Skip to content

22 - Pentesting ssh

SSH stands for "Secure Shell". It is a network protocol that provides secure encrypted communications between two untrusted hosts over an insecure network. SSH is commonly used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and transferring files. It is widely used as a secure alternative to traditional unencrypted protocols like Telnet and FTP.


sudo nmap -p 22 -sC -sV -Pn $IP
sudo nmap -p 22 --script=ssh-* $IP


ssh with password

ssh msfadmin@$IP
|<- msfadmin

ssh -oHostKeyAlgorithms=+ssh-dss msfadmin@$IP
|<- msfadmin

ssh with key

chmod 400 id_rsa
ssh -i id_rsa root@$IP
ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -i id_rsa root@$IP


sshpass -p pass123 ssh root@$IP