Post

OverTheWire Bandit: Level 13 to Level 14

OverTheWire Bandit: Level 13 to Level 14

The Goal

No password this time. Instead, bandit13’s home directory contains a private SSH key for bandit14. Use it to log in as bandit14 and read the password from /etc/bandit_pass/bandit14.

What a Private SSH Key Is

SSH normally authenticates with a password. But it also supports key-based authentication using a public/private key pair.

  • The public key is stored on the server in ~/.ssh/authorized_keys
  • The private key stays with you — it proves your identity
  • When you connect, the server challenges you with something only the private key can answer
  • If you answer correctly, you’re in — no password needed

Whoever holds the private key can log in as that user. This is why private keys must be kept secret and have strict file permissions.

What I Did

Listed the home directory:

1
2
bandit13@bandit:~$ ls
HINT  sshkey.private

Tried SSHing to bandit14 from inside the bandit server — both to localhost and to the actual hostname. Both failed with the same error:

1
Connecting from localhost is blocked to conserve resources.

The HINT file confirmed this — OverTheWire deliberately blocks SSH connections from the server back to itself. The key has to be used from your local machine.

Copied the key contents from the server by running cat sshkey.private, then pasted them into a file on my local machine:

1
2
nano sshpk.txt
# pasted the private key contents

First attempt failed — SSH refused to use the key:

1
2
WARNING: UNPROTECTED PRIVATE KEY FILE!
Permissions 0644 for 'sshpk.txt' are too open.

Fixed the permissions:

1
chmod 600 sshpk.txt

Then connected as bandit14 using the key:

1
ssh -i sshpk.txt bandit14@bandit.labs.overthewire.org -p 2220

Logged in successfully. Read the password file:

1
2
bandit14@bandit:/etc/bandit_pass$ cat bandit14
aaWecNkG4FhxJQxz07uiwzVP6bJiYS65

Why chmod 600 Is Required

SSH is strict about private key permissions as a security measure. If a private key file is readable by anyone other than the owner, SSH refuses to use it. The logic: a key that anyone can read is a compromised key — it’s no longer private.

chmod 600 breaks down as:

  • 6 for the owner — read (4) + write (2) = 6
  • 0 for the group — no permissions
  • 0 for others — no permissions

So only you can read or write the file. Nobody else can touch it.

Why localhost Was Blocked

OverTheWire prevents SSH connections from the server back to itself on port 2220. This is a resource management decision — it stops players from chaining sessions inside the server. The HINT file explains this clearly. Reading error messages and hint files saves a lot of time.

The Better Way — SCP

Instead of manually copying the key with cat and paste, scp can transfer it directly:

1
scp -P 2220 bandit13@bandit.labs.overthewire.org:~/sshkey.private ./sshpk.txt

This copies sshkey.private from bandit13’s home directory to your local machine in one command. Note that scp uses capital -P for port, unlike ssh which uses lowercase -p.

Then set permissions and connect:

1
2
chmod 600 sshpk.txt
ssh -i sshpk.txt bandit14@bandit.labs.overthewire.org -p 2220

Commands Used

CommandWhat it did
cat sshkey.privatePrinted the private key so I could copy it locally
nano sshpk.txtCreated a local file and pasted the key into it
chmod 600 sshpk.txtSet correct permissions so SSH would accept the key
ssh -i sshpk.txt bandit14@...Connected as bandit14 using the key file
cat /etc/bandit_pass/bandit14Read the password for this level
This post is licensed under CC BY 4.0 by the author.