XK0-004 · Question #234
When requesting SSH access to a remote system, a user accidentally emailed the id_rsa key to the administrator. Which of the following should the user do NEXT?
The correct answer is D. Stop using that key and run ssh-keygen to generate a new key pair.. A private SSH key emailed to anyone is considered compromised and must be replaced immediately, not repaired or reused.
Question
When requesting SSH access to a remote system, a user accidentally emailed the id_rsa key to the administrator. Which of the following should the user do NEXT?
Options
- ARun the ssh-add command to add the remote system to known_hosts.
- BAsk the administrator to run chmod 600 id_rsa on the remote system.
- CDelete id_rsa key file and send the id_rsa.pub key file instead.
- DStop using that key and run ssh-keygen to generate a new key pair.
How the community answered
(34 responses)- A9% (3)
- B3% (1)
- C6% (2)
- D82% (28)
Why each option
A private SSH key emailed to anyone is considered compromised and must be replaced immediately, not repaired or reused.
ssh-add loads a private key into the SSH authentication agent for use in the current session and has no effect on known_hosts or on the compromised key.
Setting chmod 600 on the remote system only corrects file permissions there and does nothing to address the fact that the private key was already exposed by email.
Deleting the local copy and sending id_rsa.pub fixes the process going forward but does not revoke or replace the already-compromised private key, leaving the original key pair a security risk.
The id_rsa file is the private key, which must never leave the owner's possession. Because it was transmitted insecurely via email, it is now compromised and must be treated as untrusted. The user must stop using the exposed key pair and run ssh-keygen to generate a fresh key pair, then register the new public key with the administrator.
Concept tested: SSH private key compromise and remediation
Source: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
Topics
Community Discussion
No community discussion yet for this question.