Post

Overthewire-Bandit Level 13 - SSH

Posted Updated
By Anthony Yeung 5 min read

image

Ref:

Bandit Level 13

Level Goal The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Look at the commands that logged you into previous bandit levels, and find out how to use the key for this level.

Commands you may need to solve this level ssh, scp, umask, chmod, cat, nc, install

Helpful Reading Material SSH/OpenSSH/Keys

SSH

1
2

ssh bandit13@bandit.labs.overthewire.org -p 2220
FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn

Below is a clear, detailed explanation of SSH public‑key authentication, based on the Ubuntu documentation
https://help.ubuntu.com/community/SSH/OpenSSH/Keys

I’ll explain it step‑by‑step, give real command examples, and include a simple drawing (diagram) so you can visualize how it works.

SSH OpenSSH Keys — Detailed Explanation

1. What problem SSH keys solve

Normally, SSH uses password authentication:

1

Client ──(password)──▶ Server

Problems with passwords:

  • Can be guessed or brute‑forced
  • Must be typed every time
  • Less secure than cryptography

SSH keys replace passwords with cryptographic proof of identity.

2. What is an SSH key pair?

An SSH key pair consists of two mathematically linked files:

Key TypeFile ExampleWhere it lives
Private keyid_rsaClient (your computer)
Public keyid_rsa.pubServer

Private key never leaves your computer
Public key is safe to share

3. High‑level flow (drawing)

1
2
3
4
5
6

+--------------------+             +---------------------+
|   Client Machine   |             |   SSH Server        |
|                    |             |                     |
|  id_rsa (PRIVATE)  |─── prove ──▶|authorized_keys file |
|                    |             |  contains PUBLIC    |
+--------------------+             +---------------------+

The server never sees your private key.

4. Step 1 — Generate the SSH key (client side)

On your local machine, run:

1

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

What happens:

  • -t rsa → RSA key type
  • -b 4096 → strong key size
  • -C → comment for identification

You’ll be asked:

1

Enter file in which to save the key

Press Enter to accept default:

1
2

    ~/.ssh/id_rsa
    ~/.ssh/id_rsa.pub

Optional:

1

Enter passphrase (recommended)

A passphrase protects your private key if stolen.

Files created

1
2
3

    ~/.ssh/
    ├── id_rsa        <-- PRIVATE (keep secret!)
    └── id_rsa.pub    <-- PUBLIC (copy to server)

5. Step 2 — Copy public key to the server

✅ Recommended method

1

ssh-copy-id username@server_ip

This:

  • Logs in using your password (one last time)
  • Appends your public key to: ~/.ssh/authorized_keys

✅ Manual method

If ssh-copy-id is unavailable:

1

cat ~/.ssh/id_rsa.pub | ssh username@server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

6. Server-side file structure

On the server:

1
2

    ~/.ssh/
    └── authorized_keys

Contents example:

1

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ...

Each line = one allowed public key

7. Step 3 — Login using SSH key (no password)

Now connect:

1

ssh username@server_ip

✅ If configured correctly:

  • No password prompt
  • Optional passphrase prompt (local only)

8. What happens during authentication (deep explanation)

Authentication flow (drawing)

1
2
3
4
5
6

1. Client: "Here is my PUBLIC key fingerprint"
2. Server: "I recognize this key"
3. Server: "Prove you own the PRIVATE key"
4. Client: signs random data with PRIVATE key
5. Server: verifies with stored PUBLIC key
6. Access granted ✅

Important security detail

  • The private key is never sent
  • Math proves ownership without exposure

9. Permissions (very important)

Incorrect permissions cause SSH to reject keys.

Client

1
2
3

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Server

1
2

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

10. Common mistakes

ProblemCauseFix
Still asks for passwordWrong permissionsFix chmod
Permission deniedWrong userCheck username
Key ignoredWrong fileUse authorized_keys
Server login disabledSSH configCheck /etc/ssh/sshd_config

Disable password login after key works:

Edit server config:

1

sudo nano /etc/ssh/sshd_config

Set:

1
2

PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH:

1

sudo systemctl restart ssh

✅ Server now accepts only SSH keys

12. Summary diagram (full picture)

1
2
3
4
5
6
7
8
9
10
11
12
13

Client (Laptop)
┌─────────────────────────────┐
│ ~/.ssh/id_rsa   (PRIVATE)   │
│ ~/.ssh/id_rsa.pub (PUBLIC)  │
└───────────────┬─────────────┘
                │
        public key copied
                │
┌───────────────▼─────────────┐
│ Server                        │
│ ~/.ssh/authorized_keys        │
│ contains PUBLIC keys          │
└──────────────────────────────┘

✅ Key Takeaways

  • SSH keys = passwordless, cryptographic login
  • Public key → server
  • Private key → never shared
  • Safer, faster, automatable
  • Standard for Linux admins & cloud servers

If you want, I can:

  • Explain ED25519 vs RSA
  • Show Windows / PuTTY examples
  • Walk through debugging SSH key failures
  • Draw a more advanced diagram with agents (ssh-agent)

#

This is OverTheWire Bandit – Level 13 → 14.

You already have access to bandit13, but instead of a password you’re given a private SSH key that must be used to log in as bandit14.

Below is the exact step‑by‑step solution.

✅ Bandit Level 13 → 14 (Using SSH Private Key)

1️⃣ Log in to bandit13 (if not already)

1

ssh bandit13@bandit.labs.overthewire.org -p 2220

2️⃣ Locate the private SSH key

List files in the home directory:

1

ls

You should see:

1

sshkey.private

Inspect it (optional):

1

cat sshkey.private

⚠️ Do not copy this key outside the server.

3️⃣ Fix SSH key permissions (IMPORTANT)

SSH will refuse to use a key that’s readable by others.

Run:

1

chmod 600 sshkey.private

Verify:

1

ls -l sshkey.private

Expected:

1

-rw------- 1 bandit13 bandit13 ...

4️⃣ Log in as bandit14 using the private key

Use the -i option with ssh:

1

ssh -i sshkey.private bandit14@bandit.labs.overthewire.org -p 2220

✅ You are now logged in as bandit14

5️⃣ Read the password for the next level

Now that you are bandit14, you have permission to read the file:

1

cat /etc/bandit_pass/bandit14

🎉 That output is the password for bandit15

✅ Summary of Commands Used

1
2
3
4

ls
chmod 600 sshkey.private
ssh -i sshkey.private bandit14@bandit.labs.overthewire.org -p 2220
cat /etc/bandit_pass/bandit14

🧠 Why this works

  • The file is readable only by user bandit14
  • The SSH private key authenticates you as bandit14
  • SSH enforces strict file permissions on private keys
  • Password login is disabled for this level

If you want, I can:

  • Explain how SSH keys work internally
  • Help with bandit14 → bandit15
  • Show how this maps to real-world Linux security
Linux
Linux
This post is licensed under CC BY 4.0 by the author.