Skip to main content
🧠Educationalbeginner11 min read
β€’

OverTheWire Bandit Level 14: Using SSH Private Keys for Authentication

OverTheWire Bandit Level 14 walkthrough. Learn how to use SSH private keys for authentication, understand key-based authentication vs. passwords, and connect to localhost using SSH keys.

OverTheWireBanditLinuxbeginnerCTFSSHSSH keysprivate keyauthenticationlocalhost
Share:𝕏inβ¬‘βœ‰
πŸ”—OverTheWire Bandit Series
Part 15 of 34
πŸ“šView all posts in OverTheWire Bandit series

πŸ”‘ OverTheWire Bandit Level 14: Using SSH Private Keys for Authentication

Level 14 introduces SSH key-based authenticationβ€”a more secure alternative to password authentication. Instead of typing a password, you'll use a private SSH key file to authenticate. This is how SSH authentication works in professional environments, and understanding it is essential for penetration testing and system administration.

Level 14 teaches you:

  • Using SSH private keys with the -i flag
  • Understanding key-based authentication
  • Connecting to localhost using SSH
  • Reading password files from /etc/bandit_pass/
  • Why SSH keys are more secure than passwords

This level builds on what you learned about SSH in Level 0, but now you're using keys instead of passwords. This is real-world stuffβ€”most production systems use SSH keys, not passwords.

🎯 The Objective

After logging into bandit13, your goal is to find the password for Level 14. However, instead of finding a password file, you'll find a private SSH key that allows you to authenticate as bandit14 on the same machine (localhost).

What Level 14 teaches:

  • Using SSH private keys with -i flag
  • Understanding key-based authentication
  • Connecting to localhost (the same machine)
  • Reading password files from system directories
  • Why SSH keys are preferred over passwords

The challenge: You have a private SSH key file. Use it to SSH into bandit14@localhost, then read the password from /etc/bandit_pass/bandit14.

πŸ” Understanding the Problem

Let's start by connecting to Level 13 and seeing what we're dealing with:

sshpass -p `cat bandit13` ssh bandit13@bandit.labs.overthewire.org -p 2220

Once connected, let's check what files are in your home directory:

ls -la

You should see a file that looks like an SSH private keyβ€”it might be named sshkey.private, id_rsa, or similar. SSH private keys typically start with -----BEGIN and contain key material.

The problem: How do you use this private SSH key to authenticate to bandit14 on the same machine?

The answer: Use ssh -i to specify the private key file, and connect to bandit14@localhost (localhost means the same machine you're already on).

🧠 Understanding SSH Key Authentication

Let's dive deeper into SSH keys, because understanding them is crucial:

What Are SSH Keys?

SSH keys are a pair of cryptographic keys:

  • Private key β€” Kept secret, never shared (like a password)
  • Public key β€” Can be shared, placed on servers you want to access

How it works:

  1. You generate a key pair (private + public)
  2. You place the public key on the server
  3. You use the private key to authenticate
  4. The server verifies your private key matches the public key

Why SSH Keys Are Better Than Passwords

SSH keys offer several advantages:

  • More secure β€” Much harder to brute force than passwords
  • No password typing β€” Faster and more convenient
  • Can be easily revoked β€” Remove public key from server
  • Industry standard β€” Used in production environments
  • No password transmission β€” Keys are used for challenge-response

Private Key Format

SSH private keys typically look like:

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
...
-----END OPENSSH PRIVATE KEY-----

Or older format:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----

For Level 14: You'll have a private key file that you'll use to authenticate.

πŸ“‹ Step-by-Step Walkthrough

Step 1: Connect to Level 13

sshpass -p `cat bandit13` ssh bandit13@bandit.labs.overthewire.org -p 2220

Step 2: Find the SSH Private Key

List files in your home directory:

ls -la

You should see a file that looks like an SSH private key. It might be named sshkey.private, id_rsa, or similar. Let's check its contents:

cat sshkey.private
# or whatever the filename is

You should see a private key starting with -----BEGIN and ending with -----END.

Step 3: Set Proper Permissions (Important!)

SSH requires private keys to have restrictive permissions. Set them:

chmod 600 sshkey.private

Breaking this down:

  • chmod 600 β€” Sets permissions to read/write for owner only
  • sshkey.private β€” Your private key file

Why this matters: SSH will refuse to use private keys that are too permissive (world-readable). This is a security feature.

