> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-7/ssh/key-based-authentication/trick-0626.md).

# SSH Login With Recovered Private Key

***

You can use a recovered SSH private key file (`id_rsa`) to authenticate to a target server. Ensure the private key file has the correct permissions before attempting the connection. The correct permissions for an SSH private key file should be 0600. This means the owner has read and write permissions, and no one else (group or other users) has any permissions. Setting permissions to 600 means you can read and write the file, but nobody else can do anything with it. The private key should be readable *only* by the user who owns it.

```bash
chmod 600 id_rsa
```

If the permissions on your private key file are too open, SSH will refuse to use it, and you will likely see an error message like 'Permissions 0644 for '/home/user/.ssh/id\_rsa' are too open'. Permissions 0644, for instance, mean the owner has read and write permissions, while the group and others have read permissions, which is too permissive for a private key file.

Then, use the `ssh` command with the `-i` flag to specify the path to the private key file, along with the username and the target machine's IP address:

```bash
ssh -i id_rsa cactus@$MACHINE_IP
```

You can specify the path to your private key file using the `-i` option followed by the file path. For example, to connect using a key located at `/path/to/private/key.pem`, you would use a command structure similar to:

```bash
ssh -i /path/to/private/key.pem user@host
```
