Academy | Getting Started | Privilege Escalation

I’ve managed to get myself completely stuck on the last part of the Privilege Escalation in the HTB Academy.

All signs point towards getting hold of the users id_rsa, copy and chmod, and then ssh in with the copied credentials. However when I do this I’m asked for a password and that’s as far as I can get.

I did notice something though, when I was doing a very similar task on TryHackMe, I copied over the contents of the id_rsa, and pasted them into a blank document via the file manager. When I saved the file, the icon changed to a key (which says to me that linux has recognised it as an ssh key), but when I do the same procedure in the HTB instance, it stays as a generic text file, suggesting that it’s not recognised as a key, and that would be why the password is still asked for.

I have absolutely no idea how to get round this issue, so any help would be appreciated!

P.S There is a Reddit thread on this topic Reddit - Dive into anything , but it hasn’t helped so far

1 Like


After banging my head against a wall for weeks, I was watching one of John Hammond’s videos, and he made a point of mentioning that when copying id_rsa keys, you need to make sure that there is a blank line at the bottom, underneath where it says “End of Key”.

Once I amended that it logged in with no issues

1 Like

Thank you for this post MetalMonkey667. I’ve spent days trying to get past this. I’ve copied the id_rsa file to both nano and vim, and added and extra line at the end. In each case, when I try to ssh to user2 using the file, I get the error:

Load key “id_rsa”: invalid format

If I do anything else (eg pre adding the extra line), I get asked for a password for user2, which of course I don’t have.

It sounds so straightforward, but is there a specific way to add the extra line in vim so I don’t get the format error please?

I think the mtealMonkey point was about the second flag to get root access.

Regarding user2 you can use the command line sudo -u user2 /bin/bash to get access

Hi guys,

I get the error message Load key “id_rsa”: invalid format when trying to connect to root with ssh user@spawn -i id_rsa.
I have tried to copy the private key content on a new files in my local machine using both vim and nano and same results.
Is anyone have an idea of why I get that result?


make sure u use root as user -->ssh root@[ip-address] -p[port] -i id_rsa

It was confusing, but I succeeded, first it is to do the sudo -l and depending on what pss adds to you is that…

and the second flag a very important clue was to put root instead of user1 or user2
example: ssh root@(ip) -p(port) -i(the filename id_rsa)

note: sorry my english is bad

Hello, after several hours trying the same thing I ended up giving up because despite the help on the forums I can not connect as root with the ssh key, I am always asked for a password that I am obviously not, I followed to the letter all the comments on the forums nothing works would someone be in the same case as me please? sorry for my English is Google Translate

Prompt 1: SSH into the server above with the provided credentials, and use the ‘-p xxxxxx’ to specify the port shown above. Once you login, try to find a way to move to ‘user2’, to get the flag in ‘/home/user2/flag.txt’.

  • ssh [given user]@[given ip] -p [given port number of target IP]
  • sudo -l
  • sudo -su user2
  • cd ~
  • ls
  • cat flag.txt

Prompt 2: Once you gain access to ‘user2’, try to find a way to escalate your privileges to root, to get the flag in ‘/root/flag.txt’.

  • whoami
  • cat /root/.ssh/id_rsa
  • copy results
  • cd ~

On a new cmd console (not within user2 of target ip but a cmd on the hackthebox user home) :

  • vim id_rsa
  • paste contents into id_rsa

Note: You can delete lines with the shift + v for visual mode (should not need to complete exercise). Source: [How can I delete multiple lines in vi? - Stack Overflow]
(How can I delete multiple lines in vi? - Stack Overflow)

Note: You can also edit individual characters within the vim by pressing ‘i’ (should not need to complete exercise). Press esc to exit INSERT mode. Source: How To Edit A File Using Vim On A Linux System – Systran Box


  • Compare cat of id_rsa to cat /root/.ssh/id_rsa

Note: You can also check the word-counts of both files with: wc /home/user2/id_rsa


  • chmod 600 id_rsa
  • ssh root@ -p -i id_rsa

Note: You do not need to provide a path to the file; this is most likely due to the fact the hackthebox homd cmd console not having a id_rsa file


  • ls
  • cat flag.txt

Notable commands attempted during exercise (should not need to complete the exercise):
1). You can check your current directory in linux with: pwd

2). You can also cancel a bad command with: cntrl + z