Environment:
The SSH server is a Kali Linux (hostname:kali ip:10.0.0.3)
The SSH client is a Backtrack (hostname:bt ip:10.0.0.2)
Configuration:
On the Kali distribution the ssh server is already installed so I have only to start it; I can do it using the menu Applications > Kali Linux > System Services > SSH > sshd start
After that I can immediatly connect from client using the user autentication
root@10.0.0.3's password:
Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
root@kali:~#
Ofcourse I want to secure the SSH server, so I stop the service and I will setup SSH to use an RSA authentication.
On server I create the keys using ssh-keygen command; this will create 2 keys:
– Public key, resident on the server, in my case it is called id_rsa.pub
– Privare key, used by the client, called id_rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
eb:63:b6:89:a3:74:dd:76:9f:ea:7f:1e:d4:d4:ba:9b root@kali
The key's randomart image is:
+--[ RSA 2048]----+
| |
| .|
| o|
| o.|
| S ...|
| . o .. |
| . . o o . .. |
| . ..o+o . . +o|
| ...++o .ooEo.|
+-----------------+
As I said, the private key, has to be transferred on the client. I start a Netcat listener on machine called bt
On the server, the Kali machine, I connect to the listener and transfer the key
Note that NC file transfert is not a secure way to pass the key. That is why NC isn’t an encrypted channel. I use this method because I am in a lab/test environment.
On server I have to edit the file /etc/ssh/sshd_config to allow RSA authentication.
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Is a good idea to remove user autentication too
PasswordAuthentication no
I save the file and restart the service.
The last server operation is to add the id_rsa.pub key on the file indicated on sshd_config in the field AuthorizedKeysFile
Note that I have to add the key (>>) to the file, not to overwrite it (>), since I can have more than one publik key stored in the same file.
I move on the client and give the right permission to id_rsa (chmod 600 id_rsa). I am not used to store private keys on the default folder, but I prefer to store it in an encrypted folder and then to use the -i option of the ssh client.
Ok, let’s try the access using my new RSA key
Enter passphrase for key 'id_rsa':
Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
root@kali:~#
Remember that is good:
– To store your private keys in a protected place
– To create keys with strong password
– To hardening sshd_config (eg. disable root access)
– To take a look at the auth file log (/var/log/auth.log)
[…] https://www.gosecure.it/blog/art/194/note/194ssh-on-kali/ […]
Great instruction here, its accurate and works.
OMG! I’ve been starting to get so frustrated.
I’m a noob in ssh and kali/linux and this is the only detailed guide I have finally found (been searching for almost 2 days!!!).
Thank you so much!