How do I crack an id_rsa encrypted private key with john the ripper?

Question

I am trying to crack a password protected id_rsa, with john the ripper. But it doesn't find the correct password for some reason.

I have create a new user and generated a new id_rsa with ssh-keygen (the password used is "password").

pwn@kali:~$ ls -l .ssh/                                                   
total 4                                                                   
-rw-r--r-- 1 pwn pwn 222 janv. 10 18:10 known_hosts                       

pwn@kali:~$ ssh-keygen                                                    
Generating public/private rsa key pair.                                   
Enter file in which to save the key (/home/pwn/.ssh/id_rsa):              
Enter passphrase (empty for no passphrase):                               
Enter same passphrase again:                                              
Your identification has been saved in /home/pwn/.ssh/id_rsa.              
Your public key has been saved in /home/pwn/.ssh/id_rsa.pub.              
The key fingerprint is:                                                   
SHA256:mYmLGXR2b8Au7d41sZukTEAIhRQI8UAtQHWf2xnF/ug pwn@kali               
The key's randomart image is:                                             
+---[RSA 3072]----+                                                       
|O=o++=.   ..     |                                                       
| +..o..o. ..     |                                                       
|  o . +o=..      |                                                       
|   . o *o*o.     |                                                       
|    . o.Soo +    |                                                       
|     + + o . +   |                                                       
|    o . . o =    |                                                       
|       . + E +   |                                                       
|        . + o    |                                                       
+----[SHA256]-----+                                                       
pwn@kali:~$                                                               

pwn@kali:~$ ls -l .ssh/                                                   
total 12                                                                  
-rw------- 1 pwn pwn 2635 janv. 13 12:05 **id_rsa**                           
-rw-r--r-- 1 pwn pwn  562 janv. 13 12:05 **id_rsa.pub**                       
-rw-r--r-- 1 pwn pwn  222 janv. 10 18:10 known_hosts                      

The result is the following file :

