48

I have server which I am accessing via SSH. I only allow the authentication to be made with private key. Normally when I login via PuTTY, I am first asked for username and then asked for passphrase for the key. Out of curiosity I have created new private key, which should be invalid for my user and I also have put passphrase on it. To my surprise once I provided the user name the key attempted to login with to my server was refused before I have been asked for the passphrase.

I am wondering how can SSH server know that the private key is incorrect if the passphrase for it haven't been provided yet?

Improve this question

2 Answers 2

Reset to default
84

While you've encrypted the private key, the public key is still readable. SSH authentication with the "publickey" method works by having the client send each potential public key to the server, then the server responds telling the client which key is allowed. If one of the keys is allowed, then the client must decrypt the private key to sign a message, proving ownership of the private key.

In your experiment, the server responded saying that none of the provided keys was allowed for your username, so there was no need to decrypt a private key, authentication had already failed.

Improve this answer
12
  • 2
    Theortically a naughty client could send public keys for which it does not have the corresponding private key, correct?
    – Christopher King
    Commented Jan 10, 2019 at 6:18
  • 12
    @PyRulez Yes, but then the server will ask the client to prove it has the corresponding private key. Which it can't.
    – SomeoneSomewhereSupportsMonica
    Commented Jan 10, 2019 at 6:36
  • 10
    Could that information be abused, like testing with all public keys from github to find the owner of a server?
    – Johannes Kuhn
    Commented Jan 10, 2019 at 10:23
  • 2
    @JohannesKuhn You have to supply both username and public key. So you must already know that the username and key go together.
    – Ben
    Commented Jan 10, 2019 at 14:21
  • 2
    If pubkey auth for root is used (which, contrary to a lot of misinformation, is not a bad practice, and generally has much smaller attack surface and lower risk than having su or sudo installed) then root would be a natural candidate to test.
    – R.. GitHub STOP HELPING ICE
    Commented Jan 10, 2019 at 19:34
14

During connection client will sent successively fingerprint of all availables keys to server.

When server signal to client a valid key found, client will use them, then ask for passphrase if needed.

Try to run ssh with debug option:

ssh -o LogLevel=DEBUG3 user@dest

look for fingerprint with

ssh-keygen -l -f .ssh/id_rsa

For checking authorized_keys, line by line:

while read line;do
    ssh-keygen -l -f <(echo "$line")
  done <.ssh/authorized_keys
Improve this answer
1
  • 6
    Note that instead of -o LogLevel=DEBUG3 (lots of typing), -vvv (three times verbose) should also work.
    – Luc
    Commented Jan 9, 2019 at 16:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .