Quick pointer: If you’re using a current Kali VM, ssh2john is a python script located under /usr/share/john/ssh2john.py
If you have the private SSH key you first need to generate a hash from it that john can work with:
python /usr/share/john/ssh2john.py id_rsa > id_rsa_hash.txt
Run john with rockyou or whatever list you want to use:
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt
~/Downloads/software/john/ssh2john.py id_rsa > id_rsa.hash
john id_rsa.hash --wordlist=~/Downloads/rockyou.txt
Output: No password hashes loaded (see FAQ)
Quick pointer: If you’re using a current Kali VM, ssh2john is a python script located under /usr/share/john/ssh2john.py
If you have the private SSH key you first need to generate a hash from it that john can work with:
python /usr/share/john/ssh2john.py id_rsa > id_rsa_hash.txt
Run john with rockyou or whatever list you want to use:
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt
You can’t use John to brute force the private key directly, you send it to ssh2john.py which gives you a hash. Then you run ‘John /path/to/file /path/to/wordlist’ in sudo and it will crack.