Is the password I add to my SSH keys really secure? I heard that the password encryption might be out of date.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
tl;dr if you didn’t use the ed25519 SSH key type or didn’t use the “-o” option to ssh-keygen, your SSH keys are insecure
If you never set a password on your ssh keys, you can ignore all of this. But if you did set a password on your SSH key, and you created your ssh key with the RSA, DSA, or ECDSA key types (RSA is the default), your private key is probably vulnerable to password cracking.
All of this specifically applies to OpenSSH.
What’s going on here?
In January of 2014, ssh version 6.5 was released. One of the new features was a new, optional format for creating private keys. The old format was starting to look like it wouldn’t stand up to brute-force password attacks in the future, so they added a newer, stronger format that would prevent brute forcing.
But they didn’t make this new format the default. It was supposed to become the default, but it never did. The problem was compatibility: if you made a key with the new format, and then tried to use it on an old version of SSH, it wouldn’t work, and this could cause some confusion. So they kept the old format the default for compatibility reasons.
The end result is we’ve been making SSH keys for years with password encryption that’s no longer very secure against brute-force attacks. This website has the technical details: https://latacora.singles/2018/08/03/the-default-openssh.html
But it’s been four years, and most people are now using new versions of SSH that use the new format. Go ahead and run
ssh -V
on all your servers. If it’s version 6.5 or newer, your computers will work with the new key format.First, some brief terminology
How do I make my private key secure?
You have two options: 1) re-encrypt your existing ssh private key, or 2) create a new ed25519 type key.
ssh-keygen -p -o -f (oldfile)
This will re-encrypt your existing private key file. Put in the old password, then the same password again as the new password (or better yet, come up with a different password, in case your key got stolen before).
What if I’m using a version of SSH older than 6.5 on some of my servers?
If those servers only have your public key, don’t sweat it. Only the private key format is changed, so those servers won’t notice.
If those servers have your private key, your best bet is to actually run the following command, and for the new password, don’t enter any password at all:
ssh-keygen -p -f (oldfile)
The reason why you shouldn’t use a password at all (on old versions of SSH) is that if someone gets the private key, they can probably crack the password. If they get the password, then they know what kind of passwords you use, and can attack other accounts you might have. So it’s better to just remove the password entirely than give an attacker one of your passwords.
Why do I need to password-protect my SSH keys anyway?
Your SSH key is like a password that lets you log in to your servers. By keeping these as files on a disk, it’s the same as writing a password to the disk as a plain text file. If somebody gets access to your hard disk, backups, etc, anybody can read it and use it to log into your servers. Password protection means the key file is protected, so if anyone gets the file, nobody can use the keys except you.
Normally you would have to type this password in every time you connected to your server, which can be a pain. But by using an ssh-agent program, you only have to enter this password the first time you start up your computer. You can find a guide (on this page)[http://mah.everybody.org/docs/ssh] and a detailed explanation of (how SSH agents work here)[http://www.unixwiz.net/techtips/ssh-agent-forwarding.html]
Is this for real?
Yes. I have contacted DigitalOcean and asked them to update their official documentation. Some other sites have started update their documentation, like the Arch Linux wiki, GitLab documentation, the Git SCM documentation, and a few others.
You can get more details from this page, including using the ed25519 key type, and adding the -a option to ssh-keygen to increase the level of password protection on your SSH key.