From acfb6fec93443ddd7813c48751bb3f89e10714c3 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 16 Oct 2023 20:56:26 +0100
Subject: [PATCH] Update README.md

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index bde54a0..a2b9842 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
    1. [SSH socks5 tunnel](#ssh-socks-tunnel)
    1. [SSH to NATed host](#ssh-j)
    1. [SSH pivot via ProxyJump](#ssh-pj)
+   1. [SSHD as user](#sshd-user)
 1. [Network](#network)
    1. [Discover hosts](#discover)
    1. [Tcpdump](#tcpdump)
@@ -404,6 +405,23 @@ kali@local-kali$ ssh -J c2@10.25.237.119 jumpuser@192.168.5.135
 
 > We use this as well to hide our IP address when logging into servers. 
 
+<a id="sshd-user"></a>
+**2.vi SSHD as user land**
+
+It is possible to start another SSHD on any port as non-root user and use this for connection multiplexing or forwarding (and without logging):
+```sh
+# On the server, as non-root user 'joe':
+mkdir -p ~/.ssh 2>/dev/null
+ssh-keygen -q -N "" -t ed25519 -f sshd_key
+cat sshd_key.pub >>~/.ssh/authorized_keys
+cat sshd_key
+$(command -v sshd) -f /dev/null -o HostKey=$(pwd)/sshd_key -p 31337 # -Dvvv
+```
+```sh
+# On the client, copy the sshd_key from the server:
+ssh -i sshd_key -p 31337 joe@1.2.3.4
+```
+
 ---
 <a id="network"></a>
 ## 3. Network