Here at LMG Security, we’re passionate about providing excellent cybersecurity services to organizations around the world. We’re also passionate about increasing cybersecurity awareness through our various training programs. Thanks for visiting our blog and we hope you find this post helpful!
The Linux distribution Kali used by many penetration testers (including those here at LMG Security) recently released version 2017.1 of their rolling release. For quite some time now (Since version 2.0) Kali has used Systemd (System Management Daemon) in place of an init system. This change brought with it a new way of enabling and starting services, even though many still use the old commands, which often still work but may also lead to errors. This post will go over the Systemd method for enabling and starting the SSH (Secure Shell) service on Kali Linux.
The openssh-server package should already be installed, to verify this you can use the following command:
You should see the version with [installed] after it like this:
How to enable SSH in Kali Linux. How to connect to Kali Linux via SSH
SSH allows ones to connect to a remote computer and execute commands on it, connecting and transmitting data occurs via an encrypted channel, which is protected from various attacks of interception and data sniffing and spoofing.
SSH includes two programs: a server and a client. The server is installed on a remote machine, to which you need to connect and execute commands on it. The client is designed to connect to a remote machine.
The SSH server acts as a service that listens on port 22 by default. When connecting by default, password authentication is used – you need to enter the user password on the remote Linux system. You can also configure public key based authentication – this option is more convenient (no password is required) and more secure (keys are less prone to brute force).
Speaking about SSH in Kali Linux, you need to consider that this distribution is available in various versions (see details ‘Where to download Kali Linux. What is the difference between Kali Linux versions’): for personal computers, for ARM computers, for mobile phones, for virtual machines. Consider the specific of SSH in Kali Linux for PC and for ARM.
SSH on Kali Linux on ARM computers
Since usually ARM devices are resource-limited computers without a display, you can only manage them by connecting via SSH. For this reason, the SSH service on such devices is already installed and running by default.
In such systems, use a couple as login credentials:
User: kali
Password: kali
The problem with ARM devices without a screen may be that their IP address is not known, because in most local networks IP addresses are automatically assigned by the DHCP protocol. Typically, routers allow you to view a list of devices and their IP addresses. If you do not have such an opportunity, then IP can be found by scanning the network, for example, with the command:
Or by the command:
Instead of _gateway, the Linux operating system will substitute the IP address of your router, as a result, you will get _gateway/24, that is, your local network will be scanned, for example, 192.168.1.0/24. Or, explicitly specify the range for scanning.
SSH in Kali Linux on desktop computers
Kali Linux has already installed the SSH package, but its automatic launch is disabled (like all other network services). Therefore, to connect to Kali Linux via SSH, you need to start this service. If desired, it can be added to auto startup.
There are two options for starting the SSH service:
ssh.service – SSH service will always be running
ssh.socket – the system will open port 22 for listening and will wait for a connection to it. If connection happened, the system will start the SSH service. For the rest of the time (when there is no SSH connection), the SSH service will be stopped and will not consume system resources.
As the IP_ADDRESS of the remote system, you need to specify its IP. You can find out the IP address with the command:
By the way, in order for Kali Linux to always have the same IP address after rebooting, you need to configure a static IP, as described in the article “How to configure Kali Linux to use a static IP address”.
In this case, the Kali Linux IP address is 192.168.1.68. The default user is root. Then the command should be as follows:
But the problem is that in SSH, by default, the authentication via password for the root user is blocked. There are two options to cope the problem:
authentication via password for root
configure authentication with keys
We will consider both of them, but I recommend the second option, as safer and more convenient.
Why SSH does not accept root password
SSH service configuration is performed in the /etc/ssh/sshd_config file. Let’s open it:
and replace it with:
Save and close the file.
You do NOT need to restart the SSH service, because when you select the ssh.socket option, this service is already stopped and will only be launched the next time you try to connect via SSH.
At the very first connection, the program will display a message:
We type: yes
Then enter the password and we find ourselves in Kali Linux:
The fact that we are in a different system is indicated by the changed command line prompt – now there is the username and host name of the remote system.
