> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/credentials/filesystem-search/trick-0585.md).

# Access World-Readable SSH Private Key

***

Check user home directories like `/home/`, look for `.ssh` directories, and list their contents with permissions. You can search for private key files like `id_rsa`, `id_dsa`, `id_ecdsa`, or `id_ed25519` across the filesystem, potentially focusing on home directories first.

```bash
ls -l /home/
find /home/ -name id_rsa 2>/dev/null
ls -l /home/think/.ssh/
cat /home/think/.ssh/id_rsa
```

If an `id_rsa` file is found and has world-readable permissions (e.g., `-rw-r--r--`), you can read its content. SSH requires that your private key files have permissions that are not too 'open'. The recommended permissions for a private key file are 600 (-rw-------). This means you can read and write to the file, but nobody else (not in your group, and not other users) has any access to it.

Copy the key content found in `/home/think/.ssh/id_rsa` to a file on your attacker machine (e.g., named `id_rsa`). SSH clients require strict permissions on private keys. Set the correct permissions on your copy and use it to authenticate via SSH.

```bash
chmod 600 id_rsa
ssh -i id_rsa think@<MACHINE IP>
```
