> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-7/ssh/key-based-authentication/trick-0608.md).

# SSH Access via Compromised Private Key

***

After locating a user's private SSH key file (often found in the user's `.ssh` directory on a compromised system, typically named `id_rsa` or `id_dsa`), retrieve it to your local machine. Before using it, ensure the file has correct permissions set locally to prevent SSH from rejecting it.

```bash
chmod 600 /path/to/your/local/private_key_file
```

Setting the permissions to `600` grants the owner read and write permissions (`rw-------`), while denying any access to the group or others. This is a standard and secure permission setting for private keys, as SSH clients will typically refuse to use a key file if its permissions are too open, preventing unauthorized access to the sensitive key material.

Then, use the key file for authentication when connecting via SSH, specifying the key file with the `-i` flag.

```bash
ssh -i /path/to/your/local/private_key_file username@target_ip
```

Replace `/path/to/your/local/private_key_file` with the actual path to the downloaded key, `username` with the user the key belongs to, and `target_ip` with the target system's IP address.
