Bandit Level 13 → 14
Login: ssh bandit13@bandit.labs.overthewire.org -p 2220
(you already logged in as bandit13 and found sshkey.private in the home directory)
Task
You are given a private SSH key file (sshkey.private) in the bandit13 home directory. Use that key locally to connect to the bandit14 account. After you successfully ssh to bandit14, read the file /etc/bandit_pass/bandit14 to get the next level password.
Quick solution (commands)
# copy the private key from the remote host to your local machine
scp -P 2220 bandit13@bandit.labs.overthewire.org:sshkey.private .
# secure the key locally (OpenSSH requires strict permissions)
chmod 600 sshkey.private
# use the key to login as bandit14
ssh -i sshkey.private -p 2220 bandit14@bandit.labs.overthewire.org
# once logged in as bandit14, read the password for the next level
cat /etc/bandit_pass/bandit14
Theory (a bit more — why this works)
-
Public-key SSH authentication
- Instead of a password, SSH can use an asymmetric key-pair: a private key (which you keep secret) and a public key (stored on the server).
- If the server has the corresponding public key in the
authorized_keysof an account, SSH proves you own the private key and logs you in as that account. - In this level you were given the private key for
bandit14. Possessing that key is equivalent to having the password forbandit14(for authentication purposes).
-
scp
scpcopies files over SSH. The-P 2220option tells scp to use port2220(Bandit uses that port).- Example:
scp -P 2220 bandit13@...:sshkey.private .copiessshkey.privatefrom the remotebandit13home to your current local directory.
-
File permissions matter
- OpenSSH refuses to use private key files that are readable by group or others. If a private key file is group/world-readable SSH prints a warning like:
Permissions 0640 for 'sshkey.private' are too open. - The correct permission for private keys is `` (
-rw-------) so that only the file owner can read/write it.700(-rwx------) also works but is non-standard (private keys usually don't need execute bit). - Use
chmod 600 sshkey.privateto fix permissions.
- OpenSSH refuses to use private key files that are readable by group or others. If a private key file is group/world-readable SSH prints a warning like:
-
Windows line endings
- If the key was moved through Windows or edited with a Windows editor, it may contain CRLF (
) line endings. SSH expects Unix LF (). Convert withdos2unixor atrcommand if needed.
- If the key was moved through Windows or edited with a Windows editor, it may contain CRLF (
-
Troubleshooting
- If SSH refuses to authenticate, add verbose output to see why:
Look for messages about
ssh -vvv -i sshkey.private -p 2220 bandit14@bandit.labs.overthewire.orgOffering public keyandAuthentication succeededorPermission denied. - If you still get
Permission denied (publickey), confirm:- The key file content is intact (no accidental edits).
- File permissions are
600and ownership is your user. - You used the correct user (
bandit14) and port (2220).
- If SSH refuses to authenticate, add verbose output to see why:
-
ssh-agent alternative
- Instead of passing
-ievery time, add the key to your agent (keeps it in memory):ssh-add sshkey.private
ssh -p 2220 bandit14@bandit.labs.overthewire.org
- Instead of passing
Full explained session (step-by-step)
- On the remote server (bandit13) — you discovered the key:
bandit13@bandit:~$ ls
sshkey.private
- From your local machine — copy the key here for use:
scp -P 2220 bandit13@bandit.labs.overthewire.org:sshkey.private .
# you will be prompted for the bandit13 password
- Secure the key file
# make it readable only by you
chmod 600 sshkey.private
# verify
ls -l sshkey.private
# output should look like: -rw------- 1 youruser yourgroup 1675 Sep 19 12:34 sshkey.private
- Attempt SSH using the key
ssh -i sshkey.private -p 2220 bandit14@bandit.labs.overthewire.org
- On first connect you'll likely be asked to accept the host fingerprint — answer
yes. - If the key works you'll be dropped into a shell as
bandit14.
- Read the next-level password
cat /etc/bandit_pass/bandit14
# this prints the password you need for the next level
Example (what you might see)
$ scp -P 2220 bandit13@bandit.labs.overthewire.org:sshkey.private .
bandit13@bandit.labs.overthewire.org's password:
sshkey.private 100% 1675 1.6KB/s 00:00
$ chmod 600 sshkey.private
$ ssh -i sshkey.private -p 2220 bandit14@bandit.labs.overthewire.org
The authenticity of host '[bandit.labs.overthewire.org]:2220 ([IP]:2220)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Welcome to bandit...
$ cat /etc/bandit_pass/bandit14
<the-password-for-bandit15>
Cleanup & security reminder
- This is a game environment, but in real life never share private keys publicly (e.g., push them to GitHub). Remove keys from your local machine when you no longer need them:
shred -u sshkey.private # securely delete
# or simply: rm sshkey.private
- If you ever suspect a private key has been exposed, revoke it on the server (remove the corresponding public key from
~/.ssh/authorized_keys) and generate a new key pair.
If you want, I can:
- shorten this into a one-page
README.mdsuitable for GitHub, or - create a small diagram explaining public/private key flow, or
- add the exact
ssh -vvvdebugging output to the doc (if you paste your session output).
Tell me which you prefer and I will update the file.
<!-- truncate -->
