22 - SSH
Usage
ssh user1@10.10.10.10 -p 2222 'ls /home/user1/'# Local to remote (upload)
scp file1 user@172.16.10.10:/tmp/file1
# Remote to local (download)
scp user@172.16.10.10:/tmp/file1 ./file1If error messages pop up, try -O:
$ scp -i id_rsa ./authorized_keys bob@sorc:/home/bob/.ssh/authorized_keys
scp: Received message too long 1094927173
scp: Ensure the remote shell produces no output for non-interactive sessions.
$ scp -O -i id_rsa ./authorized_keys bob@sorc:/home/bob/.ssh/authorized_keys# Generate key pair
$ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
# Add public key to authorized keys
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# Read private key
$ cat .ssh/id_rsaAuth Methods
Supported authentication methods.
nmap -p22 -script=ssh-auth-methods <IP>Audit
$ ssh-audit 192.168.0.24
# general
(gen) banner: SSH-1.99-OpenSSH_2.9p2
(gen) protocol SSH1 enabled
(gen) software: OpenSSH 2.9p2
(gen) compatibility: OpenSSH 2.5.0-6.6, Dropbear SSH 0.47-0.52
(gen) compression: enabled (zlib)
<SNIP>Brute Force
PPK to PEM
Convert a Putty user key file (.ppk) to an SSH .pem file.
For an example of the above process check Keeper.
Private Keys
Key Types
SSH supports multiple key types, each with a default filename, thus, when trying to exfiltrate one don't just search for id_rsa!
Key Type
Private Key File
Public Key File
RSA
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
ECDSA
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa.pub
ED25519
~/.ssh/id_ed25519
~/.ssh/id_ed25519.pub
DSA (old)
~/.ssh/id_dsa
~/.ssh/id_dsa.pub
ECDSA and ED25519 are newer and generally faster/smaller than RSA.
ED25519 is currently the recommended default for many systems (
ssh-keygendefaults to it now).RSA is still widely supported, but 4096-bit keys are preferred now due to security standards.
Last updated
Was this helpful?