OverTheWire Bandit: Level 13 to Level 14
The Goal
No password this time. Instead, bandit13’s home directory contains a private SSH key for bandit14. Use it to log in as bandit14 and read the password from /etc/bandit_pass/bandit14.
What a Private SSH Key Is
SSH normally authenticates with a password. But it also supports key-based authentication using a public/private key pair.
- The public key is stored on the server in
~/.ssh/authorized_keys - The private key stays with you — it proves your identity
- When you connect, the server challenges you with something only the private key can answer
- If you answer correctly, you’re in — no password needed
Whoever holds the private key can log in as that user. This is why private keys must be kept secret and have strict file permissions.
What I Did
Listed the home directory:
1
2
bandit13@bandit:~$ ls
HINT sshkey.private
Tried SSHing to bandit14 from inside the bandit server — both to localhost and to the actual hostname. Both failed with the same error:
1
Connecting from localhost is blocked to conserve resources.
The HINT file confirmed this — OverTheWire deliberately blocks SSH connections from the server back to itself. The key has to be used from your local machine.
Copied the key contents from the server by running cat sshkey.private, then pasted them into a file on my local machine:
1
2
nano sshpk.txt
# pasted the private key contents
First attempt failed — SSH refused to use the key:
1
2
WARNING: UNPROTECTED PRIVATE KEY FILE!
Permissions 0644 for 'sshpk.txt' are too open.
Fixed the permissions:
1
chmod 600 sshpk.txt
Then connected as bandit14 using the key:
1
ssh -i sshpk.txt bandit14@bandit.labs.overthewire.org -p 2220
Logged in successfully. Read the password file:
1
2
bandit14@bandit:/etc/bandit_pass$ cat bandit14
aaWecNkG4FhxJQxz07uiwzVP6bJiYS65
Why chmod 600 Is Required
SSH is strict about private key permissions as a security measure. If a private key file is readable by anyone other than the owner, SSH refuses to use it. The logic: a key that anyone can read is a compromised key — it’s no longer private.
chmod 600 breaks down as:
6for the owner — read (4) + write (2) = 60for the group — no permissions0for others — no permissions
So only you can read or write the file. Nobody else can touch it.
Why localhost Was Blocked
OverTheWire prevents SSH connections from the server back to itself on port 2220. This is a resource management decision — it stops players from chaining sessions inside the server. The HINT file explains this clearly. Reading error messages and hint files saves a lot of time.
The Better Way — SCP
Instead of manually copying the key with cat and paste, scp can transfer it directly:
1
scp -P 2220 bandit13@bandit.labs.overthewire.org:~/sshkey.private ./sshpk.txt
This copies sshkey.private from bandit13’s home directory to your local machine in one command. Note that scp uses capital -P for port, unlike ssh which uses lowercase -p.
Then set permissions and connect:
1
2
chmod 600 sshpk.txt
ssh -i sshpk.txt bandit14@bandit.labs.overthewire.org -p 2220
Commands Used
| Command | What it did |
|---|---|
cat sshkey.private | Printed the private key so I could copy it locally |
nano sshpk.txt | Created a local file and pasted the key into it |
chmod 600 sshpk.txt | Set correct permissions so SSH would accept the key |
ssh -i sshpk.txt bandit14@... | Connected as bandit14 using the key file |
cat /etc/bandit_pass/bandit14 | Read the password for this level |