pwn@kali:~$ cat ~/.ssh/id_rsa                                         
-----BEGIN OPENSSH PRIVATE KEY-----                                   
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB4s/RnpN
lZ67eKbLmVgmyNAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDM8ArnVzXk
fBlK3ZJGi6VzRuh5NEu/aRmFkIjEvahYQnEzBIvrNK3VXBkoGru1TTxGwp4h/yUQ/3b2JR
2H1IusOS9iJsTzDhLqZAJIeA1spfnIEcsravmfM8K9V/rT/25KqpSB4t8GVYdGdK6++EIX
ZTnc2HniBKa55tFlb0fBDi2gC9s44gKZyXi8kBX7PInVhhTcjJUCSNdsQIX0LVxEnaH6N+
rYiSl/cjToWOybBL7Q6GaVKXt+zz9goFNv1b+wcO33yJbRZhQUIk77VEfRQg4mAU+lzmJB
VR4SNopQwv9fRx16ZQjISHV0HG/sgzcBi7pWq+N4HUMj3qk0xPJ5cri5y9qnEf/6giNYzI
XMO1g5VcAe8k/ilM4blpUnsBGX3tsDmQw2+vo+66aoKnP7rpNZVeB3W/xFhnZRLWDQxy9X
h7xF9v4AwjzRm4PaINg2lCrA49xbRl7lLl5frG88iA7hxFQevWX4EpJiSWUrEwXbFX7rI+
3zBFbeJSn7ccUAAAWAqMJpHA49zz662ZA+imjfViQap9Dazj90S11p5Mh+LX2eEQLW3FLG
Q5Pew6FpByVmejZVarhOPlWfsiqrmGzDBOZae6FIcHyp17MZV5ANRwVVlqZyuoyvyrv/gq
o2Qi+mxW63J5lcnx5VCJk7MRlxmrRG7xle56ji0BU63zTVVGBSCBVH5AySoXTxHPQX/4dh
75E/oOeES588NR9A+XjFrcRs+TxzTnQxWHV/HCVNSZ4eFdDAdahNw40437bJhfI1+T1O/t
ljnSZ12V8kbTgnmhisfMObXXvEM9bxk3tlXtxZczMQWXibkQVML3tjQRmh3Q9ZAZqDznng
FhpJHpb4EsCAVavtplR42QXpNr1DAvmLELof86YHB3xrVUWYsIDB27HiY2IW7zSVgDnO64
pgMEn/PmEOy0sqHldvrGV+W/IDWaAeacwhqbbvK+ZM8Nfb91mggLMxzNXw3CkWQpLHC9Jx
vIVjgqbqoDqrl75jlL/qrr9Ha4THLK5fYVVIzOuyMGblOtu7aWGBSVocEKiGCoQ04Z+msq
NmymNQu5m8Xl9QLzmQ2R6SD17KblCopcttWX9JSYJh6cDmUo/hlPkSoDkN0MDbCgBt1rHg
cbc7xd/ILg4okpdGbXJl5JtxkfcMKdku1BoLOnwYH9ECeP6CbG6dtkAzJGpgrRCk/Ihfy3
OjdF6C8VC6QnvrJD0wDIybRVXhPEhiuGe0QvP0yvzqKyvWOanLLX7D0Ni+AUIGZWPbeSQD
I0d2xxka3kYPaCIL+SKeMKZPWDSCdITcBij2L8v9g6Q36qLHQZsJvDls8tZgSFhifR6yju
PO328M8bAdUkF3LXTX6hqfSjZvE/SlqwQlwgwiO0RvNo0tDpGwQ9iAoD7gClTJ4ZDltwDP
IRmMnHewNJpTB1BuI2h7P2M50TsgYVbBmvL1HFEZb+174gy66pUPlxTF4BL0VcFRExkiA1
HPjkZ/UNTfnZ0bIVAw/FKeGN/VVhH4IRhkAZc2w5RyBFg5N0CMJABeZQf0LWUdq11o1lI4
ByKtrBIBVfgU029CtMS9crdLDjd8IyuLkvmpfHPqpQQX2dUMk9C2rI+ANv2smRSZBiFedi
czYqF4A2nNFSs8hqpfJQ5wU1pYyivIVDleD4smfwVrQ+TCSnn6kVe+Cj2u7NXAoY3aYIjP
M3h1NzEnXI4VaCZq2SBTh1VHnzHg0IL1FLsvjdRkdPzbhNyRnjj+rMJ/HOzdvLM3HBkByZ
G3ffRMGVm03Ijxn/tOoZDnMSsqIgpce0CMYUjfvxkjEQYc0QRiRLqZeMCkTaoICO6Z1LLf
JqryL6+y541plsKxGLLhfDbaJ0dqOM0kwYwMfGdbUNOGSLDbWThWBIMqPP+DWlDSPpwwnu
KY7kzweNClRqK+Ex8oPX9L484+mItYzOLQ/z3A8+ZrUjkezWZqABeUXT4BSOiOt4LjdZdI
Zlfuhy+S7Sr+osPViulmJCdLNXgpnjz+vlCOXzHYF87nrFRnGJNcrcNO5Vxz7QOewoKUe/
dpnt7Upzx2cxWGZsXPbrE0TWbxBMi37xUbBeQIvJE0OVRD0ZcHuHKrfz4g2OMlWaLQzW+6
2O1jEhUa3Te63y8/3e7GjcqA2oCgj/WYGXBzkTb2uc+vVzmkqp6PxOaqmmVMjPH8g/anK2
SZPg9mQPsIVOSBqTVDYQ00Ms4UKF+m03yRLNLZqY2vxhlj3hInJsIGUsGW2LptKcQT9VPI
twwDMRvq5G06AJ3W8hzzspUkz7eAfxO5WuU/6EAWpz3/WtS3DYVxiG9V9AXb8+s3mm67Y8
4gDpAWslPjSdgyx1yjMVogO6lzRoSGvdT1SyqO6sRji1IRG+R+8H/MAx2RY1SZf5K1I4Pz
hF2Y9w==                                                              
-----END OPENSSH PRIVATE KEY-----                                     

I have used ssh2john to create a file crackable by john:

