Is the password on my SSH keys really secure?

September 17, 2018 3.3k views
Security Networking

Is the password I add to my SSH keys really secure? I heard that the password encryption might be out of date.

1 Answer

tl;dr if you didn’t use the ed25519 SSH key type or didn’t use the “-o” option to ssh-keygen, your SSH keys are insecure

If you never set a password on your ssh keys, you can ignore all of this. But if you did set a password on your SSH key, and you created your ssh key with the RSA, DSA, or ECDSA key types (RSA is the default), your private key is probably vulnerable to password cracking.

All of this specifically applies to OpenSSH.

What’s going on here?

In January of 2014, ssh version 6.5 was released. One of the new features was a new, optional format for creating private keys. The old format was starting to look like it wouldn’t stand up to brute-force password attacks in the future, so they added a newer, stronger format that would prevent brute forcing.

But they didn’t make this new format the default. It was supposed to become the default, but it never did. The problem was compatibility: if you made a key with the new format, and then tried to use it on an old version of SSH, it wouldn’t work, and this could cause some confusion. So they kept the old format the default for compatibility reasons.

The end result is we’ve been making SSH keys for years with password encryption that’s no longer very secure against brute-force attacks. This website has the technical details: https://latacora.singles/2018/08/03/the-default-openssh.html

But it’s been four years, and most people are now using new versions of SSH that use the new format. Go ahead and run ssh -V on all your servers. If it’s version 6.5 or newer, your computers will work with the new key format.

First, some brief terminology

  • private key: a secret chunk of data that SSH uses to create an encrypted connection between you and a server. It’s usually called “id_rsa”, “id_dsa”, “id_ecdsa”, or “id_ed2559”.
  • public key: a public or non-secret piece of data that an SSH server uses to allow you to log-in to it. It’s usually got the same name as the private key but with “.pub” added at the end.

How do I make my private key secure?

You have two options: 1) re-encrypt your existing ssh private key, or 2) create a new ed25519 type key.

1) Just run this command: ssh-keygen -p -o -f (oldfile)

This will re-encrypt your existing private key file. Put in the old password, then the same password again as the new password (or better yet, come up with a different password, in case your key got stolen before).

2) The ed25519 key type automatically uses the newer key format, because old versions of ssh don’t support these keys anyway. Use these if none of your servers are older than SSH version 6.5.

What if I’m using a version of SSH older than 6.5 on some of my servers?

If those servers only have your public key, don’t sweat it. Only the private key format is changed, so those servers won’t notice.

If those servers have your private key, your best bet is to actually run the following command, and for the new password, don’t enter any password at all:
ssh-keygen -p -f (oldfile)

The reason why you shouldn’t use a password at all (on old versions of SSH) is that if someone gets the private key, they can probably crack the password. If they get the password, then they know what kind of passwords you use, and can attack other accounts you might have. So it’s better to just remove the password entirely than give an attacker one of your passwords.

Why do I need to password-protect my SSH keys anyway?

Your SSH key is like a password that lets you log in to your servers. By keeping these as files on a disk, it’s the same as writing a password to the disk as a plain text file. If somebody gets access to your hard disk, backups, etc, anybody can read it and use it to log into your servers. Password protection means the key file is protected, so if anyone gets the file, nobody can use the keys except you.

Normally you would have to type this password in every time you connected to your server, which can be a pain. But by using an ssh-agent program, you only have to enter this password the first time you start up your computer. You can find a guide (on this page)[http://mah.everybody.org/docs/ssh] and a detailed explanation of (how SSH agents work here)[http://www.unixwiz.net/techtips/ssh-agent-forwarding.html]

Is this for real?

Yes. I have contacted DigitalOcean and asked them to update their official documentation. Some other sites have started update their documentation, like the Arch Linux wiki, GitLab documentation, the Git SCM documentation, and a few others.

You can get more details from this page, including using the ed25519 key type, and adding the -a option to ssh-keygen to increase the level of password protection on your SSH key.

Have another answer? Share your knowledge.