Recover an SSH private key? (2024)

Table of Contents
5 Answers Not the answer you're looking for? Browse other questions tagged sshputtyopensslrsaprivate-key or ask your own question. FAQs

8

I have an RSA key (generated by PuTTYgen) that's set up for logging in to a bunch of machines via SSH. Or rather, i HAD such a key. (The computer it was on crashed, to the point that a reinstall of XP was required. The private key file is encrypted by the file system, and now that it's basically on what looks like a whole other OS and user, whatever XP would do to decrypt the key apparently can't be done anymore.)

What i have left is an OpenSSL-compatible base64 of the public key (from one of the machines still set up to accept passwords), and of course the passphrase to the key. I might(!) still have an old backup of the registry from before the machine died as well, but would have to search for it. Either way, it sounds like it might not be possible to recover the key file itself. (If it is possible, that'd be great. But the prospects aren't looking good so far.)

Is there any way to recover the private key, if i can't recover the actual file that contained it? Perhaps by importing the public key into PuTTYgen or openssl and doing some reverse thing on it? Contacting all the admins involved and sending them new keys could be a pain, so that's pretty much a last resort.

asked Sep 22, 2010 at 17:04

Recover an SSH private key? (1)

cHaocHao

47311 gold badge33 silver badges1010 bronze badges

7

  • 1

    No. From what I know, you're SOL.

    user3914

    Sep 22, 2010 at 17:40

  • How exactly was your XP box encrypted? Where you using EFS, or Truecrypt, or something else?

    Sep 22, 2010 at 17:51

  • @Zoredache: It was encrypted with EFS, i assume. (I just checked the box in the file attributes that said "Encrypt this file to secure data" or something like that.)

    cHao

    Sep 22, 2010 at 17:54

  • @cHao, was this computer on a domain with Active Directory Certificate services running? If so, your domain admin might have a key to recover the EFS encrypted files with.

    Sep 22, 2010 at 18:14

  • 1

    And you didn't backup your EFS certificates? If you use EFS again please read up about the EFS Best practices

    Sep 22, 2010 at 18:37

| Show 2 more comments

5 Answers

15

Presently the only way of "recovering" the Private key from the Public key is by exhaustive search (brute force). The system was specifically designed this way so that you could issue your public key to anyone without worrying about them being able to figure out your private key.

Edit:
Warning! Simplified explanation ahead!

Assuming you had RSA keys (the most common), the public key has two number in it: n and e. The private key has the same n, and another number d. Originally there were two huge prime numbers p and q which were used to calculate n, d, and e so that n and e could encrypt a text; n and d could decrypt the cyphertext. You have n and e. You can factor n to figure out p and q; the problem is that n is a freaking huge number with tons of possible p and q numbers. Currently there is no known way to do this quickly; I'm not sure if hackers have even bothered with writing tools to try. So in essence, no it's realistically not possible.

When you assign a passphrase to a key, it just does a simple encryption on the private key stored on your computer. The public key isn't affected at all by this. The passphrases are relatively easy to break compared to the private key itself; so this should not be relied on for primary security (you should keep your private key in safe places only).

3

  • So there's way more difference between the keys than just the passphrase used to encrypt them?

    cHao

    Sep 22, 2010 at 17:50

  • The passphrase is only there to protect your private key from being stolen or tampered with. The publik/private keypair are used as part of public key cryptography

    Sep 22, 2010 at 17:59

  • @cHao, see my edit. Also, the passphrase only protects the private key, it doesn't do anything to the public key.

    Sep 22, 2010 at 18:04

Add a comment |

5

I'm pretty sure there's no way of recovering the private key if you have the public key - this would be a big security risk otherwise, because anyone with a public key would then be able to determine the private key from it.

answered Sep 22, 2010 at 17:42

Recover an SSH private key? (3)

RichardRichard

83622 gold badges88 silver badges2121 bronze badges

3

  • If i don't care about the old key, and just want another that can map to the same public key...same problem?

    cHao

    Sep 22, 2010 at 17:48

  • 1

    Yep. Public keys can be publicly available. So if I had a public key which you knew, and you could create a private key which mapped to my public key, you could pretend to be me, and therefore get access to anywhere using my keys for authentication, e.g. my servers.

    Sep 22, 2010 at 17:53

  • 1

    That's called a "key collission" and it's a very bad thing in cryptography, to the point where any algorithm that shows signs of it is pretty much immediately disqualified from use.

