Second, let's abuse our NFS access now.

On your Kali system, accomplish the following tasks.

Generate a new SSH key using the ssh$-$keygen $-$t rsa command. This will produce a RSA$-$format public$/$private keypair. Accept the default key location so that SSH can find the file in the future $($~$/.$ssh$/$id$\_$rsa$).$ Leave the passphrase blank so there's no confusion about whether you have passwordless access or not.

Reference: ssh$-$keygen

Mount the NFS disk from Metasploitable$2$ using the mount command, so that you can access the remote files inside of Kali. To accomplish this, you will first need to create an empty directory in Kali as a mount point where the network files will then appear at$.$ I suggest a location like $/$tmp$/$metasploitable$.$ In order to mount a network disk, you need to be root, so use sudo as part of your command.

Reference: How to mount an NFS share in Linux

Using the mounted NFS disk, append your SSH public key $($the file ending in $.$pub, as shown in your ssh$-$keygen output$)$ to the end of the existing file root$->.$ssh$->$authorized$\_$keys file in the Metasploitable$2$ VM$.$ This will grant you passwordless SSH access to that system, as your SSH client will automatically use your key to authenticate. Note: You need to be root in Kali to edit this file as root in Metasploitable. NFS simply carries over your user ID number $(0,$ for root$)$ across the network.

Reference: man cat

Tip: This command is slightly tricky to accomplish with sudo if you want to use output redirection! $($which I would suggest$).$ A common trick is to write your command like this: sudo sh $-$c 'COMMAND GOES HERE $>>$ SOME OUTPUT FILE'

Demonstrate that you have accomplished this task by performing the following sequence, and taking a screenshot of the complete sequence $1-4$:

From Kali, show your hostname: hostname $($could be kali or whatever hostname you chose when installing Kali$)$

SSH from the Kali VM to the Metasploitable$2$ VM as the root user. The command should be ssh root@xx$.$xx$.$xx$.$xx$,$ where xx$.$xx$.$xx$.$xx is the IP address of the Metasploitable$2$ VM that you identified previously. If you correctly added your public key to the authorized$\_$keys file previously, when you try to SSH to the system and automatically present your private key, you should get immediate access, no password required.

At the prompt, show your hostname again: hostname $($should be metasploitable$)$

Exit SSH via exit to return to Kali.

Deliverables:

Submit a screenshot demonstrating that you have successfully inserted your private key into the Metasploitable$2$ VM and now have passwordless logins to that system as the root user.