search

SSH

hashtag
The SSH Protocol

SSH (Secure Shell) was developed as a secure alternative to earlier network protocols like FTP, Telnet, and RSH, which facilitated data exchange between machines but lacked security features such as authentication, data integrity, and confidentiality.

Key RFCs Defining SSH:

  • RFC 4250 & RFC 4251 β€” Define the protocol's architecture and terminology.

  • RFC 4252 β€” SSH-USERAUTH for client authentication; key-based authentication is recommended.

  • RFC 4253 β€” SSH-TRANS for server authentication and secure communication channel establishment (ensuring data integrity and confidentiality).

  • RFC 4254 β€” SSH-CONNECT, which specifies command handling and data multiplexing.

The default SSH port is 22, but port forwarding can be configured.

cd /etc/ssh
nano sshd_config

hashtag
Use Cases

  • SSH should be used instead of Telnet, RSH, and RLOGIN for remote administration.

  • SCP or SFTP should be used instead of RCP and FTP for file transfers.

  • SSH is also used for port forwarding.

hashtag
Pentesting SSH

hashtag
Password Cracking with Hydra

hashtag
Passphrase Cracking with John

hashtag
Authentication with Metasploit

Password-based Authentication

Key-based Authentication

Persistence

After establishing a meterpreter shell, you can set up persistence. The key pair created is located at /root/.msf4/loot.

Gathering Information

hashtag
Nmap Scripts

Basic SSH brute force

SSH brute force with custom username and password lists

Identify SSH authentication methods

hashtag
References

PreviousSmbclientNextTunneling

Last updated