LHOST – local host

RHOST – remote host


  • generate ssh keys on LHOST

ssh$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):  if you do not type password during log in to remote host you will be logged automatically without password
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
5d:71:b6:a4:bc:2a:fb:32:49:9e:b6:36:19:e4:9e:3e user@LHOST
The key’s randomart image is:
+–[ RSA 2048]—-+
| . + |
| . * . |
| + . |
| .. . . |
| oS . . |
| + . |
| +.*. |
| Eo |
| ++B. |

I had old keys so system asked me if I want to overwrite, if you do this for the first time there will not be warning.

If you wish you can use separate ssh keys for log in to different devices however I prefer to have one keys to all systems.

  • copy  public key from id_rsa.pub and paste to /home/remoteuser/.ssh/authorized_keys file on remote system(RHOST)


id_rsa.pub can looks like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINr3nPychwGbTiiL3k3Z5pnMYPyrP0FRfvWaPj2/MQdTZmGmG5cH………


  • check ssh daemon configuration on remote host if allows log in using via ssh keys.


  • if you get following errors on your LHOST:(using ssh -v!)
Agent admitted failure to sign using the key. Permission denied (publickey).
it means your agent still keeps old public keys.
Solution is to add new private key to keys database via ssh-add

ssh-add path_to_key
Enter passphrase for /home/user/.ssh/id_rsa: 
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)

or logout and login again.
  • you can check all identity in your ssh-agent typing command

ssh-add -l
2048 ac:52:8e:f6:d6:a9:7b…………7 user@host (RSA)
2048 ac:52:8e:f6:d6:a9:7b:b…………. /home/user/.ssh/id_rsa (RSA)


dzbanek 2012-12-25