Bandit Level 13, OverTheWire, Knowledge

The Goal

This level does not provide a password for the next level. Instead, the home directory contains a private SSH key (sshkey.private) that can be used to log directly into bandit14. The password for bandit14 is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14.

Retrieving the Key

The key can be copied to the local machine using scp. The path in the scp:// URL is relative to the home directory on the remote server, not an absolute path. An initial attempt with the full path fails:

bandit13@bandit:~$ ls

sshkey.private

# From local machine, absolute path fails

$ scp -T scp://bandit13@bandit.labs.overthewire.org:2220/home/bandit13/sshkey.private /home/kali/.ssh/

scp: home/bandit13/sshkey.private: No such file or directory

# Relative path works, resolves to the home directory

$ scp -T scp://bandit13@bandit.labs.overthewire.org:2220/sshkey.private /home/kali/.ssh/

sshkey.private                             100% 1679     7.5KB/s   00:00

Fixing Permissions

OpenSSH refuses to use a private key whose permissions are too open. After copying the key, the initial SSH attempt fails with a warning:

$ ssh bandit14@bandit.labs.overthewire.org -p 2220 -i /home/kali/.ssh/sshkey.private

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Permissions 0640 for '/home/kali/.ssh/sshkey.private' are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

Load key "/home/kali/.ssh/sshkey.private": bad permissions

Tightening the permissions resolves this:

$ chmod 700 ~/.ssh

$ chmod 600 ~/.ssh/sshkey.private

$ ssh bandit14@bandit.labs.overthewire.org -p 2220 -i /home/kali/.ssh/sshkey.private

Welcome to OverTheWire!

Commands Covered

scp -T scp://user@host:port/path /local/dest, copy a file from a remote server
chmod 700 ~/.ssh, restrict the .ssh directory to owner only
chmod 600 ~/.ssh/keyfile, restrict the private key to owner-read only
ssh user@host -p port -i keyfile, connect using a private key instead of a password

← Level 12

Level 14 →

Bandit | Level 13 → Level 14

The Goal

Retrieving the Key

Fixing Permissions

Commands Covered