How to check if an SSH private key has passphrase or not?

  • Let's say I have access to the private portion of an RSA key-pair. How can I check if this key has associated passphrase or not?

    trying to use it

    @Ayozint Now sit back and wait for the questions on how to set up a dummy ssh server for the purpose, and how to kill a `ssh` process prematurely from a script after matching the string asking for a password.

  • gowenfawr

    gowenfawr Correct answer

    5 years ago

    The keyfile will have a different header if it is password protected. Here's the top of a key without a passphrase:

    -----BEGIN RSA PRIVATE KEY-----
    MIIEogIBAAKCAQEA3qKD/4PAc6PMb1yCckTduFl5fA1OpURLR5Z+T4xY1JQt3eTM
    

    And here's the top of a key which is passphrase-protected:

    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,556C1115CDA822F5
    
    AHi/3++6PEIBv4kfpM57McyoSAAaT2ECxNOA5DRKxJQ9pr2D3aUeMBaBfWGrxd/Q
    

    Unfortunately, that only works looking at the files. I know of no way for a server to be able to tell if the keys being presented to it were protected with a passphrase, which is the most useful place to be able to leverage that sort of info.

    A solution based on the timing could work. In case of an unencrypted key, the response is usually sent instantly as soon as the server sends the challenge, where as for an encrypted one it takes at least a few seconds for the user to enter the passphrase to decrypt the key.

    @AndreBorie, unfortunately the client can't be trusted. Normal usage may have no delay if a key agent is caching the (phrased) key, and a malicious client could introduce fake delays to "mimic" unlocking the key... We went through the same thing 20 years ago with "timing analysis of password entry" on protocols like telnet :)

    More generally, encryption of the key is a totally *client-side* operation. If you want to know that the key is encrypted, it needs to live and be decrypted server-side. But then the server has the decrypted private key, which rather defeats the point of asymmetric cryptography.

    This answer is not correct (anymore). A priv key not showing the `proc-type` and `DEK` headers can very well be encrypted.

    @GerardJP I interpret the answer as saying that if the `proc-type` and `DEK` header lines are missing, then it is not password protected. I don't think it is talking about whether or not something is encrypted.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM