then, I'll touch on "passphrases."

A public/private key is used in asymmetric cryptography. Each key works in only one "direction" ... if you use one of the two keys to encrypt a message, only the other can be used to decrypt it. The public key is derived from the private key, and this process cannot be reversed. (Well, not by anyone you or I will ever know... unless your night-job is being a "spook."

)

If someone steals your private key, then yes, they can impersonate you and do everything else that "you" can do.

If your private key is secure, however, then you can use it to issue messages that only a holder of the public key can decrypt. (This effectively proves to them that you must have sent it.) Likewise, anyone holding the public key can send you a message that only you can decrypt.

Le probleme, of course, is "how do you protect your keys?" One way is to use a passphrase. This applies a symmetric encryption to the content of the key: only someone who knows the passphrase can determine the content of the key and therefore use it.

A passphrase is functionally "like a password, only stronger." You have to know the passphrase and you have to be in physical possession of a key. It's like an ATM which requires you both to "know the PIN" and to be in physical possession of a card. (You can replicate an ATM-card by duplicating the magnetic stripe, but it is impractical to forge one... and the PIN is not recognizably encoded on the stripe.)

"Stealing a laptop at the airport" is always a problem that must be dealt with. The first line of defense is to use a passphrase on all keys: this makes it unlikely that a thief will actually be able to use any of the keys. The second line of defense is to issue individual keys. In this way, compromised keys can be revoked ... shutting down the access that they confer, while affecting no one else.

JulianTosh · 01-24-2009, 04:36 AM

^^ what they said, and in addition, get use to using keepassx. Use random passwords for everything and let keepassx store them for you for easy retrieval and use. Protect keepassx database with "Obama Ate my MATH homework In 1965" but everything else, including the passphrase for your ssh private keys with 64 character random goodness.