Step 4: Use the SSH Key to Connect

Now use the private key to SSH into bandit14 on localhost:

ssh -i sshkey.private bandit14@localhost

Breaking this down:

  • ssh β€” SSH command
  • -i sshkey.private β€” Specifies the identity file (private key)
  • bandit14@localhost β€” User and host (localhost means the same machine)

What localhost means: localhost (or 127.0.0.1) refers to the machine you're currently on. Since you're already on the OverTheWire server, you're connecting to the same machine, just as a different user.

What you'll see: You should be logged in as bandit14 without being prompted for a password!

Step 5: Read the Password

Once logged in as bandit14, read the password file:

cat /etc/bandit_pass/bandit14

What this does: OverTheWire stores passwords for each level in /etc/bandit_pass/<username>. This file contains the password for Level 14.

Output: You should see the password for Level 14.

Step 6: Save the Password

Copy the password and save it on your local machine (not on the remote server):

On Linux/macOS:

echo "PASSWORD_HERE" > bandit14

On Windows (PowerShell):

"PASSWORD_HERE" | Out-File -FilePath bandit14 -NoNewline

Step 7: Connect to Level 14 (Using Password)

Now you can connect to Level 14 using the password:

sshpass -p `cat bandit14` ssh bandit14@bandit.labs.overthewire.org -p 2220

πŸ’‘ Understanding localhost

Let's dive deeper into localhost, because it's an important concept:

What Is localhost?

localhost is a hostname that refers to the current machine:

  • IP address: 127.0.0.1 (IPv4) or ::1 (IPv6)
  • Meaning: "This computer"
  • Use case: Connecting to services on the same machine

Why Use localhost?

In Level 14, you're already on the OverTheWire server. To connect as a different user on the same machine, you use localhost:

ssh -i sshkey.private bandit14@localhost

This connects you to the same server, but as user bandit14 instead of bandit13.

localhost vs. Remote Hosts

localhost:

  • Same machine
  • IP: 127.0.0.1
  • Fast (no network)
  • Used for local services

Remote host:

  • Different machine
  • IP: Actual IP address or domain
  • Network required
  • Used for remote access

For Level 14: We use localhost because we're connecting to the same server as a different user.

πŸ› οΈ Alternative Methods

Here are different ways to use the SSH key:

Method 1: ssh -i with Full Path (Recommended)

ssh -i /home/bandit13/sshkey.private bandit14@localhost

Pros: Explicit, works from anywhere Cons: Longer path

Method 2: ssh -i with Relative Path

cd ~
ssh -i sshkey.private bandit14@localhost

Pros: Shorter, if you're in the right directory Cons: Depends on current directory

Method 3: Copy Key to Standard Location

cp sshkey.private ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh bandit14@localhost

Pros: Uses default key location Cons: More steps, might conflict with existing keys

For Level 14, use Method 1 or 2 β€” they're straightforward and explicit.

πŸ”’ Real-World Context

Why does this matter in penetration testing?

In real security assessments, you'll constantly work with SSH keys:

1. Key-Based Authentication

Most production systems use SSH keys:

  • Servers authenticate users with keys
  • No passwords to brute force
  • More secure than password authentication

Example: Using SSH keys in production:

ssh -i ~/.ssh/production_key user@server.example.com

2. Finding SSH Keys

During penetration tests, you might find:

  • Private keys in configuration files
  • Keys in backup directories
  • Keys in user home directories
  • Keys in version control

Example: Finding SSH keys:

find /home -name "id_rsa" -o -name "*.pem"

3. Key Extraction

If you compromise a system, you might:

  • Extract private keys
  • Use them to access other systems
  • Escalate privileges
  • Move laterally through networks

Example: Using found keys:

chmod 600 found_key
ssh -i found_key user@target

4. Key Management

Understanding SSH keys helps you:

  • Generate secure keys
  • Manage key permissions
  • Rotate keys
  • Revoke compromised keys

Example: Generating new SSH keys:

ssh-keygen -t ed25519 -f ~/.ssh/new_key

5. Localhost Connections

Connecting to localhost is useful for:

  • Testing services
  • Accessing local databases
  • Running local commands as different users
  • Privilege escalation

Example: Using localhost for testing:

ssh -i key user@localhost

The skill you're learning: How to use SSH keys for authentication. This is essential when:

  • Working with production systems
  • Finding and using compromised keys
  • Managing server access
  • Understanding authentication mechanisms
  • Performing privilege escalation

🚨 Common Mistakes

Mistake 1: Wrong Key Permissions

Wrong:

ls -l sshkey.private
# Shows: -rw-r--r-- (world-readable)
ssh -i sshkey.private bandit14@localhost
# Error: Permissions too open

Right:

chmod 600 sshkey.private
ssh -i sshkey.private bandit14@localhost
# Works!

