Skip to content

Combine ssh_login and ssh_login_pubkey modules #20704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cpomfret-r7 merged 1 commit into from
Dec 8, 2025
Merged

Combine ssh_login and ssh_login_pubkey modules #20704

cpomfret-r7 merged 1 commit into from
Dec 8, 2025
+272 −341

Conversation

@dwelch-r7
Copy link
Contributor

@dwelch-r7 dwelch-r7 commented Nov 18, 2025
edited by cpomfret-r7
Loading

Resolves #14902

Combines the ssh_login and ssh_login_pubkey modules for an improved user experience

There will be an accompanying Pro PR so I will draft this until we're sure Pro works with these changes

my setup for testing can be found here #20546

Verification Steps

  • Run the ssh_login module and gain a session with username/password
  • Run the module again and gain a session with a non-password protected private key (via KEY_PATH and PRIVATE_KEY)
  • Run the module again and gain a session with a password protected private key (via KEY_PATH and PRIVATE_KEY)

dwelch-r7
dwelch-r7 commented Nov 18, 2025
View reviewed changes
@dwelch-r7 dwelch-r7 force-pushed the combine-ssh-login-modules branch from 2eb18cc to b29aba1 Compare November 18, 2025 16:16
@smcintyre-r7 smcintyre-r7 self-assigned this Nov 18, 2025
@dwelch-r7 dwelch-r7 force-pushed the combine-ssh-login-modules branch from b29aba1 to 95e62cf Compare November 19, 2025 11:59
@dwelch-r7 dwelch-r7 force-pushed the combine-ssh-login-modules branch from 95e62cf to c461a1b Compare November 27, 2025 12:54
@dwelch-r7 dwelch-r7 marked this pull request as ready for review November 27, 2025 12:54
ptownes-r7
ptownes-r7 reviewed Nov 27, 2025
View reviewed changes
modules/auxiliary/scanner/ssh/ssh_login.rb
@ip = ip
print_brute :ip => ip, :msg => 'Starting bruteforce'

if datastore['USER_FILE'].blank? && datastore['USERNAME'].blank? && datastore['USERPASS_FILE'].blank?
Copy link

@ptownes-r7 ptownes-r7 Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to avoid chaining && maybe something like?

Suggested change
if datastore['USER_FILE'].blank? && datastore['USERNAME'].blank? && datastore['USERPASS_FILE'].blank?
if datastore.values_at('USER_FILE', 'USERNAME', 'USERPASS_FILE').all?(&:blank?)

@cpomfret-r7
Copy link
Contributor

cpomfret-r7 commented Dec 2, 2025
edited
Loading

My testing

Created a keypair for testing: ssh-keygen -t ed25519 -C "[email protected]"

Username & Password

Setup SSH server

docker run -e PASSWORD_ACCESS=true -e USER_PASSWORD=password -e USER_NAME=username -e LOG_STDOUT=true -p 2222:2222 lscr.io/linuxserver/openssh-server:latest

Confirmed session created with:

run RHOSTS=127.0.0.1 RPORT=2222 USERNAME=username PASSWORD=password

or put username/password in files:

run RHOSTS=127.0.0.1 RPORT=2222 USER_FILE=./userfile PASS_FILE=./passfile

or put username/password in file on same line, separated by space:

run RHOSTS=127.0.0.1 RPORT=2222 USERPASS_FILE=./userpass

Key based access

Setup SSH server. For some reason I could not get PUBLIC_KEY_FILE to work, so I quoted the public key directly:

 docker run -e PASSWORD_ACCESS=false -e USER_NAME=username -e PUBLIC_KEY='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSd0qRXKH6o3lgqEanN6cvr5URCubmo7uL4ahFHfw0e [email protected]'  -e LOG_STDOUT=true -p 2222:2222 lscr.io/linuxserver/openssh-server:latest

Confirmed session created with KEY_PATH:

run RHOSTS=127.0.0.1 RPORT=2222 USERNAME=username KEY_PATH=~/.ssh/id_ed25519

Confirmed session created with KEY_PATH + password protected keypair (recreate a keypair and set a passphrase:

run RHOSTS=127.0.0.1 RPORT=2222 USERNAME=username KEY_PATH=~/.ssh/id_ed25519 KEY_PASS=passphrase

Also confirmed key and password auth works via PRO

@cpomfret-r7
Copy link
Contributor

cpomfret-r7 commented Dec 2, 2025
edited
Loading

Questions

  • Is createsession=true the default? I didn't specify this and sessions were created
  • I couldn't work out how to set the PRIVATE_KEY option

cpomfret-r7
cpomfret-r7 reviewed Dec 2, 2025
View reviewed changes
@dwelch-r7
Copy link
Contributor Author

dwelch-r7 commented Dec 3, 2025

Questions

  • Is createsession=true the default? I didn't specify this and sessions were created
  • I couldn't work out how to set the PRIVATE_KEY option

sure seems to be set by default

metasploit-framework/lib/msf/base/sessions/create_session_options.rb

Line 19 in d52220c

OptBool.new('CreateSession', [false, 'Create a new session for every successful login', true])

you should be able to do it like this:
run RHOSTS=127.0.0.1 RPORT=2222 PRIVATE_KEY=file:/Users/dwelch/dev/ssh_keys_test/ssh_pass_protected USERNAME=vagrant createsession=true KEY_PASS=password
so using file://path_to_keyfile

@dwelch-r7 dwelch-r7 force-pushed the combine-ssh-login-modules branch from c461a1b to 2de3623 Compare December 3, 2025 14:48
@cpomfret-r7 cpomfret-r7 added the rn-enhancement release notes enhancement label Dec 8, 2025
@cpomfret-r7
Copy link
Contributor

cpomfret-r7 commented Dec 8, 2025

Release Notes

The module auxiliary/scanner/ssh/ssh_login_pubkey has been removed.
Its functionality has been moved into auxiliary/scanner/ssh/ssh_login.

@cpomfret-r7 cpomfret-r7 merged commit 2a53d9c into rapid7:master Dec 8, 2025
27 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ptownes-r7 ptownes-r7 ptownes-r7 left review comments

@cpomfret-r7 cpomfret-r7 cpomfret-r7 approved these changes

Assignees

@cpomfret-r7 cpomfret-r7

Labels

rn-enhancement release notes enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Consolidate ssh_login_pubkey and ssh_login modules

4 participants

@dwelch-r7 @cpomfret-r7 @ptownes-r7 @smcintyre-r7