ssh

Tips and tricks for working with ssh

Create an SSH Key

ED25519 is generally recommended as a better option than RSA 4096

# Create an ED25519 key pair 
ssh-keygen -t ed25519 -f ~/.ssh/new_key 

# Create a 4096-bit RSA key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_key

# Add this to the above commands to create the key without a passphrase
-N ""

# The command will output two files (private and public key pair)
new_key
new_key.pub

Add an SSH Key to the authorized_keys file

If you have code execution on a system and SSH is configured, you can add your Public SSH key to it and be able to SSH into it with your Private key (provided SSH is enabled)

You'll need to add your Public key to the system you want to SSH into and then you can SSH using your Private key

# Add the key to the target authorized_keys file to then ssh into it
ssh-copy-id -i ~/.ssh/new_key.pub user@host

# Another option
echo $(cat ~/.ssh/new_key.pub) >> ~/.ssh/authorized_keys

# The public key should be added to the ~/.ssh/authorized_keys file on the host
cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJheI2Qn4O8UamoMG8AgWL4YvH2YPtUQUl6ERRczNWZE parallels@kali-linux-2024-2

Generate a Public Key from a Private Key

With access to a Private Key, we can generate the corresponding Public Key
This is useful if we've lost the key or to get information on the user and system it was generated on

ssh-keygen -y -f ~/.ssh/new_key > ~/.ssh/new_key.pub

Specify a Specific SSH Key to Use

If you have multiple SSH keys loaded into your SSH agent and try connecting to a server, sometimes the server will reject the connection because too many keys are being used to authenticate
The way around this is to use the parameter -o "IdentitiesOnly=yes" which specifies the exact key to use i.e., any other SSH keys will be ignored

ssh -i ~/.ssh/my_key -o "IdentitiesOnly=yes" user@host

Certificate-based Authentication for SSH

Certificates provide more security over passphrases but require a Certificate Authority (CA) to set up
Additionally, Certificates have metadata that can be used for user identification, expiring access, role-based access control, and more

Previousngrok NextCoding and Scripting

Last updated 5 months ago

Was this helpful?

Create an SSH Key

ED25519 is generally recommended as a better option than RSA 4096

# Create an ED25519 key pair 
ssh-keygen -t ed25519 -f ~/.ssh/new_key 

# Create a 4096-bit RSA key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/new_key

# Add this to the above commands to create the key without a passphrase
-N ""

# The command will output two files (private and public key pair)
new_key
new_key.pub

Add an SSH Key to the authorized_keys file

If you have code execution on a system and SSH is configured, you can add your Public SSH key to it and be able to SSH into it with your Private key (provided SSH is enabled)

You'll need to add your Public key to the system you want to SSH into and then you can SSH using your Private key

# Add the key to the target authorized_keys file to then ssh into it
ssh-copy-id -i ~/.ssh/new_key.pub user@host

# Another option
echo $(cat ~/.ssh/new_key.pub) >> ~/.ssh/authorized_keys

# The public key should be added to the ~/.ssh/authorized_keys file on the host
cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJheI2Qn4O8UamoMG8AgWL4YvH2YPtUQUl6ERRczNWZE parallels@kali-linux-2024-2

Specify a Specific SSH Key to Use

If you have multiple SSH keys loaded into your SSH agent and try connecting to a server, sometimes the server will reject the connection because too many keys are being used to authenticate

The way around this is to use the parameter -o "IdentitiesOnly=yes" which specifies the exact key to use i.e., any other SSH keys will be ignored

ssh -i ~/.ssh/my_key -o "IdentitiesOnly=yes" user@host