OpenSSH - Protecting private keys

Martin Kleppmann gives a extensive look at OpenSSH‘s private key encryption. He shows that using the default encryption scheme the private key is very low protected.

Using the PKCS #8 (Private-Key Information Syntax Standard) the private key can be protected by the encryption algorithm of your choice. To get the list of supported ciphers in OpenSSL use:

$ openssl list-cipher-commands

On a Debian wheezy system you might choose camellia-256-cbc, on Debian squeeze you might choose aes-256-cbc to encrypt your private keys. The following script encrypts your default RSA and DSA private key files:



set -e
umask 0077
for alg in rsa dsa; do
    mv ~/.ssh/id_$alg ~/.ssh/id_$alg.old
    openssl pkcs8 -topk8 -v2 $cipher -in ~/.ssh/id_$alg.old -out ~/.ssh/id_$alg
    rm ~/.ssh/id_$alg.old

Comments !