GitBook: [master] one page modified

This commit is contained in:
CPol 2020-08-31 22:54:37 +00:00 committed by gitbook-bot
parent 2b521734b1
commit 47a456f6cb
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -970,9 +970,18 @@ reg query HKEY_CURRENT_USER\Software\OpenSSH\Agent\Keys
```
If you find any entry inside that path it will probably be a saved SSH key. It is stored encrypted but can be easily decrypted using [https://github.com/ropnop/windows\_sshagent\_extract](https://github.com/ropnop/windows_sshagent_extract).
More information about this technique here: [https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/](https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/)
If `ssh-agent` service is not running and you want it to automatically start on boot run:
```text
Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
```
{% hint style="info" %}
It looks like this technique isn't valid anymore. I tried to create some ssh keys, add them with `ssh-add` and login via ssh to a machine. The registry HKCU\Software\OpenSSH\Agent\Keys doesn't exist and procmon didn't identify the use of `dpapi.dll` during the asymmetric key authentication.
{% endhint %}
### Unattended files
```text