    Shadur

    Feb 6, 2016 at 14:36

    See Also
    How to Change SSH Passwords From the CLI [Simple Guide] | Nexcess

Add a comment |

4

If I understand correctly, you want to generate a compatible private key from the public key. If this was possible, the whole system would be pointless. If you do manage it, I'd like to know how to I generate my bank's private key from their SSL certificate.

answered Sep 22, 2010 at 17:56

Recover an SSH private key? (4)

James LJames L

6,00511 gold badge2222 silver badges2626 bronze badges

6

  • 3

    If PuTTY has stored the key in the registry, it will be under HKEY_CURRENT_USER\Software\SimonTatham\PuTTY - if you have a system state backup you might not be as SOL as it first looked.

    Sep 22, 2010 at 17:57

  • I do have my old NTUSER.DAT, iirc. Would that be where HKCU is stored?

    cHao

    Sep 22, 2010 at 18:02

  • @cHao, yes; you can load the hive using regedit and navigate to that key to see if it's there.

    Sep 22, 2010 at 18:05

  • All i see in there are public keys for servers i've connected to, and session settings. The session settings don't seem to have keys set in them...but...LOL! The default settings point to an unencrypted file in \Program Files\PuTTY!

    cHao

    Sep 22, 2010 at 18:13

  • Guess i wasn't protecting stuff as much as i thought i was. :) Oh well. That tip to look in the old registry helped a lot.

    cHao

    Sep 22, 2010 at 18:30

| Show 1 more comment

1

It is absolutely impossible to recover a private key from a public key. You can generate a public from a private, but not the other way around. It is completely impossible, and is also the point of asymmetrical encryption.

Recover an SSH private key? (5)

Robbie Mckennie

1,13311 gold badge88 silver badges2121 bronze badges

answered Sep 22, 2010 at 17:54

Recover an SSH private key? (6)

DrDamnitDrDamnit

34844 silver badges1717 bronze badges

8

  • 1

    I wouldn't say "completely impossible". Anything's possible given enough time and CPU power. :) But yeah, i could definitely see it being infeasible.

    cHao

    Sep 22, 2010 at 17:58

  • 4

    I think the term used is Computationally Infeasible

    Sep 22, 2010 at 18:08

  • 1

    It's not impossible, just Very Hard and it's designed to be hard. Periodically there are improvements in the quality of the attacks that can be brought to bear, and computers are always getting harder and faster, so the key length is made longer. PGP users used to use 512 bit RSA keys, and now 1024 is far more common. Statements of impossibility lead to over-confidence and hubris. Just settle for "designed to be far harder than you should be able to achieve".

    Phil P

    Oct 13, 2010 at 22:00

  • You are wrong to say that you can generate a public key from a private; this is equally difficult.

    Feb 17, 2011 at 22:00

  • 1

    @MadHatter: Private key files tend to have enough info in them to recreate the public key. (OpenSSH files do, at least, and it'd seem Putty's PPK files do too.) While you can't take the actual key and derive the public key from it, if you have the key file, it apparently contains the private key plus the numbers used to generate both keys.

    cHao

    Nov 21, 2011 at 21:04

| Show 3 more comments

The only thing you can do quickly is generate a new set of private and public key sets and replace the public keys on the servers you are trying to access, however, to do this you must have physical access to the servers that you had the public keys stored on before.

If you don't have physical access to the machines it will be virtually impossible for you.

Also, even if you have physical access to the servers, if the hard drives or the area where the keys were stored are encrypted, again, it will be virtually impossible for you.

Doug Pan

answered Feb 17, 2011 at 20:53

Recover an SSH private key? (7)

Doug PanDoug Pan

1

Add a comment |

Not the answer you're looking for? Browse other questions tagged

or ask your own question.

Recover an SSH private key? (2024)

FAQs

How do I recover my SSH private key? ›

You'll need to generate a brand new SSH keypair or switch to HTTPS cloning so you can use a personal access token instead. If you lose your SSH key passphrase, there's no way to recover it. You'll need to generate a brand new SSH keypair or switch to HTTPS cloning so you can use a personal access token instead.

Read On
Can you recover a private key? ›

Key Recovery can be used to re-use or restore a users private key. Key recovery means that server generated keys (and the certificate) of a user is stored, encrypted, in the CAs database. The purpose of this is to be able to recover an encryption key if the user loses the key.

Discover More Details
What if I forgot my RSA passphrase? ›

If you have forgotten this passphrase, there is no way to reset it, and you will have to generate a new SSH key pair.

Continue Reading
How to clear all SSH keys in Linux? ›

Delete SSH Key
  1. SSH to your server.
  2. Edit ~/. ssh/authorized_keys.
  3. Remove the line containing your key.
  4. Save and exit.
Oct 6, 2020

See Details
Can you regenerate SSH key? ›

A key can be duplicated if a server is cloned. This section describes how to change the SSH host key for a particular host, eliminating the events and alarms generated when duplicate hosts are detected. The following steps must be performed: Generate a new SSH key for the monitored host.

