bash - Security concerns of displaying ssh private key

05
2014-04
  • LeartS

    I've made I huge mistake, or at least I think it is: I've "catted" my private SSH key

    cat ~/.ssh/id_rsa

    I'm now afraid that I've created a security hole, allowing other users to see my private key by looking at bash/scrollback history or using other methods. So, my questions:

    1. Did I really compromise the security of my SSH keypair?
    2. Are there 'sufficiently secure' ways of patching it, excluding the obvious (and most secure) way of creating a new keypair?

    (NOTE: i'm the only user of the machine so I'm actually not that concerned in my specific case, but I thought this would be and interesting question.)

    • Answers
  • grawity

    No, you didn't. Think about it – you only displayed on screen the exact same data that is already stored on your harddisk. And if anyone could access your scrollback or your history, they could just as well read the id_rsa file directly.

    Besides, your shell's history – even if it was readable to other users (which it isn't) – only contains commands, not their output. So all it'll have is a line with cat ~/.ssh/id_rsa in it.

    The scrollback history, for most terminals, is stored entirely in memory. (libvte-based terminals sometimes use a backing file in /tmp, but that's either a tmpfs or is located in the same disk as your ~/.ssh, anyway...) So it becomes irrelevant once you close the terminal. And either way it is only accessible to you, of course.

    And very often, the private key itself is encrypted with a passphrase and is unusable unless you decrypt it when ssh asks to.


    • Related Question

    security - Is it a bad idea to use the same private ssh key on multiple computers?
  • Jason Creighton

    I recently bought a laptop from which I need to access the same remote hosts that I do from my desktop. It occurred to me that it might be possible to simply copy the private key file from my desktop to my laptop and avoid having to add a new key to the ~/.ssh/authorized_keys files on all the hosts I want to access. So my questions are:

    1. Is this even possible?
    2. Are there any non-obvious security implications?
    3. Sometimes I will log into my desktop from my laptop. If there were using the same key, would that cause any problems?

    • Related Answers
  • jtimberman

    Yes, this is possible. Your private key isn't tied to a single machine.

    Not sure what you mean by non-obvious, that's often subjective ;). It's not a bad idea at all if you make sure you have a very strong passphrase set, 20 characters at least.

    There are no issues about connecting with the same key as your desktop. I would set up an ssh agent for your key on the laptop, and forward the agent to the desktop, so you'll be using that key on other systems you access from there.

    From the ssh-agent man page on a Linux system:

    ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh(1).

    You would run this on your laptop, either the ssh-agent program on Linux/Unix (it comes with OpenSSH), or with puTTY agent if you're using Windows. You do not need the agent running on any remote systems, it purely keeps your private key in memory on the local system so you only have to enter your passphrase one time, to load the key in the agent.

    Agent forwarding is a feature of the ssh client (ssh or putty) that simply persists the agent through to other systems through the ssh connection.

  • Matthew Schinckel

    I used to use a single private key across all of my machines (and some of them I am a user only on, not an admin), but recently changed this. It works having the one key, but means if you need to revoke the key (if it is compromised), then you will need to change it on all machines.

    Of course, if an attacker gets access and is able to ssh into another machine, they can then get the key from that machine, and so on. But it makes me feel a little safer to know I can revoke just one key, and lock that machine out. It does mean I need to remove the key from the authorized_keys file, though.