About SSH-free login during penetration testing

Penetration testing process, often encounter the server system for Linux-related situations, kitchen knives under the view of permissions, sometimes good luck or root permissions. A long time ago for the root of the Linux server, during the infiltration process I really do not know how to start. Later, I know, if it is root permission, we can see whether open 22 port, if it is open, very good, you can log on to the server via SSH public key authentication, to achieve full access to the server and control operations. This article is not a new text, the Internet also has, here I just leave a note, follow-up may be used. Don't say more, let's get started.

Public key authentication: The use of a pair of cryptographic strings, one called public key, anyone can see its contents for encryption, and the other is called the key (private key), only the owner can see, for decryption. Ciphertext encrypted with a public key can be easily decrypted using a key, but it is difficult to guess the key based on the public key. Before using public key authentication, first check the server's SSH configuration file/etc/ssh/sshd_config

Rsaauthentication Yes        # Enable RSA authentication, default is Yes
Pubkeyauthentication Yes     # Enable public key authentication, default is Yes

The above configuration is only the basic configuration, see the other articles in the configuration, there are several key points are as follows:

Rsaauthentication Yes
Pubkeyauthentication Yes
Serverkeybits 1024
Passwordauthentication Yes
Permitrootlogin Yes
Authorizedkeysfile. Ssh/authorized_keys

The above configuration can ensure that both password-free login is not affected by the user name password login. If the configuration is OK, then proceed to the next step.

generate public and private keys locally: Use the Ssh-keygen command to generate a public private key. I implemented it in the Kali in the virtual machine, as shown in:

After executing the above command, the public key is generated in the/root/.ssh/directory.

Server settings:

First step: If the Authorized_keys file already exists under the target site/root/.ssh/, append the public key file to the Authorized_keys file. If Authorized_keys is not present, upload the public key file id_rsa.pub and rename it to Authorized_keys.

Id_rsa.pub >>./authorized_keys

Step Two: Modify the Authorized_keys permissions to 600, modify the. SSH directory permission to 700:

chmod 700/root/.ssh
chmod 600/root/.ssh/authorized_keys

After Setup is complete, execute the command service sshd restart (some may be service ssh restart) to restart SSH.

This allows for password-free login.

About SSH-free login during penetration testing