Notes from the 2015 Devoops Talk
Vagrant used to ship with a default keypair and was difficult to rotate.
**fixed with new versions of Vagrant. Finding hosts using the default key still pretty likely.
Did you change your SSH keys?
Scanning for the default key using metasploit (ssh_login_pubkey module)
Identify real from fake by ssh version scan
Log in with private key
This is a Security Bloggers Network syndicated blog post authored by CG. Read the original post at: Carnal0wnage & Attack Research Blog