Can ssh keyfile security be broken in a few hours if the file is exposed?
No, your SSH key can't be broken in a few hours if you choose a strong passphrase. I read the web page you quoted, and it is just bad writing that leaves a mistaken impression. The statement there is inartfully phrased. The website claims:
An SSH key passphrase is a secondary form of security that gives you a little time when your keys are stolen. If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force. That extra time should be enough to log in to any computers you have an account on, delete your old key from the .ssh/authorized_keys file, and add a new key.
That's phrased in a pretty confusing way. I suspect what they mean to say is that a good passphrase will take at least several hours to crack. In fact, a strong passphrase will take a lot longer than that to crack; probably days or years, or longer, depending upon how strong your passphrase is.
Because of poor phrasing, this web page might leave the impression that even if you choose a strong passphrase, an attacker could still recover your SSH key in at most a few hours. That is not correct. If you have a strong passphrase, it will take a long time for an attacker to recover your SSH private key.
Someone with permission to edit the web page should fix it to correct the confusing phrasing.
At least in my results from man ssh-keygen
:
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.
So, the question about a stolen key's time to crack is a factor of the lesser of:
- Time to crack AES itself
- Time to crack your chosen password for AES encryption.
That second bullet also includes the reduction code and however many rounds it takes to turn your string of letters into a valid 128 bit key. AES itself is still considered a good symmetric algorithm. Thus, if you have a good passphrase, you'll be safe for more than "a few hours."
The link you provide doesn't say anything about the strength of RSA keys or an attacker having your private key to start with. It refers to an entirely different thing: the strength of the passphrase that is used to control access to your RSA private key:
An SSH key passphrase is a secondary form of security that gives you a little time when your keys are stolen. If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force. That extra time should be enough to log in to any computers you have an account on, delete your old key from the .ssh/authorized_keys file, and add a new key.
Basically - if the attacker has access to the computer where you store your keys, they can try to brute-force your passphrase (not the key). If you've chosen a weak passphrase, then it can be guessed. Guessing the passphrase will allow the attacker to possess your RSA private key. And finally, if they possess your private key, then they can read messages that are encrypted just for you.
EDITED TO ADD: But the quote above is in serious error where it says that a strong passphrase might take an attacker only hours to guess by brute force. A truly strong passphrase should, as others have pointed out, take many many years to guess. I think the point they were trying to make is that the passphrase is the weakest link. If you choose a poor one it can be easily compromised. But if your passphrase is 65 random characters, then it cannot be guessed as they describe.