You are here: Home » NewsFeeds » Extracting SSH Private Keys from Windows 10 ssh-agent

Extracting SSH Private Keys from Windows 10 ssh-agent

Table of Contents
Intro Using OpenSSH in Windows 10 Monitoring SSH Agent Testing Registry Values Unprotecting the Key Figuring out Binary Format Putting it all together This weekend I installed the Windows 10 Spring Update, and was pretty excited to start playing with the new, builtin OpenSSH tools.
Using OpenSSH natively in Windows is awesome since Windows admins no longer need to use Putty and PPK formatted keys. I started poking around and reading up more on what features were supported, and was pleasantly surprised to see ssh-agent.exe is included.
I found some references to using the new Windows ssh-agent in this MSDN article, and this part immediately grabbed my attention:

I’ve had some good fun in the past with hijacking SSH-agents, so I decided to start looking to see how Windows is “securely” storing your private keys with this new service.
I’ll outline in this post my methodology and steps to figuring it


 

Original article