Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Check SSH Version
Config Location
/etc/ssh/sshd_config
Sample Output:
TO-DO# Grep contents
grep -Ev "^#" /etc/ssh/sshd_config | grep .
Sample Output:
TO-DOGenerate SSH Key
ssh-keygen
Sample Output:
TO-DO# Set filename, leave passphase blank
./id_rsa
Sample Output:
TO-DO# After creation
chmod 600 id_rsa
Sample Output:
TO-DOCheck Public Key
ssh-keygen -l -f id_rsa
Sample Output:
TO-DOGenerate No Passphrase SSH Key from Encrypted Key
openssl rsa -in <ENC_KEY> -out ./id_rsa
Sample Output:
TO-DO# OpenSSH format
ssh-keygen -p -P '<PASSPHRASE>' -N '' -f <ENC_KEY>
Sample Output:
TO-DOConvert .ppk to .pem Format
# Install
sudo apt install putty-tools
Sample Output:
TO-DO# Convert to private key in pem format
puttygen key.ppk -O private-openssh -o key.pem
Sample Output:
TO-DO# Convert to public key in pem format
puttygen key.ppk -O public-openssh -o key.pem.pub
Sample Output:
TO-DOAdd SSH Access to Target (Linux)
cat id_rsa.pub
Sample Output:
TO-DOecho <BASE64_PUB_KEY> >> /home/<USER>/.ssh/authorized_keys
Sample Output:
TO-DOAdd SSH Access To Target (Windows)
User
Add-Content -Path "C:\Users\<USER>\.ssh\authorized_keys" -Value "<BASE64_PUB_KEY>"
Sample Output:
TO-DOAdministrator
Add-Content -Path "C:\ProgramData\ssh\administrators_authorized_keys" -Value "<BASE64_PUB_KEY>"
Sample Output:
TO-DO# Set file permissions
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /remove "Everyone"
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /grant:r "Administrators:F"
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /grant:r "SYSTEM:F"
Sample Output:
TO-DOSSH Connect
ssh <USER>@<TARGET>
Sample Output:
TO-DO# After first connection (i.e., after 'yes' to fingerprint prompt)
sshpass -p '<PASSWORD>' ssh <USER>@<TARGET>
Sample Output:
TO-DO# Connect to a domain-joined machine
ssh -l <USER>@<DOMAIN> <TARGET_DOMAIN>
Sample Output:
TO-DOssh <USER>@<TARGET> -i id_rsa
Sample Output:
TO-DO# Fix: no matching host key type found. Their offer: ssh-rsa,ssh-dss
ssh <USER>@<TARGET> -i id_rsa -oHostKeyAlgorithms=+ssh-rsa
Sample Output:
TO-DO# Fix: sign_and_send_pubkey: no mutual signature supported
ssh <USER>@<TARGET> -i id_rsa -o PubkeyAcceptedKeyTypes=ssh-rsa
Sample Output:
TO-DONote: Always append a new line in id_rsa key
1. Edit '/etc/ssh/sshd_config'
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Sample Output:
TO-DO2. Edit '/etc/krb5.conf'
# In UPPER case
[libdefaults]
default_realm = <DOMAIN>
[realms]
<DOMAIN> = {
kdc = <DC>:88
admin_server = <DC>
default_domain = <DOMAIN>
}
[domain_realm]
.domain.internal = <DOMAIN>
domain.internal = <DOMAIN>
Sample Output:
[libdefaults]
default_realm = ABSOLUTE.HTB
[realms]
ABSOLUTE.HTB = {
kdc = DC.ABSOLUTE.HTB:88
admin_server = DC.ABSOLUTE.HTB
default_domain = ABSOLUTE.HTB
}
[domain_realm]
.domain.internal = ABSOLUTE.HTB
domain.internal = ABSOLUTE.HTB
3. Import TGT
# Import TGT
export KRB5CCNAME=<CCACHE>
Sample Output:
TO-DO# Check
klist
Sample Output:
TO-DO4. Connect
ssh -K -l <USER>@<DOMAIN> <TARGET_DOMAIN>
Sample Output:
TO-DO# Spawn target shell to escape restricted shell
ssh <USER>@<TARGET> -t bash
Sample Output:
TO-DOSFTP Connect
sftp <USER>@<TARGET>
Sample Output:
TO-DO# After first connection (i.e., after 'yes' to fingerprint prompt)
sshpass -p '<PASSWORD>' sftp <USER>@<TARGET>
Sample Output:
TO-DO