> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/offline-cracking/trick-0010.md).

# Crack SSH Private Key Passphrase

***

Convert an encrypted SSH private key file (e.g., `id_rsa`) into a crackable hash format using `ssh2john`.

```bash
ssh2john id_rsa > hash
```

Then, use a tool like `john` or `hashcat` with a wordlist to attempt cracking the extracted hash.

```bash
john -wordlist=~/Downloads/rockyou.txt hash
```

*Note: Ensure the private key file has appropriate permissions. For use with SSH, this is often 600 (read/write for owner only). In many cases SSH Clients will not function if it is detected that the permissions of the Private key file are such that users other than you have read access. Tools like `ssh2john` might also require specific read access, potentially needing temporary permission changes if run as a different user.*

### Using Hashcat and Understanding ssh2john Formats

When using `hashcat`, it's important to be aware that `ssh2john` can produce different hash formats, and compatibility can vary. It seems some SSH private key modules in `hashcat` expect an older hash format (signature + 5 parts) and may not work with a newer format (signature + 7 parts). The `ssh2john` format can change or output different formats depending on the algorithm selected for the key.

For instance, `hashcat` might work for a 5-part hash like this (type $4$, where part 2 is 2 digits):

```
$sshng$4$16$04D2D7882E0C474E07E542FE997D2A49$608$bdf0791ad9b7e27dd2788e8910b8d6886c3a3be8feb4647a59b8b748d7806647d203c3d38de8ba3d51ebf9d18ae7331d9d3724774129c48b6ac4476d2cae86b4121af4a45dddc11b6b21e6cb2c9b1f6142e124d724250505ed9e6fb64a9a70a5441e4572602a13189ff90389c079d9c3a0d3ceafa8192c22f5c4a8cb6a84eb61605e48fcb8a0187012ce366b0fd58400e3322e6f86e711b22084bfecc0407f1d54bce85c8c0ac317ac710e9d2b945017ff51f645372a48ea4554357948b67375d7879e46c043dfb5642fb74040f331f83c26ec36d4d3b416ad5bf38265a5bb72aa474b51340f5ee1ae5fd785ce6318121d9f975592bc88077eefa3a7a6b945b460e8c035c6334c145cf62ae63f16a4ac4db15b36455f92e94d2040ba12a8dc6d59eed43d666e7f311d8d350ef2af4a85d1aa166279dd72180a565fd1ba75e3c6fe064dcff9d3794db98a4047ee952727ad32d3468df87dd4c8009af904987439718db3dac594c27d373e05c154c40750cc7ab5edb7d202761b9df4192d461bea6b1828cfe5c0dcbac1ae53cf72b4826722188d91727464a4ce0e37f4ec83119ebeb9199cd2a8560388fa0205f1ea019136fbf2a681552af5ea12aff617e495cb2306ae6e313e6b2bfc7501784f529ae4f33730df54033fc5eaea228476b334743b4870b4e8f87e4efffdc7750a317377426217f4aa3241f191d6e6202f6a961b219169506efbe16de7e87583ee1b19a32f54da3e05f7e8e72b412a1dcf2581379b529a65f53667ed733ee2c1ce002abaa4767337b0f4b749ccec023316ae346bee262174f41266dc550938c0094de1eec70d020f4053a978619ae8c11fff27a5
```