Find Out More
Where are SSH private keys stored? ›

By default, your private and public keys are saved in your ~/. ssh/id_rsa and ~/. ssh/id_rsa.

Tell Me More
What happens if you lose private key? ›

If a user loses their private key, they can no longer access the wallet to spend, withdraw, or transfer coins. It is, therefore, imperative to save the private key in a secure location. There are several ways private keys can be stored. They can be written or typed on paper—these are called paper wallets.

Show Me More
Can private keys be decrypted? ›

Information encrypted using the private key can be decrypted only with the public key. Only the holder of the private key can encrypt information that can be decrypted with the public key.

Explore More
How do I extract a private key? ›

Extract .crt and .key files from .pfx file
  1. Start OpenSSL from the OpenSSL\bin folder.
  2. Open the command prompt and go to the folder that contains your .pfx file.
  3. Run the following command to extract the private key: openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]

Continue Reading
Can you recover passphrase? ›

Unfortunately it is not possible to reset your private key passphrase if you do not remember the original. Similarly if you have lost your private key and you do not have a backup, you cannot decrypt your passwords anymore.

Show Me More

How do I regenerate my RSA key? ›

Generating an SSH key
  1. Open the PuTTYgen program.
  2. For Type of key to generate, select SSH-2 RSA.
  3. Click the Generate button.
  4. Move your mouse in the area below the progress bar. ...
  5. Type a passphrase in the Key passphrase field. ...
  6. Click the Save private key button to save the private key.
Dec 13, 2022

Read The Full Story
What is my SSH key passphrase? ›

SSH uses private/public key pairs to protect your communication with the server. SSH passphrases protect your private key from being used by someone who doesn't know the passphrase. Without a passphrase, anyone who gains access to your computer has the potential to copy your private key.

See Details
How do I see all my SSH keys? ›

Checking for existing SSH keys
  1. Open Terminal .
  2. Enter ls -al ~/.ssh to see if existing SSH keys are present. $ ls -al ~/.ssh # Lists the files in your .ssh directory, if they exist.
  3. Check the directory listing to see if you already have a public SSH key. ...
  4. Either generate a new SSH key or upload an existing key.

Get More Info Here
How to reset SSH in Linux? ›

  1. Log in as root.
  2. Use the following commands to start, stop, and restart the sshd service: Copy /etc/rc.d/init.d/sshd start /etc/rc.d/init.d/sshd stop /etc/rc.d/init.d/sshd restart.

Continue Reading
Can I just Delete SSH keys? ›

You can delete unauthorized (or possibly compromised) SSH keys to ensure that an attacker no longer has access to your repositories. You can also approve existing SSH keys that are valid.

View More
Can you use the same SSH key twice? ›

You can't use the same key between accounts. You must create new keys for each individual Bitbucket account. In this case, I would suggest you add this SSH key on this Jenkins user (not as an access key to the repository) and give them read access to the repositories you need.

View Details
Can I reuse the same SSH key? ›

You can reuse your stored keys in various of applications to fit your organization's needs. For more detailed information about creating and using SSH keys with Linux VMs, see Use SSH keys to connect to Linux VMs.

See More
What happens if you overwrite SSH key? ›

Overwriting ssh keys is perfectly fine as long as you know what it means: it's like changing your password so old ssh connections won't work any more.

Learn More
Where are private SSH keys stored in Linux? ›

The private key, also known as identification, is stored in a file named id_rsa in the . ssh directory of the user's home directory -- this is designated as HOME$/ in Windows, and as ~/ in Linux and other Unix-based OSes. The public key is saved in a file with the same name as the private key but with the extension .

Discover More Details
Do SSH keys expire? ›

SSH Key pairs in general do not have an expiration date because they do not have metadata outside of their key strings.

Show Me More

How to get SSH private key in Linux? ›

Generate an SSH Key Pair
  1. Run the ssh-keygen command. You can use the -t option to specify the type of key to create. ...
  2. The command prompts you to enter the path to the file in which you want to save the key. ...
  3. The command prompts you to enter a passphrase. ...
  4. When prompted, enter the passphrase again to confirm it.

Learn More Now
How long is a private key valid for? ›

Private keys do not have an expiration date. They are expired by destroying them. Certificates have expiration dates, and the public key inside certificates - and therefore the certificate itself - relates 1:1 with the private key.

Explore More
Is it possible to trace back the private key from the given public key? ›

It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.

