• Description
    The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key.
    Solution
    Remove the vulnerable public keys from the SSH server.
    See Also
    Output
    • Nessus was able to verify the following users and public SSH keys
      (with publicly known private keys) are accepted :
      
        User : vagrant
        Key  : ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==
      
      Port Hosts
      22 / tcp / ssh
      192.168.1.9

      Open Metasploit, and use module auxiliary/scanner/ssh/ssh_login

      Description:
      This module will test ssh logins on a range of machines and report
      successful logins. If you have loaded a database plugin and
      connected to a database this module will record successful logins
      and hosts so you can track your access.

      screenshot-from-2016-11-29-16-05-31

      Set your USERPASS_FILE, RHOSTS, THREADS… parameters and then use run command

      screenshot-from-2016-11-29-16-07-00

      I found ssh credential and get shell

      screenshot-from-2016-11-29-16-09-04

      DEMO