SSH login without password
You want Enterprise Recon to do an automatic login from Proxy Agent host A / user a to Target Server Host B / user b, without using a password.
Step 1. Build the Keys to replace Password Authentication
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/a/.ssh/id_rsa): Created directory '/home/a/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/a/.ssh/id_rsa. Your public key has been saved in /home/a/.ssh/id_rsa.pub. The key fingerprint is: 3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh b@B's password:
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' b@B's password:
From now on you can log into B as user b from A as user a without password:
a@A:~> ssh b@B
Note: Depending on your version of SSH you might also have to do the following changes:
- Put the public key in .ssh/authorized_keys2
- Change the permissions of .ssh to 700
- Change the permissions of .ssh/authorized_keys2 to 640
Step 2. Add the Private Key to Enterprise Recon
Under Scanning, Target Credentials Manager, Add a new credential of type Server.
Enter the username ( user b )
Click browse next to 'Private Key File:'
upload the file that was saved as
Note: next to Browse it says "Ex: SSL certificate (.pem), Private key file(.p12)"
The id_rsa file above is a pem file (of the type described by .key below),
the .p12 type is not used for ssh server connections in ER2, only for cloud services.
Background on key file types
- .pem Defined in RFC's 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files
/etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
- .key This is a PEM formatted file containing just the private-key of a specific certificate and is merely a conventional name and not a standardized one. In Apache installs, this frequently resides in
/etc/ssl/private. The rights on these files are very important, and some programs will refuse to load these certificates if they are set wrong.
- .pkcs12 .pfx .p12 Originally defined by RSA in the Public-Key Cryptography Standards, the "12" variant was enhanced by Microsoft. This is a passworded container format that contains both public and private certificate pairs. Unlike .pem files, this container is fully encrypted. Openssl can turn this into a .pem file with both public and private keys:
openssl pkcs12 -in file-to-convert.p12 -out converted-file.pem -nodes
All information in this article is accurate and true as of the last edited date.