Installing and Configuring OpenSSH on Kali
Installing OpenSSH is very easy with
apt on Kali.
apt install openssh-server
Once installed, configure the
ssh server to run at bootup
systemctl enable ssh
Root does not have access to use SSH by default, so if you don’t create additional users you will need to allow
root to logon.
To do this we will edit the config file
nano /etc/ssh/sshd_config Edit from: #PermitRootLogin prohibit-password Change to: PermitRootLogin yes
PermitRootLogin to yes so we can copy the keys to the server with a tool instead of editing the
authorized_keys file manually.
Creating SSH Keys
Instead of typing the password over the ssh session, OpenSSH supports public key cryptography with the use of a Private/Public key pair.
Generate the keys
Recently malware has been noted to collect private keys and retain these for use at any point. Adding a passphrase is incredibly important. We can address the inconvenience of a passphrase for Windows clients later on.
Generating keys on Windows with PuTTY Key Generator
- Open PuTTY Key Generator (
- The defaults are acceptable, RSA/2048, click Generate
- Randomly move the mouse cursor over the window to generate randomness
- Specify a passphrase
Save private keyand
Save public key
Generating keys on Linux
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/demo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ********** Enter same passphrase again: ********** Your identification has been saved in /home/demo/.ssh/id_rsa. Your public key has been saved in /home/demo/.ssh/id_rsa.pub. The key fingerprint is: 4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a The key's randomart image is: +--[ RSA 2048]----+ | .oo. | | . o.E | | + . o | | . = = . | | = S = . | | o + = + | | . o + o . | | . o | | | +-----------------+
The public key is now located in
/home/demo/.ssh/id_rsa.pub. The private key (identification) is now located in
Copy the keys to the server
Once the key pair is generated, we need to upload this to the server.
Uploading the keys from Linux to Linux
For Linux there are a few options, the easiest is the
This will automatically connect and update the
Alternatively you can use pipe a few commands together like this
cat ~/.ssh/id_rsa.pub | ssh email@example.com "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
Uploading the keys from Windows to Linux
- Open the Private Key in PuTTYGen
- Click into the “Public Key for pasting into OpenSSH
- Right click and choose “Select All” and again, to choose “Copy”
- Connect via ssh to the server and edit the
vithen paste (right click once) and save the file.
Restart the OpenSSH server with
systemctl restart ssh to reload the config.
Once logging on with SSH keys only has been tested, edit the
sshd_config file and set
nano /etc/ssh/sshd_config Edit from: PermitRootLogin yes Change to: PermitRootLogin without-password
Finally restart the SSH service to reload the configuration
systemctl restart ssh
Using the SSH keys
Using PuTTY there are two main options, the more secure and the less secure options. The security is actually dependant on the addition of a passphrase, however typing a passphrase is about as inconvenient as typing a password. The PuTTY Agent can handle providing authentication to PuTTY as needed without having to retype the password each time its needed.
PuTTY Agent (More Secure)
- Open PuTTY Agent PuTTY Agent opens in the Notification Area on Windows (near the clock)
- Right click and choose Add Key
- Choose Add Key
- Locate the Key file and choose Open
- Enter the Passphrase This is the only time you will need to type the passphrase, even if you connect to multiple servers (assuming they all have your public key installed)
Bonus PuTTY Agent Tip
In order to load keys into PuTTY Agent at Windows bootup, you can copy the PuTTY Agent shortcut to
C:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp and append the path to the key files after the executable name.
C:\Program Files\PuTTY\pageant.exe" C:\key1.ppk C:\key2.ppk
PuTTY Config (Less Secure)
- Open PuTTY and add the IP Address / name of the server
- Under Connection/Data specify the username
- Under Connection/SSH/Auth Specify the location of the private key file
- Under Session specify a name in the Saved Sessions section, and Click Save
If the keys are successfully installed to the remote server you can simply logon with
If you did not supply a passphrase for your private key, you will be logged in immediately. If you supplied a passphrase for the private key when you created the key, you will be required to enter it now. Afterwards, a new shell session should be spawned for you with the account on the remote system.