Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-22-2006, 08:16 PM   #1
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Rep: Reputation: 30
SSH Private RSA keys

Hi! I had a question regarding the SSH private key being used when you need to copy it to Windows and generate a .ppk for Putty. I have key based authentication working fine but I had a few questions. First, isn't the id_rsa file supposed to be private(kept on the machine) and not given to anyone? If so why do we copy the id_rsa off the machine instead of the id_rsa.public key to the Windows user? Also why do we need to cat into a authorized_keys file in order for the keys to work? Lastly if my .ppk file gets intercepted in the event that I lose my USB key can someone compromise my system?

Old 11-22-2006, 09:59 PM   #2
LQ Newbie
Registered: Nov 2006
Location: Canberra, Australia
Distribution: OpenBSD 4.2, Solaris 8/9, Suse, Redhat, Slackware
Posts: 7

Rep: Reputation: 0
id_rsa is the private key and for you to keep or convert to Windows .ppk. This is what you use to authenticate yourself against the server's "authorized_keys" where you cat the

If your .ppk falls in the wrong hands and you don't have a passphrase set then yes they can log on to your system.
Old 11-22-2006, 10:40 PM   #3
Registered: Nov 2004
Location: Novi Sad, Serbia
Distribution: Debian, Slackware, Gentoo, openSuSE
Posts: 254

Rep: Reputation: 31
Encrypt your USB key! It's very unwise to wear unencrypted USB key. See encfs.
Old 11-22-2006, 11:25 PM   #4
Wim Sturkenboom
Senior Member
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
If you use a public key encryption, the 'other' party has your public key and you have your private key. In your situation, the other party is your ssh server, so that one will have the public key.

With regards to the last question:
Yes, they can. But a good passphrase will prevent that. My passphrase is about 20 characters. Assuming that there are roughly 72 characters (uppercase, lowercase, numbers and the stuff above the numbers), you have 1.4 e37 possible combinations (72^20). Assume as well that a brute force attack can do 10 e6 attacks per second (feasable with current PCs), it will take 44,447,088,893,843,884,113,135 years (can somebody please pronounce that) to hack.
Even if you only use lower case (26^20 possible combinations), it takes
63,191,745,608,858 years.

So I think that I'm reasonable safe Of course the first hit can be bingo, but it might also be the last one.
Old 11-22-2006, 11:44 PM   #5
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Original Poster
Rep: Reputation: 30
Thanks for the reply guys and the tips. I'll take the encryption into consideration and the pass phrases. I have a better understanding of how keys work now.

Thank you.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public/private keys lord_darkhelmet Linux - Newbie 8 10-29-2005 04:14 PM
SSH Forcing users to use RSA keys XaViaR Linux - Security 8 07-07-2005 01:42 AM
RSA Keys for SSH XaViaR Linux - General 4 07-02-2005 10:15 AM
Working with SSH and multiple private keys IgD Linux - Security 2 09-08-2003 11:07 PM
Help with SSH and public/private keys stodge Linux - Security 5 05-14-2003 02:22 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:13 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration