如何从ssh-agent提取私钥? [英] How to extract private keys from an ssh-agent?

问题描述

ssh-add -l显示我已将3个RSA密钥添加到我的SSH代理中.

ssh-add -l displays that I have 3 RSA keys added to my SSH agent.

ssh-add -L显示这些公共密钥.

如何获取私钥，以便将其保存到文件中?还是设计使之不可能?然后如何运作?

How do I get the private keys as well, so that I can save them to a file? Or is it by design that this is impossible? How does it work then?

是否可以要求ssh-agent使用私钥进行操作?我如何要求它为我加密/解密号码?

Can ssh-agent be asked to do operations using the private key? How can I ask it to encrypt/decrypt a number for me?

可以的，我必须为此编写代码(编程语言无关紧要)，但是我更喜欢使用现有的工具或库.

It's OK that I have to write code for this (the programming language doesn't matter), but I'd prefer using an existing tool or a library.

推荐答案

使用ssh和ssh-agent之间的协议无法获取私钥或执行加密，但是可以获取私钥通过转储ssh-agent的内存.在Linux上，您必须是root用户才能进行内存转储.

我刚刚找到了有关ssh-agent的工作原理的很好的解释: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html .这部分地回答了我的一些问题.

I've just found a very good explanation about how ssh-agent works: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html . This partially answers some of my questions.

• 代理的一个更聪明的方面是它如何在不向任何人透露该私钥的情况下验证用户的身份(或更准确地说，拥有私钥).

• One of the more clever aspects of the agent is how it can verify a user's identity (or more precisely, possession of a private key) without revealing that private key to anybody.

代理转发的安全性优势之一是用户的私钥永远不会以加密形式出现在远程系统或线路上.

One of the security benefits of agent forwarding is that the user's private key never appears on remote systems or on the wire, even in encrypted form.

因此，SSH客户端与ssh-agent之间的协议在SSH1或SSH2中均不提供从ssh-agent中获取私钥的方法.

Thus the protocol between the SSH client and the ssh-agent proviedes no way in SSH1 or SSH2 to get out the private keys from an ssh-agent.

但是，作为根用户，您可以获取ssh-agent的内存转储，并尝试从中提取私钥. https://blog.netspi.com/stealing-unencrypted- ssh-agent-keys-from-memory 正是这样做的，并且该页面的注释部分还提到了其他软件.但是，该页面上的软件在Debian Buster上对我不起作用:即使ssh-add -l显示了RSA密钥，内存转储也不包含任何密钥.

However, as root you can get a memory dump of ssh-agent, and try to extract the private key from there. https://blog.netspi.com/stealing-unencrypted-ssh-agent-keys-from-memory does exactly that, and there are other pieces of software mentioned in the comment section of that page. However, the software on that page didn't work for me on Debian buster: the memory dump didn't contain any keys, even though ssh-add -l has displayed an RSA key.

这篇关于如何从ssh-agent提取私钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！