How to configure key authentication in Kali Linux (SSH without password)
Disconnect from the remote machine. And on the local machine, execute the command:
Again, without a preliminary connection, we execute the command on the remote machine (change the IP and username to yours):
Now we need to copy the contents of the id_rsa.pub file to the remote machine. It is very simple to do this (do not forget to change the data to your own):
After that, we connect as usual, but the login will no longer require a password:
Источник
How to Enable SSH in Kali Linux 2020
In the mid-90s, telnet spawned a secure successor called the secure shell. This is a protocol to communicate with other computers. There are other protocols where you can log in and perform functions as performed by SSH, but it is not safe because it is not encrypted, so people can hijack your sessions and data. However, SSH encrypts the data through a tunnel so that you can securely log in to a remote machine, transmit files, or safely issue remote commands. SSH is applied in the client-server model to transfer and receive the files. There are two terms involved, here: the SSH server and the SSH client. One system acts as a server and the other acts as a client. A public key and a private key is locally stored on the SSH server and client, respectively. The SSH client will make contact with the SSH server and provide the ID of the key pair it wants to use to prove its identity. The challenge is created by the SSH server, which is encrypted by the public key and sent to the client. The client receives the challenge, decrypts it with the private key, and the original challenge is sent back to the SSH server. After the consultation, a secure connection is established. SSH protocol was invented to replace the tunnel so that you could identify the server you are connected to.
We will now take a look at how to enable SSH in Kali Linux.
Install Kali Linux remote SSH-OpenSSH server
Usually, Kali Linux has an OpenSSH server running on it or installed on it. Once you start this server, you can log in via SSH. So, you do not have to install the server, but if you do find yourself in a situation where you do not have it, then you can follow this simple command to install and enable the remote SSH open server in Kali Linux.
Note: Enabling the SSH server is quite risky, as anyone who knows your password can break into your machine. Securing your password should be your first priority. If you want your service to run for the whole time, then you may follow the next step.
Enable Kali Linux Remote SSH Service
First, you must remove the run levels by entering the following command.
The next step is to load SSH defaults.
After loading, next, you will check whether the service is running.
If you want to see a lot more, then you can install chkconfig, which can be installed by entering the following command code.
You can run chkconfig by entering the command given below.
Change Kali Default SSH Keys to Avoid MITM Attack
Every Kali Linux system installed has a chance of a MITM (Man In The Middle) attack. MITM attacks are usually observed in a client-server environment. A MITM attack occurs when a hacker gets in between these two components. Hackers can take advantage of unencrypted communication through the MITM attack and can listen in on all of your traffic. To avoid MITM attacks, you can follow the below procedure.
The first step is to move Kali SSH keys to a new folder.
The second step is to regenerate the keys by entering the following command.
]
The third step is to verify that the SSH key hashes are different. Enter the following command for verification.
Now, compare the hashes.
Finally, enter the following command code to restart the SSH.
Set MOTD with a Nice ASCII
MOTD (Message of the Day) is used to send a common message to all the users. The banner is usually boring, so you can edit the files and add the text of your choice, then save the file.
# service ssh restart
Troubleshooting
By changing SSH keys in the middle, you may experience a warning sign. Enter the following command to fix this problem.
Delete the line that is causing the troubleshoot and restart the SSH.
Change SSH Server Port for Safety
The port number can be changed by entering the following command.
The SSH_config file can be edited further by entering the following command.
Now, you can restart the OpenSSH server
Use the SSH for the next time you use it.
Here, 10101 is the destination port, p stands for port, and the hostname can be IP or FQDN.
Conclusion
The term ‘SSH’ describes a set of rules and guidelines that tells your computer how to send data from one place to the other. The administrators, such as the application owner, administrators responsible for the entire system, or privileged users with higher levels of access mainly use the SSH server. I hope this article helped you with enabling SSH in Kali Linux.
About the author
Younis Said
I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.
