• Description
    The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key.
    Remove the vulnerable public keys from the SSH server.
    See Also
    • Nessus was able to verify the following users and public SSH keys
      (with publicly known private keys) are accepted :
        User : vagrant
        Key  : ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==
      Port Hosts
      22 / tcp / ssh

      Open Metasploit, and use module auxiliary/scanner/ssh/ssh_login

      This module will test ssh logins on a range of machines and report
      successful logins. If you have loaded a database plugin and
      connected to a database this module will record successful logins
      and hosts so you can track your access.


      Set your USERPASS_FILE, RHOSTS, THREADS… parameters and then use run command


      I found ssh credential and get shell