Authentication via ssh keys
LHOST - local host
RHOST - remote host
- generate ssh keys on LHOST
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): if you do not type password during log in to remote host you will be logged automatically without password
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| . + |
| . * . |
| + . |
| .. . . |
| oS . . |
| + . |
| +.*. |
| Eo |
| ++B. |
I had old keys so system asked me if I want to overwrite, if you do this for the first time there will not be warning.
If you wish you can use separate ssh keys for log in to different devices however I prefer to have one keys to all systems.
- copy public key from id_rsa.pub and paste to /home/remoteuser/.ssh/authorized_keys file on remote system(RHOST)
id_rsa.pub can looks like:
- check ssh daemon configuration on remote host if allows log in using via ssh keys.
- if you get following errors on your LHOST:(using ssh -v!)
Agent admitted failure to sign using the key. Permission denied (publickey).
Enter passphrase for /home/user/.ssh/id_rsa:
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
- you can check all identity in your ssh-agent typing command
2048 ac:52:8e:f6:d6:a9:7b............7 user@host (RSA)
2048 ac:52:8e:f6:d6:a9:7b:b............. /home/user/.ssh/id_rsa (RSA)