Hacking Tutorial

Cracking SSH Keys Using John

Once you’ve come across an SSH key, they are sometimes encrypted and require a password to be passed along with it before you’re able to successfully use it for authentication. When this occurs, we can leverage John to extract the hash used to encrypt this key and attempt to crack it offline.


First, we’ll start by extracting the hash using SSHng2John.
python sshng2john.py ssh.key

Then we can rerun the above command, but redirect to a file.
python sshng2john.py /root/ssh.key > hash.ssh

And finally, we can pass it to John for cracking against a dictionary file.
john --wordlist=/opt/wordlists/rockyou.txt hash.ssh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s