Explore More
What happens if private key is exposed? ›

If an unauthorized person gains access to your private key, they can assume the identity that your certificate is intended to protect (e.g. you, your company, and/or your website).

Continue Reading
Are private keys hackable? ›

Ending up in people losing their funds after their iCloud credentials were compromised. However, private keys are not compromised only through these techniques and can certainly be hacked. In 2022, supply chain attacks and brute force attacks were responsible for a $175 million loss.

Read The Full Story
What is the difference between a private key and a secret key? ›

A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data. Secret keys should only be shared with the key's generator or parties authorized to decrypt the data.

Keep Reading
Where are private encryption keys stored? ›

A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.

Explore More
Is there only one public key for a private key? ›

In public key cryptography, every public key matches to only one private key. Together, they are used to encrypt and decrypt messages.

See Details
How do I access a private key string? ›

Go to 'Settings'. Select 'Security & Privacy'. Scroll down and then click on 'Show private key'. Enter your password.

See More
How do I know if my SSH key is password protected? ›

The easiest way in this case is to run some operation on them using ssh-keygen . If it will ask for a passphrase, it has one (or it is not a ssh key), if not it does not have a passphrase: $ ssh-keygen -yf rsa_enc Enter passphrase: $ ssh-keygen -yf rsa ssh-rsa AAAAB3NzaC1y...

Explore More

How does passphrase recovery work? ›

A passphrase protects your Recovery Seed and is not stored anywhere, meaning if someone compromised your Recovery Seed, they would not be able to access your accounts – unless they also knew each passphrase. You can create any number of new passphrases and associated wallets.

See Details
Where is passphrase stored? ›

1. Passphrases are not stored on the device. Unlike a PIN, which is changeable, protects your physical device from unauthorized access, and is stored on the chip, the passphrase protects your recovery seed and is not stored anywhere.

Keep Reading
How to generate 2048 bit SSH key? ›

Generate an SSH Key Pair on Windows Using the PuTTYgen Program
  1. Run the PuTTYgen program. ...
  2. Set the Type of key to generate option to SSH-2 RSA.
  3. In the Number of bits in a generated key box, enter 2048.
  4. Click Generate to generate a public/private key pair.

Explore More
What does ssh-keygen do? ›

Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

Know More
Are RSA keys obsolete? ›

The ssh-rsa signature scheme has been deprecated since OpenSSH 8.8 which was released in 2021-08-20 (release notes). The reason is as quoted: In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm.

See More
How to generate passphrase for existing SSH key? ›

$ ssh-keygen -p -f ~/.ssh/id_ed25519 > Enter old passphrase: [Type old passphrase] > Key has comment 'your_email@example.com' > Enter new passphrase (empty for no passphrase): [Type new passphrase] > Enter same passphrase again: [Repeat the new passphrase] > Your identification has been saved with the new passphrase.

Discover More Details
How to use SSH key without passphrase? ›

Now, to avoid entering the SSH key passphrase every time:
  1. You will need to use an SSH agent of some kind. For Windows: You will use the OpenSSH Authentication Agent. ...
  2. At your command line prompt, in either case, type ssh-add. If you used the default id_rsa naming for your key, that's all you have to do.
Mar 14, 2023

Show Me More
How do I change my SSH key passphrase? ›

To change your passphrase, you can simply run the ssh-keygen -p command. Specify the location of your current key, and input any old or new passphrases. There is no need to regenerate keys.

Tell Me More
How to get SSH key value? ›

You can run the ssh-keygen utility on your local machine to generate an SSH key-value pair. The ssh-keygen utility generates a pair comprising of a public key and private key. The private key is stored in the file id_rsa while the public key is stored in the file id_rsa.

View More
How do I get more than one SSH key? ›

Table of Contents
  1. Step 1: Double-check if you have an existing SSH key. ...
  2. Step 2a: If you don't have an existing SSH key, generate a new SSH key. ...
  3. Step 2b: Save the SSH key in the according file of your choice. ...
  4. Step 3: Adding the SSH to the ssh-agent. ...
  5. Step 4: Add your SSH private key to the ssh-agent.

Find Out More

Which of the two SSH keys Cannot be transferred to anyone? ›

The id_rsa is the private key, don't want to give this key to anyone. In this case, since we are going to generate two ssh keys, we don't want to keep the default file name, set it to whatever name you want by giving it /Users/sprlwrks/. ssh/file_name .

