print private key to stdout
I'm trying to print the contents of private key file to stdout using ssh-keygen tool
ssh-keygen man pages has options like
-e -i -f for exporting and importing a key file. However am not getting it.
Edit:
My scenario:
Consider 2 users user1 and user2
user1 is a higher privileged user.
user2 is a low privileged user who can run ssh-keygen binary as user1 (sudo).
now user2 needs to see private key content(cat). but this cannot be done. Because the private key permissions is set to 600.
How can i acheive this or my assumption is anyway wrong?
ssh
asked 2 days ago
GoronGoron
13
|
show 1 more comment
I'm trying to print the contents of private key file to stdout using ssh-keygen tool
ssh-keygen man pages has options like
-e -i -f for exporting and importing a key file. However am not getting it.
Edit:
My scenario:
Consider 2 users user1 and user2
user1 is a higher privileged user.
user2 is a low privileged user who can run ssh-keygen binary as user1 (sudo).
now user2 needs to see private key content(cat). but this cannot be done. Because the private key permissions is set to 600.
How can i acheive this or my assumption is anyway wrong?
ssh
asked 2 days ago
GoronGoron
13
Sadly, while the man pages say that ssh-keygen can export private keys withssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.
– Kyle
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limituser2to that shell script running asuser1.
– Kyle
2 days ago
1
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago
|
show 1 more comment
I'm trying to print the contents of private key file to stdout using ssh-keygen tool
ssh-keygen man pages has options like
-e -i -f for exporting and importing a key file. However am not getting it.
Edit:
My scenario:
Consider 2 users user1 and user2
user1 is a higher privileged user.
user2 is a low privileged user who can run ssh-keygen binary as user1 (sudo).
now user2 needs to see private key content(cat). but this cannot be done. Because the private key permissions is set to 600.
How can i acheive this or my assumption is anyway wrong?
ssh
asked 2 days ago
GoronGoron
13
I'm trying to print the contents of private key file to stdout using ssh-keygen tool
ssh-keygen man pages has options like
-e -i -f for exporting and importing a key file. However am not getting it.
Edit:
My scenario:
Consider 2 users user1 and user2
user1 is a higher privileged user.
user2 is a low privileged user who can run ssh-keygen binary as user1 (sudo).
now user2 needs to see private key content(cat). but this cannot be done. Because the private key permissions is set to 600.
How can i acheive this or my assumption is anyway wrong?
ssh
ssh
asked 2 days ago
GoronGoron
13
asked 2 days ago
GoronGoron
13
edited 2 days ago
Goron
asked 2 days ago
GoronGoron
13
asked 2 days ago
GoronGoron
13
asked 2 days ago
GoronGoron
13
13
Sadly, while the man pages say that ssh-keygen can export private keys withssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.
– Kyle
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limituser2to that shell script running asuser1.
– Kyle
2 days ago
1
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago
|
show 1 more comment
Sadly, while the man pages say that ssh-keygen can export private keys withssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.
– Kyle
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limituser2to that shell script running asuser1.
– Kyle
2 days ago
1
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago
Sadly, while the man pages say that ssh-keygen can export private keys with
ssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.– Kyle
2 days ago
Sadly, while the man pages say that ssh-keygen can export private keys with
ssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.– Kyle
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limit
user2 to that shell script running as user1.– Kyle
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limit
user2 to that shell script running as user1.– Kyle
2 days ago
1
1
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago
|
show 1 more comment
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1113890%2fprint-private-key-to-stdout%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1113890%2fprint-private-key-to-stdout%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Sadly, while the man pages say that ssh-keygen can export private keys with
ssh-keygen -e -f <path to key>, it only ever seems to export the public key. This doesn't appear possible. What are you trying to accomplish? Perhaps there's a better way.– Kyle
2 days ago
Yes indeed.. Even I was thinking the same..
– Goron
2 days ago
The scenario seems a tad odd, but I'll assume you know what you're doing. Can you simply create a new group for both of them and make the private key owned by that group with the proper permissions? Or does SSH get grumpy about that? Another option is a shell script to cat the key out and limit
user2to that shell script running asuser1.– Kyle
2 days ago
1
This is very odd. I can't imagine why one would need to look at the private key. Allowing an user with no sudo privileges to look or copy the private key may be a security risk.
– user68186
2 days ago
@user68186 .. Yes it is security risk.. I'm trying to figure out how one could exploit this ...
– Goron
2 days ago