Linux Remote Management

cat /etc/ssh/sshd_config | grep -v "#" | sed -r '/^\s*$/d'
X11 forwarding, which contained a command injection vulnerability in version 7.2p1 of OpenSSH in 2016

PasswordAuthentication Yes - brute-force a known username for possible passwords

git clone https://github.com/jtesta/ssh-audit.git && cd ssh-audit
./ssh-audit.py 10.129.14.132
This will give banners and cryptography used.
Changing authentication methods:
ssh -v cry0l1t3@10.129.14.132
This will specify Authentications that can continue: publickey,password,keyboard-interactive
Then as per requirement:
ssh -v cry0l1t3@10.129.14.132 -o PreferredAuthentications=password

PORT 873 | piggypack on SSH for secure file transfer
Rsync is a fast and efficient tool for locally and remotely copying files.
Delta transfer - if a version of the file you are sending exists, only the changes will be sent
Abuse RSync - https://book.hacktricks.xyz/network-services-pentesting/873-pentesting-rsync
Try using no auth or found credentials on rsync.

sudo nmap -sV -p 873 127.0.0.1
nc -nv 127.0.0.1 873
Enum an open share:
rsync -av --list-only rsync://127.0.0.1/dev - list the directory
rsync -av rsync://127.0.0.1/dev - sync all files to our machine
rsync -av rsync://127.0.0.1/dev -e ssh - sync all files if rsync is over ssh
rsync -av rsync://127.0.0.1/dev -e "ssh -p2222" - sync all files if rsync over ssh on port 2222
RSync over SSH commands - https://phoenixnap.com/kb/how-to-rsync-over-ssh

R-services run on PORT 512, 513, 514 and can be accessed only via programs called r-commands
used before SSH
plain text commz like telnet

The /etc/hosts.equiv file contains a list of trusted hosts. When users on one of these hosts attempt to access the system, they are automatically granted access without further authentication.
\
sudo nmap -sV -p 512,513,514 10.0.17.2
rlogin 10.0.17.2 -l htb-student - login
rwho - list authenticated users
rusers -al 10.0.17.5 - more details of the authenticated users