Or for a hash like this one (5 parts, type $0$ where part 2 is 1 digit):

```
$sshng$0$8$DAA422E8A5A8EFB7$608$fa7b2c1c699697dd487261a213a0dd088a86bc03f4e2db8b87ad302e3581bdd8ed17d0a3ced3e7179ef17beea9064ee862017f472de293d655f6b1cd7115e27c328cf5caf1b5896952590cd82d123fcf6c5da3b43f5435c829ebb595300c828e04d57c7ade57efe006305b32fe79afd0d14cadba681b4dc3a69b25a1e71ddbd353465217c311d11721f1cba05d1226ff0e7d261156f0837753bcaaddfec383591f61470a4318cf679046d43490a1eef33014a90865917ccaa16f986724b8ee421d990327a46410362b4992406af41a88e3c5e5bbb7707ba08517e7ac8295ad0b934c38968f05fd372f1ee29e24eddcbbacba5b3e1b7150e51ba4e17b4f54319630e2d5372adc46e4de437f64b3d11670eb25fc94c7e9bd0579806bbf16c6cfe529a4bc0d3918ca4777f8418e789163660d9bbe0aa297857ee4922dffe310e6967fba2ee2e06707d9bbd9c8601bad7ccfdcb8a948074de511be7d588b7b71d4b5f0b1e19020b54efc4d626b2e4d85c0a40682517128b9ecc29f882996f4f6b655bb1986e293cb5271fe98c61d8b2e6e8338fee42f22674fc8b2da475663ba19644e7de76927cd9e333b533ad7617cc7a9f19dc7c00c240ed92c2fb1aaf6495bd16ab9fae4650567ad8b175d02f9e6a9737362168035670017fd9ad87cf4e916f47baa5efe0d04939295fba608f83fa811b946d12afe77836dc6d0d398824a355926ce5848dace776c7a7ab7109be495894bc98a2cf04107368d5d8777a1d0ef19782ebb1527b564ac0f5d4ac91e81f435cc21f5905b9753ee1a79913306957589943da161a6f5dc3082b80930553769ce11d82d9cb12d8a12bb4e56eb3f1200eb
```

However, it might not work for a 7-part hash (e.g., type $6$ where part 2 is 2 digits):

```
$sshng$6$16$220c1cfd4c12255c50e95424071ab0d5$375$6f70656e7373682d6b65792d7631000000000a6165733235362d637472000000066263727970740000001800000010220c1cfd4c12255c50e95424071ab0d50000001000000001000000680000001365636473612d736861322d6e69737470323536000000086e69737470323536000000410405042a41f6a8a5b4fdc926bb60664f4d1bbccfce1ab8e4789b7654874f8fcb3961d30fe86197d4c9a36fceadefbb5652672c640b9a45be9e18aa0b1298504343000000c08d5ad7949499c1282d24a86f820a76c90dbde432ed30aec67578724cdbc067e0d89fa399b5e2e945dc405134597543deea2ff24f39c9c2a54edf1c7c3adfb28f62bfe93d06235b8777857839ef79b996c688c1c473dcacb13159045048595cdbd20b2ba19a684bc42a3d3d62de7fab9ec61d97f6fe1e537a973eebf2ad86db5c8e950d5925e2af159b100dca400f6b1515dffa4278e8cb8c653a82157ff89f69e397e25e7bbd04c4c95a5cc204bda8e1014b4b31316350337d2920c83361fa91$16$183
```

To reproduce a case that might not be supported by older `hashcat` versions or specific modules, you can generate a key using options like `-o` (for the new OpenSSH private key format) and specific ciphers:

```bash
ssh-keygen -o -N test12345 -t ed25519 -Z aes256-ctr -f test_ed25519_aes256-ctr
ssh2john test_ed25519_aes256-ctr > hash_ed25519_aes256-ctr.txt
```

Then, attempting to crack it with `hashcat` (e.g., mode `22921` for `Ed25519 OpenSSH`):

```bash
hashcat -m 22921 hash_ed25519_aes256-ctr.txt /usr/share/wordlists/passwords/rockyou.txt
```

You might encounter an error like:

```
hashcat (v6.2.6-846-g4d412c8e0+) starting
OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Iris(R) Xe Graphics, 7141/14346 MB (2047 MB allocatable), 80MCU
This hash-mode is known to emit multiple valid candidates for the same hash.
Use --keep-guessing to continue attack after finding the first crack.
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashfile 'hash_ed25519_aes256-ctr.txt' on line 1 (test_e...e1ffe463654befb26ec8afb2d$24$130): Token length exception
* Token length exception: 1/1 hashes
 This error happens if the wrong hash type is specified, if the hashes are
 malformed, or if input is otherwise not as expected (for example, if the
 --username or --dynamic-x option is used but no username or dynamic-tag is present)
No hashes loaded.
Started: Thu Jan 25 11:36:48 2024
Stopped: Thu Jan 25 11:36:49 2024
```

This "Token length exception" can occur if `hashcat` is expecting exactly 5 parts for the hash string, but receives 7. Always ensure your `hashcat` version and the specific module used support the format generated by `ssh2john` for your particular key type. Newer versions of `hashcat` may have improved support for these formats.