Continue Reading
How to reset SSH password in Linux? ›

Method
  1. If you have not done so already, enable SSH. See How to enable SSH access for details.
  2. Log in to your server with SSH.
  3. Enter the command:passwd.
  4. Type your password, then press Enter.
  5. When prompted for your current UNIX password, enter your SSH password, then press Enter.
  6. Retype your new password and press enter.

Discover More Details
How to refresh SSH terminal? ›

Procedure to restart sshd daemon
  1. Open the terminal application.
  2. Edit the file /etc/ssh/sshd_config using a text editor such as vi or nano.
  3. Restart sshd service on an Ubuntu or Debian Linux using the following command: sudo systemctl restart ssh.service.
  4. RHEL/CentOS Linux user run: sudo systemctl restart sshd.service.
Sep 18, 2022

See Details
How to resolve SSH issue in Linux? ›

Connection Refused
  1. Verify that the host IP address is correct.
  2. Verify the firewall rules, check the inbound rules allowed by the security group.
  3. Verify the port number allowed for ssh.
  4. Verify that the service is running properly.
Oct 18, 2021

Tell Me More
How to clear keys from ssh-agent? ›

We can use the ssh-add -D command to remove private keys from the ssh-agent when we no longer need them. The -D argument deletes all added keys from the client. There's also a -d parameter (lowercase), which allows us to select individual keys.

Discover More
Can I delete SSH files? ›

Sometimes you would need to remove a file or a folder from the system. To do so using SSH, you would need to execute the appropriate command – rm. This will match all files starting with 'myFile' and ending in '.

See More
Can I use SSH without key? ›

Most notably, there is a key authentication system and a password authentication system. You can actually set up an SSH login on a Linux server which requires no password. However, you do need a key, but you get it from the OpenSSH utility package. This provides you with a key generator on your local computer.

Learn More
Where did my SSH key go? ›

The public part of the key is saved in the id_rsa. pub file, while the private part is saved in the id_rsa file. Both files can be accessed from this location using Explorer: C:\Users\[your user name]\. ssh .

Keep Reading
Where is my SSH key? ›

Open your file explorer. You can now navigate to the hidden “.ssh” directory in your home folder. You should see two new files. The identification is saved in the id_rsa file and the public key is labeled id_rsa.pub.

Keep Reading
Why did my SSH keys disappear? ›

As a security precaution, GitHub automatically deletes SSH keys that haven't been used in a year. GitHub automatically deletes inactive SSH keys to help keep accounts safe, such as after someone leaves a job or loses a computer.

Continue Reading

Does a SSH key expire? ›

SSH Key pairs in general do not have an expiration date because they do not have metadata outside of their key strings.

Discover More Details
How to check private key in Linux? ›

By default, the private key is stored in ~/. ssh/id_rsa and the public key is stored in ~/. ssh/id_rsa. pub .

Discover More
Where are my SSH files? ›

The SSH server has its own set of configuration files, including the SSH server system-wide configuration file named sshd_config. By default, these files reside in the /etc/ssh directory on the remote host.

View Details
How do I access my SSH? ›

How to Connect via SSH
  1. Open the SSH terminal on your machine and run the following command: ssh your_username@host_ip_address. ...
  2. Type in your password and hit Enter. ...
  3. When you are connecting to a server for the very first time, it will ask you if you want to continue connecting.
Sep 24, 2018

View More
Top Articles
Step Review: Modern Banking For Teens
How To Make A Simple Budget
Southwest to begin service between Midway and Denver.
"Catfishing" Is The New Way Southwest Airlines Passengers Are Getting The Best Seats - View from the Wing
Practical Magic 123Movies
Skyward Reedsburg Wisconsin
Watch ESPN - Stream Live Sports & ESPN Originals
CUET 2022 Notification Released by NTA, Check Exam Structure, Paper Pattern and Other Details @ nta.ac.in
MST to EST Converter - Savvy Time
Every Time Zone Converter
Thotsbook Com
Lenscrafters Norridge Photos
Latest Posts
Everything You Should Know About Credit Card Sign-up Bonuses
Build a Budget that Works for Your Goals
Article information

Author: Mrs. Angelic Larkin

Last Updated:

Views: 6689

Rating: 4.7 / 5 (67 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Mrs. Angelic Larkin

Birthday: 1992-06-28

Address: Apt. 413 8275 Mueller Overpass, South Magnolia, IA 99527-6023

Phone: +6824704719725

Job: District Real-Estate Facilitator

Hobby: Letterboxing, Vacation, Poi, Homebrewing, Mountain biking, Slacklining, Cabaret

Introduction: My name is Mrs. Angelic Larkin, I am a cute, charming, funny, determined, inexpensive, joyous, cheerful person who loves writing and wants to share my knowledge and understanding with you.