2

I'm currently trying to get basic shell to an educational linux machine. I'm not an expert when it comes to ssh authentication and keys. I have done only basic ssh setup in the past and I have messed a little bit the public and private keys.

My questions is: I have managed to obtain the public keys (ssh_host_rsa_key.pub, ssh_host_dsa_key.pub) and the authorized keys file. Is there any possible way to combine this info to login via ssh without providing a password?

GeorgeK
  • 31
  • 3
  • 1
    Your public key goes in the authorized_keys file on the server. Google can give you the exact details. If you don't have access to the server to put your public key there, then you need someone else to do it for you. The server's public keys do you no good. You will have to generate your own private/public key pair – Conor Mancone Nov 01 '18 at 11:50
  • I have access to the file system but it is limited, so I can't change this particular file. Even if I generate a priv/public key pair I can't add it to the server – GeorgeK Nov 01 '18 at 12:05
  • 1
    Then you'll have to find someone who can. That's how this normally works - you generate a private/public key pair, private key goes in your .ssh folder (for unix-like environments) and the public key goes in the authorized_keys file. – Conor Mancone Nov 01 '18 at 12:10
  • actually this is an old debian system so I will try this first https://github.com/g0tmi1k/debian-ssh – GeorgeK Nov 01 '18 at 12:29

3 Answers3

0

In order to login, since you can't add a public key in the remote server, you need a private key. So some choices you have are:

  1. enumerate more and maybe you get lucky by finding the corresponding private key
  2. check if you can access sensitive files e.g. /etc/shadow etc... and if you can try to break a user's hash. Maybe the password revealed can get you ssh access.
  3. Since, from your comment this is an old debian system, as you correctly pointed out, brute-forcing the corresponding private key is worth-trying.
game0ver
  • 585
  • 4
  • 12
  • are you talking about the private key of the server or the client? Also the shadow file is not accessible, so not a chance to follow step 2. – GeorgeK Nov 01 '18 at 13:25
  • You need the private key of the remote server in order to connect if that's what you mean. In case you could place your public key on the remote server then you could use your private key. – game0ver Nov 01 '18 at 13:27
  • I will look for the server private key. It is not accessible from the default location /etc/ssh/ but there is a chance to find it elsewhere. I will also try the brute force method. I think that I have higher chances with the brute force. – GeorgeK Nov 01 '18 at 13:31
  • Yes, I have to agree, since it's an old debian system I think the best option is 3. Also if you have downloaded the keys, it is pretty fast to check if you can find the corresponding private key. – game0ver Nov 01 '18 at 13:34
0

I'm assuming you are trying to set up an already authorized account with keys so you can stop using passwords. My answer may not be suitable or sufficient if you are doing penetration testing.

It appears that you have the purposes of the host keys and user keys for SSH mixed up. Host keys (those found in /etc/ssh) are for authenticating the server to the client. User keys (those found in your authorized_keys file) are for authenticating you to the server. So it looks like what you want is to provide public keys for your authorized_keys file. You may safely ignore the host keys for this purpose.

Out of the box, most systems expect you to generate a key pair on the device from which you are connecting to the server, and then either log in to the system with a password and transfer the public key to your ~/.ssh/authorized_keys file, or submit your public key to a service which installs the key on your behalf before you can log in. If you're using PuTTY or similar on a PC, use PuTTYgen to generate a key pair. On a Linux or other Unix system, use ssh-keygen.

Mike McManus
  • 1,415
  • 10
  • 17
0

Super easy. Just add both of those public keys to a file called authorized_keys in the directory /home/<your user name>/.ssh/ on the remote server (you'll need to login with your credentials to do this the first time). If the path doesn't exist yet, create it. Put each public key on a separate line.

In most cases this will work, but you might have to enable key based authentication. I can tell you how to do that if needed.

MikeSchem
  • 2,266
  • 1
  • 13
  • 33