# /usr/share/john/ssh2john.py id_rsa 
id_rsa:$sshng$2$16$78b3f467a4d959ebb78a6cb995826c8d$1894$6f70656e7373682d6b65792d7631000000000a6165733235362d63747200000006626372797074000000180000001078b3f467a4d959ebb78a6cb995826c8d000000100000000100000197000000077373682d7273610000000301
00010000018100ccf00ae75735e47c194add92468ba57346e879344bbf6919859088c4bda858427133048beb34add55c19281abbb54d3c46c29e21ff2510ff76f6251d87d48bac392f6226c4f30e12ea640248780d6ca5f9c811cb2b6af99f33c2bd57fad3ff6e4aaa9481e2df0655874674aebef842176
539dcd879e204a6b9e6d1656f47c10e2da00bdb38e20299c978bc9015fb3c89d58614dc8c950248d76c4085f42d5c449da1fa37ead889297f7234e858ec9b04bed0e86695297b7ecf3f60a0536fd5bfb070edf7c896d1661414224efb5447d1420e26014fa5ce6241551e12368a50c2ff5f471d7a6508c8
4875741c6fec8337018bba56abe3781d4323dea934c4f27972b8b9cbdaa711fffa822358cc85cc3b583955c01ef24fe294ce1b969527b01197dedb03990c36fafa3eeba6a82a73fbae935955e0775bfc458676512d60d0c72f5787bc45f6fe00c23cd19b83da20d836942ac0e3dc5b465ee52e5e5fac6f3
c880ee1c4541ebd65f812926249652b1305db157eeb23edf30456de2529fb71c500000580a8c2691c0e3dcf3ebad9903e8a68df56241aa7d0dace3f744b5d69e4c87e2d7d9e1102d6dc52c64393dec3a1690725667a36556ab84e3e559fb22aab986cc304e65a7ba148707ca9d7b31957900d47055596a6
72ba8cafcabbff82aa36422fa6c56eb727995c9f1e5508993b3119719ab446ef195ee7a8e2d0153adf34d5546052081547e40c92a174f11cf417ff8761ef913fa0e7844b9f3c351f40f978c5adc46cf93c734e743158757f1c254d499e1e15d0c075a84dc38d38dfb6c985f235f93d4efed9639d2675d95
f246d38279a18ac7cc39b5d7bc433d6f1937b655edc5973331059789b91054c2f7b634119a1dd0f59019a83ce79e0161a491e96f812c08055abeda65478d905e936bd4302f98b10ba1ff3a607077c6b554598b080c1dbb1e2636216ef34958039ceeb8a603049ff3e610ecb4b2a1e576fac657e5bf20359
a01e69cc21a9b6ef2be64cf0d7dbf759a080b331ccd5f0dc29164292c70bd271bc856382a6eaa03aab97be6394bfeaaebf476b84c72cae5f615548ccebb23066e53adbbb696181495a1c10a8860a8434e19fa6b2a366ca6350bb99bc5e5f502f3990d91e920f5eca6e50a8a5cb6d597f49498261e9c0e65
28fe194f912a0390dd0c0db0a006dd6b1e071b73bc5dfc82e0e289297466d7265e49b7191f70c29d92ed41a0b3a7c181fd10278fe826c6e9db64033246a60ad10a4fc885fcb73a3745e82f150ba427beb243d300c8c9b4555e13c4862b867b442f3f4cafcea2b2bd639a9cb2d7ec3d0d8be0142066563db
792403234776c7191ade460f68220bf9229e30a64f5834827484dc0628f62fcbfd83a437eaa2c7419b09bc396cf2d6604858627d1eb28ee3cedf6f0cf1b01d5241772d74d7ea1a9f4a366f13f4a5ab0425c20c223b446f368d2d0e91b043d880a03ee00a54c9e190e5b700cf21198c9c77b0349a5307506
e23687b3f6339d13b206156c19af2f51c51196fed7be20cbaea950f9714c5e012f455c1511319220351cf8e467f50d4df9d9d1b215030fc529e18dfd55611f8211864019736c3947204583937408c24005e6507f42d651dab5d68d652380722adac120155f814d36f42b4c4bd72b74b0e377c232b8b92f9
a97c73eaa50417d9d50c93d0b6ac8f8036fdac99149906215e76273362a1780369cd152b3c86aa5f250e70535a58ca2bc854395e0f8b267f056b43e4c24a79fa9157be0a3daeecd5c0a18dda6088cf3378753731275c8e1568266ad920538755479f31e0d082f514bb2f8dd46474fcdb84dc919e38feacc
27f1cecddbcb3371c1901c991b77df44c1959b4dc88f19ffb4ea190e7312b2a220a5c7b408c6148dfbf192311061cd1046244ba9978c0a44daa0808ee99d4b2df26aaf22fafb2e78d6996c2b118b2e17c36da27476a38cd24c18c0c7c675b50d38648b0db59385604832a3cff835a50d23e9c309ee298ee
4cf078d0a546a2be131f283d7f4be3ce3e988b58cce2d0ff3dc0f3e66b52391ecd666a0017945d3e0148e88eb782e37597486657ee872f92ed2afea2c3d58ae96624274b3578299e3cfebe508e5f31d817cee7ac546718935cadc34ee55c73ed039ec282947bf7699eded4a73c7673158666c5cf6eb1344
d66f104c8b7ef151b05e408bc9134395443d19707b872ab7f3e20d8e32559a2d0cd6fbad8ed6312151add37badf2f3fddeec68dca80da80a08ff5981970739136f6b9cfaf5739a4aa9e8fc4e6aa9a654c8cf1fc83f6a72b64993e0f6640fb0854e481a93543610d3432ce14285fa6d37c912cd2d9a98daf
c61963de122726c20652c196d8ba6d29c413f553c8b70c03311beae46d3a009dd6f21cf3b29524cfb7807f13b95ae53fe84016a73dff5ad4b70d8571886f55f405dbf3eb379a6ebb63ce200e9016b253e349d832c75ca3315a203ba973468486bdd4f54b2a8eeac4638b52111be47ef07fcc031d9163549
97f92b52383f3845d98f7$16$486                               


