# SSH

Explained at: [Linux Essentials/SSH](/the-vx-files/linux-essentials/index/ssh.md)

{% code title="Syntax" %}

```bash
##SSH Client
ssh user@IP                        #Basic connection, will ask if we trust the fingerprint and save it on .ssh/known_hosts then asks for the password of the user you are connecting to
ssh user@IP -p n                   #Specify port to connect, by default ssh goes on port 22
ssh-keygen                         #Generate a asymmetric key pair, by default RSA and stored in ~/.ssh/ as id_rsa and id_rsa.pub !!Careful if writting the same name it will overwrite existing key
ssh-keygen -t <type>               #Specify asymmetric algorithm to use: dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa !By default the standard rsa
ssh-keygen -C "comment"            #Adds a comment at the end of the public key, if not added by default will be your "username@hostname" 
ssh-copy-id -i ~/.ssh/pubkey.pub user@IP #Directly copies the specified public key into the authorized_keys file of the speficied server
ssh -i ~/.ssh/privateKey user@IP   #Connects using the specified private key, expects its public matching key to be at the server's authorized_keys file
ssh-add ~/-ssh/privateKey          #Uses the ssh-agent to store the private key credentials in cache memory until closing the session, so you only have to input the password 1 time


##SSHD(Daemon) Server
#For debian-based it's "ssh", other distros could use "sshd"
systemctl start ssh              #Starts sshd service
systemctl status ssh             #Check sshd service status
systemctl restart ssh            #Restart the sshd service
systemctl stop ssh               #Stops the sshd service !Will NOT close already established connections
systemctl enable ssh             #Starts sshd service automatically at system start
systemctl disable ssh            #Disables sshd service from starting automatically at system start          

#In /etc/sshd_config file - Uncomment to activate - Restart to apply changes
Port n                            #Establish port to listen for ssh connections
PermitRootLogin yes|no            #Establish if you are able to login as root via ssh  ?For security, if the user you will connect already has sudo or you are not the sysadmin its recommended to "no"
PermitRootLogin prohibit-password #Root will be able to login, but only using public key authentication, not password
PasswordAuthentication yes|no     #Establish if users will be able to login via password, if "no" they will need public key authentication ?"no" and using public key are considered best practice
#"Permission denied (publickey)" error indicates that the server has password authentication disabled


```

{% endcode %}

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://malcrvz.gitbook.io/the-vx-files/network-pentesting/tools/5.-post-exploitation-and-persistence/ssh.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.