# SSRF + Redis

## SSH Public Key

`$HOME/.ssh/authorized_keys` is used to store a list of SSH public keys so that users log in without password. If `$HOME/.ssh/authorized_keys` is writable, this can be used to store the attacker's SSH public key.

## Reference

{% embed url="<https://infosecwriteups.com/exploiting-redis-through-ssrf-attack-be625682461b>" %}
Exploiting Redis Through SSRF Attack
{% endembed %}