I copy the id_rsa private key from “cat /root/.ssh/id_rsa” the I try to ssh back into IP and Port and add “-i id_rsa” but get Permission Denied Public Key. I cannot figure out why. But also there must be many other ways to get this flag?
In general, to get better help it’s best to at least post your connection string, error messages and the steps you took (which there are about 5 steps for the way you are doing it and that I did it). To answer your question, I have no idea if there are other ways. Did you chmod the id_rsa to 600 like the text says?
Additionally, to avoid creating too many threads on the same topic: how exactly does this exploit work? I’m copying root’s private key to my attack computer, and then through the power of ssh using the root’s private key to perform a passwordless login. So that is what the tutorial text says. But does anyone have a resource as to how this is possible, is it just a feature of ssh that if you know the other user’s private key you can log in as them?
I’m really new to all of this, so I apologize if this is a stupid question.