# /usr/share/john/ssh2john.py id_rsa > id_rsa.hashes

But john don't find the password "password" using a wordlist that contain "password" in 4th position.

# grep -x password -n /usr/share/wordlists/rockyou.txt
4:password

# john -w /usr/share/wordlists/rockyou.txt --format=SSH id_rsa.hashes 
Warning: invalid UTF-8 seen reading /usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 2 for all loaded hashes
Cost 2 (iteration count) is 16 for all loaded hashes
Will run 4 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:02:34 DONE (2020-01-13 12:15) 0g/s 23.00p/s 23.00c/s 23.00C/s paagal..sss
Session completed

**# john --show id_rsa.hashes 
0 password hashes cracked, 1 left**

I guess the problem is in the --format option used. But I don't see a more suitable one.

Answer 1

This is a bug, see this issue where the user appeared to have basically the same issue you did. I linked this question at the bottom to (hopefully) bring attention to this.

Additionally I followed your exact steps on an up-to-date Kali machine and had the same issues. I cloned the repo and built from source as well with no luck. Hopefully this will be addressed soon and we can all crack those passphrases again :)

EDIT: confirmed by repo maintainer

Answer 2

As I was facing the same issue, I made a work-around that let me brute force the id_rsa password without using JTR. You can find it here. It's just a shell script that relies on the ssh-keygen tool, and feeds it with a password file until it finds one (or doesn't). I guess that with a few tweaks it can be used with JTR too. Anyway, it works directly on the id_rsa file and there's no need to create the hash file.

Answer 3

I just solved this issue on latest Arch Linux and Kali. Basically, the ssh2john.py was outdated by a year (2019) and I also used the most recent john binary by cloning their repo, ./configure && make in src folder and then run them locally from run/ folder. For more details check my comments in this issue report: https://github.com/openwall/john/issues/4069

Answer 4

It works for me with that little change:

   john --wordlist=/usr/share/wordlists/rockyou.txt --format=SSH id_rsa.hashes