Adding your SSH Public Key to a Remote Host

IAmPLANT
2 min readJun 22, 2024

--

This article will demonstrate how to gain a foothold on your target by adding your SSH public key to the target host which would allow you to authenticate to the target via your personal SSH private key

Overview

some situations where you may find this useful in getting a foothold on your target

  • You have file upload rights to the .ssh folder of a user in your target machine
  • This file upload vector does not allow for execution of scripts/code (making reverse shell execution out of the question)
  • Example: a file manager web application program which allows for file upload, but not file execution

lets proceed to go through the steps of this exploitation technique

Generating the SSH key pair

On your main machine, execute the following the generate your ssh public:private key pair

ssh-keygen

Your Public key will be saved as id_rsa.pub and your private key will be saved as id_rsa.

After you have gotten your keys, copy the content of id_rsa.pub

Adding Public Key to Authorized Keys

On your target machine, paste the content of your public key (id_rsa.pub) to the authorized_keys file of the user you wish to authenticate as:

/home/user/.ssh/authorized_keys

root authorized_keys is in:

/root/.ssh/authorized_keys

Note: if the authorized_keys file does not exist, create one

Authenticating with Private key

Now on your main machine, set the appropriate permissions to your private key:

chmod 600 id_rsa

SSH in with your private key:

ssh -i id_rsa user@host

--

--

IAmPLANT

I am CS student currently on the path to taking my OSCP exam, i will be sharing bits and pieces of new and interesting things I have learnt on this Journey