4

OK, I have an encrypted ssh private key that provides access to a server. My Ubuntu GNOME desktop has an integrated graphical ssh agent (seahorse v3.2.2). That ssh key is in this ssh agent and it's automatically unlocked when I log into my desktop. I can ssh into the server (which uses this encrypted ssh private key) fine, without having to enter any thing.

However I've forgotten the password for this ssh key.

Is there anyway to extract (from the ssh agent) the unencrypted ssh private key? Since I'm able to log into the server with putting in anything, it is clearly possible for something on my computer to access the unencrypted version of this key, so it should be possible for me to extract the unencrypted version, no?

Amandasaurus
  • 31,471
  • 65
  • 192
  • 253
  • I think the way to extract it would be to first become `root`, then run `gdb` and `attach` to the agent. Once attached, you can use `gcore` to produce a core dump file, which should contain the secret key somewhere. If it is an RSA key, then you just need to search through the core dump for any divisor of `n`. – kasperd Jul 07 '14 at 06:54
  • I know this question is old and has been deemed off-topic, but for reference there is a tool for that: https://wiki.gnome.org/Apps/Seahorse – thoroc Nov 26 '20 at 13:56

3 Answers3

2

By design, you can't. The whole idea of the passphrase is to protect the sensitive password from prying eyes with access to the disk.

vonbrand
  • 1,149
  • 2
  • 8
  • 16
  • 2
    You forgot the fact that user says his desktop have an agent which allows him to use that key even though that user forgot its password. So, while the agent allows access, the private key is unencrypted (at least in that agent's memory area, and maybe onle "when needed" if it monitors every ssh accesses or something and only decrypts the key then). Then at that point when the agent grants access, it is possible to access the unencrypted key from that agent's memory (via root access to the ram) – Olivier Dulac Mar 08 '13 at 15:57
  • -1 Doesn't answer the question given the context of the question. – Greg Schmit Sep 20 '18 at 02:15
  • @OlivierDulac, the agent saves the key, not the passphrase to unlock it. – vonbrand Oct 22 '18 at 02:17
2

I think that your ssh key's password is in your gnome-keyring. This may help you to extract it.

Community
  • 1
Stone
  • 7,011
  • 1
  • 21
  • 33
1

I am not sure I understand your question correctly:

I don't understand why the remote server would "uses this encrypted ssh private key", you speak of it as it's the same encrypted private key on your desktop?? why??

If I omit this phrase (and the remote server just have your PUBLIC key in the remote login's relevant authorized_keys file), then :

  • you (allegedly) forgot a passphrase of your local private key

  • you have an agent which starts at boot and which automatically gives you access to the key (ie, it can use it to grant access when you are connecting via ssh to the remote server, which itself probably have your public key). So the agent knows the passphrase and can decrypt your local private key.

    • are you sure that private key is encrypted? (you could stop the agent and try to :

      ssh -i /path/to/theprivatekey remoteuser@remoteserver

    • if the key really is encrypted: the agent that is run at boot apparently have a way to provide its password. I don't know that agent, but maybe it's via a config file (I hope not), and maybe via some other mechanism (itself could have another encryption which holds the private passphrases? protected in some way, maybe via your own login credentials?). But : once it is loaded and using it (ie, at least when accessing the remote ssh server) it have at one point the unencrypted private ssh key in memory. At that point you can read it if you have root access to your local machine by accessing the ram (but you'll have to find how and where to look).

Hope this helps (and please clarify the obscure parts in your question or correct my assumptions!)

Edit : another options, and much simpler: that agent grants you access : use that to recreate a new pair of private/public keys, and put that new public key (in the appropriate format! depending on the type of remote sshd server!) in the remoteuser@remoteserver's authorized_keys file. in ADDITION to the current one (the one your agent is using). So that you can always use the agent, and also use the new (local)private (remote)public key pair. (read about ssh and how to create those keys and what to do with the public key (ie, put it on the places you need to log to) and private (ie: keep it SAFE, YOUR EYES ONLY, NOT WORLD READABLE even if encrypted with a passphrase).

Olivier Dulac
  • 1,202
  • 7
  • 14