Why: SSH requires private keys to have restrictive permissions (600 = read/write for owner only). This is a security feature.

Mistake 2: Wrong Hostname

Wrong:

ssh -i sshkey.private bandit14@bandit.labs.overthewire.org
# Tries to connect remotely, might not work

Right:

ssh -i sshkey.private bandit14@localhost
# Connects to same machine

Why: The key is for localhost (same machine), not the remote hostname. Use localhost to connect to the same server.

Mistake 3: Missing -i Flag

Wrong:

ssh sshkey.private bandit14@localhost
# Treats sshkey.private as hostname!

Right:

ssh -i sshkey.private bandit14@localhost
# -i specifies the identity file

Why: The -i flag tells SSH which private key file to use. Without it, SSH doesn't know you want to use a key file.

Mistake 4: Wrong Key File

Wrong:

ssh -i public_key bandit14@localhost
# Uses public key instead of private key

Right:

ssh -i private_key bandit14@localhost
# Uses private key

Why: SSH needs the private key, not the public key. Private keys start with -----BEGIN and contain the secret key material.

Mistake 5: Not Understanding localhost

Confusion: "What is localhost? Why do I use it?"

Clarification:

  • localhost means "this computer"
  • In Level 14, you're already on the OverTheWire server
  • Connecting to localhost connects to the same server as a different user
  • This is different from connecting to bandit.labs.overthewire.org (which is the same thing, but localhost is clearer)

For Level 14: Use localhost because you're connecting to the same machine as a different user.

πŸ’» Practice Exercise

Try these to reinforce what you learned:

  1. Check SSH key format:

    cat sshkey.private | head -1
# Should show: -----BEGIN OPENSSH PRIVATE KEY----- or similar

  2. Set key permissions:

    chmod 600 sshkey.private
ls -l sshkey.private
# Should show: -rw------- (600 permissions)

  3. Test localhost connection:

    ssh -i sshkey.private bandit14@localhost
# Should connect without password

  4. Read password file:

    cat /etc/bandit_pass/bandit14
# Shows the password

πŸŽ“ Understanding SSH Key Types

This is a good time to understand SSH key formats:

OpenSSH Format (Modern)

Format: -----BEGIN OPENSSH PRIVATE KEY----- Default: Modern OpenSSH (version 7.8+) Example:

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
...
-----END OPENSSH PRIVATE KEY-----

PEM Format (Legacy)

Format: -----BEGIN RSA PRIVATE KEY----- or -----BEGIN PRIVATE KEY----- Default: Older OpenSSH versions Example:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...
-----END RSA PRIVATE KEY-----

For Level 14: Either format worksβ€”SSH handles both.

πŸ”— What's Next?

Level 15 introduces port forwardingβ€”a technique for accessing services through SSH tunnels. You'll learn to forward ports and access services that aren't directly accessible, which is essential for network security work.

Before moving on, make sure you:

  • βœ… Successfully used an SSH private key with -i flag
  • βœ… Understand key-based authentication
  • βœ… Know what localhost means
  • βœ… Can set proper key permissions with chmod 600
  • βœ… Understand why SSH keys are more secure than passwords

πŸ“š Key Takeaways

After completing Level 14, you should understand:

  1. SSH key authentication β€” Using private keys instead of passwords
  2. ssh -i flag β€” Specifies which private key file to use
  3. localhost β€” Refers to the current machine (127.0.0.1)
  4. Key permissions β€” Private keys must have 600 permissions (read/write for owner only)
  5. Password files β€” OverTheWire stores passwords in /etc/bandit_pass/<username>

🎯 Quick Reference

ProblemSolutionExample
Use SSH keyUse -i flagssh -i keyfile user@host
Set key permissionsUse chmod 600chmod 600 keyfile
Connect to localhostUse localhostssh -i key user@localhost
Read password fileUse catcat /etc/bandit_pass/user
Check key formatUse headhead -1 keyfile

Questions about Level 14 or SSH key authentication? Reach out directly:

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice

Found this helpful? Share it:

Share:𝕏inβ¬‘βœ‰

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Educational

Explore more articles in this category.

Browse 🧠 Educational

Related Articles