Introduction

There is something I don’t understand with SSH private key permissions and I’d like some in-depth explanations about the difference in behavior I’m noticing
Here is the thing, I am trying to write an extensive documentation on the overthewire challenges and the question is about the level bandit13 (I am writing this only to help people that are familiar with these challenges but it is not so much focused on the challenges).

Remote host situation

I am logged in as the user bandit13 and I get an ssh key that I should use to connect as the user bandit14 on the server. Here is the output of the command stat when ran on the file “sshkey.private” :

  File: sshkey.private
  Size: 1679        Blocks: 8          IO Block: 4096   regular file
Device: 10301h/66305d   Inode: 517716      Links: 1
Access: (0640/-rw-r-----)  Uid: (11014/bandit14)   Gid: (11013/bandit13)
Access: 2024-06-03 16:10:51.521532387 +0000
Modify: 2023-10-05 06:19:21.815263421 +0000
Change: 2023-10-05 06:19:21.819263430 +0000
 Birth: 2023-10-05 06:19:21.815263421 +0000

We can see that the key belongs to the user bandit14 but is also readable by the members of the group bandit13, which seems to be in conflict with this section from the ssh(1) man page :

~/.ssh/id_rsa
             Contains the private key for authentication.  These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute).  will simply ignore a
             private key file if it is accessible by others.  It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using AES-128.

However, I can use this private key to connect to the user bandit14 by running :

ssh -p 2220 -l bandit14 -i sshkey.private localhost

Local machine situation

Now, when I retrieve the ssh key on my local machine, here is the output I get from the stat command :

  File: bandit14_sshkey
  Size: 1679        Blocks: 8          IO Block: 4096   regular file
Device: 804h/2052d  Inode: 8913955     Links: 1
Access: (0640/-rw-r-----)  Uid: ( 1001/ Charystag)   Gid: ( 1001/ Charystag)
Access: 2024-06-03 21:05:42.285372019 +0200
Modify: 2024-06-03 21:05:11.765802230 +0200
Change: 2024-06-03 21:05:11.765802230 +0200
 Birth: 2024-06-03 21:05:11.733802682 +0200

which also seems to contradict the same section from the ssh(1) man page.

However this time, when I try to connect to the remote host by running :

ssh -p 2220 -l bandit14 -i bandit14_sshkey bandit.labs.overthewire.orgs

I get the following banner :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for 'bandit14_sshkey' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "bandit14_sshkey": bad permissions

My Question

What can possibly explain the difference in behavior between these two situations? Please don’t tell me that I should change my permissions for my ssh key on my local machine as I already know that but explain why I can jump from one user to another on the remote host.
Please ensure to link to some documentation in your answer.

What did I try to understand?

I basically read a lot of stackOverflow questions, the ssh(1) and sshd(8) man pages and asked ChatGPT 4o but I got nothing concrete so here I am.

Thanks a lot to those of you who’ll come to this point and who’ll take time to answer me.

Have a great day y’all