Setup SSH With Public-Key Authentication on Kali Linux

What is an SSH key?

While an SSH key is an access credential, it is technically a cryptographic key. SSH uses public-key cryptography (or asymmetric cryptography) and challenge-response authentication as a more secure method of authentication. Using SSH keys allows you to be authenticated to the remote server without sending your password over the network.

lock-and-key

SSH keys are generated in pairs (public and private), that are mathematically related, but not identical. They work together to authenticate when logging into an SSH server. The public key is used to encrypt and the private key is used to decrypt. When the client attempts to connect to the remote server, the server will verify that the client has a private key that corresponds with the authorized public key. If the private key is verified to match the public key, the client is authenticated and a shell session is launched.

The public key can be shared, because it is infeasible to compute the private key based on the public key.

The private key is not shared, and must be secured, so it is advisable to store it in encrypted form. This will require that a passphrase is entered when the private key is required. The passphrase is not transmitted over the network because it is only needed to decrypt the private key on the local system.

*Note: While setting a passphrase is an optional step, it is strongly recommended. If the private key was compromised, the unauthorized user would be able to assume that identity on the SSH server.


Key generation: Windows and Linux


[Windows]

Since Windows doesn’t have a native SSH client, PuTTygen will be used to generate the keys.

*Note:  PuTTy and PuTTyGen can be downloaded from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

 To create the key pair, follow these steps:

Open PuTTygen and select the desired parameters:

Type of key to generate: SSH-2 RSA [recommended]

At least 2048 for the number of bits in a generated key

Click on the “Generate” button

pg1

In the area below the progress bar, move the mouse around to generate random data needed to generate the key, until the process completes

pg2

In the next step, enter and confirm a passphrase

*Note: Set this to something memorable, because you will need it to log in.

pg3

Save the Keys

Click on the “Save public key” button and the “Save private key” button and select a secure location to save them


[Linux]

To create the key pair, use the following command:

ssh-keygen -b 2048 -t rsa

[-b 2048] is used to specify the desired key length

[-t rsa] specifies that RSA keys are to be generated (Use powers of two if you choose to increase the key length

When prompted, enter the location to store the keys, or press enter to accept the default location:

Enter file in which to save the key (/home/user/.ssh/id_rsa):

 At this point, you will be prompted to enter, and confirm a passphrase:

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

*Note: Set this to something memorable, because you will need it to log in.

The SSH keygen will complete, and display the locations of the keys, the key fingerprint, and the keys random art image.

complete-keygen


[Configure the server]


Now that the keys are created, we will configure OpenSSH on the Kali system, and save the public key.

As root, issue the following command:

apt-get install openssh-server

 To enable the ssh server, issue:

service ssh start

To prevent changes after restart, issue the following commands to alter the runlevels, in this order:

update-rc.d ssh remove

update-rc.d -f ssh defaults

service ssh restart

service ssh status

reboot-config.PNG

Next, create the following directory, set permissions, and copy the key.

Issue the following commands:

mkdir ~/.ssh

chmod 700 ~/.ssh

 nano ~/.ssh/authorized_keys

Copy the public key that was created in PuTTygen to this file, as one line:

That file must be write/readable only by that user, so enter

chmod 600 ~/.ssh/authorized_keys

copykey 


[Put it all together]


Attach and use the key

Launch PuTTy and specify the destination, and port:

connection

Under category on the left, select “SSH”, then “Auth”, and click the “Browse“ button

Navigate to the location of the private key, and select it

usingkey

Test login

Click “Open”

A PuTTy Security Alert will popup, indicating that the host key is not cached in the registry.

alert

*Note: It is a good idea to quickly compare the keys before adding it to the cache.

Click “Yes”

Enter the passphrase for the key

You should now be connected

in

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.