Home / Command Line Interface (CLI) / Kali Linux remote SSH – How to configure openSSH server

Kali Linux remote SSH – How to configure openSSH server

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs, respectively. The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.

The best-known application of the protocol is for access to shell accounts on Unix-like operating systems, but it can also be used in a similar fashion for accounts on Windows. It was designed as a replacement for Telnet and other insecure remote shell protocols such as the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.

You can use your Android phone, remote computer, iPAD or anything to login to a SSH server and execute command as if you’re sitting on that workstation. So let’s see how you can install a SSH server (we will be using openSSH-Server here) on Kali Linux. After this guide you will be able to do the followings:

  1. Install Kali Linux remote SSH – openSSH server
  2. Enable Kali Linux remote SSH service on boot
  3. Change Kali default ssh keys to avoid MITM attack
  4. Set MOTD – Message of the Day message with a nice ASCII
  5. Troubleshoot and fix “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED” error during SSH session.
  6. Change SSH server port for extra safety

Step 1: Install Kali Linux remote SSH – openSSH server

Issue the following command on Kali Linux terminal to install openssh-server.

root@kali~:# apt-get install openssh-server

Kali Linux remote SSH - How to configure openSSH server - blackMORE Ops -1

Now the next logical step is to enable ssh server (as you can see I’ve issued the following command above).

root@kali~:# service ssh start

It works, but there’s a problem. If you restart your Kali Linux machine, SSH server will be disabled.

So we will ensure that SSH server remains up and running all the time (even after restart). Please note that if you don’t want this to happen, then skip Step 2 and move to Step 3. Why? Because if you enable SSH server on your machine, that means your machine will be available via internet and anyone who knows your password (or your password is just ‘123’ or ‘password’ can break into your machine). So use a secured password and if not sure skip to Step 3 for now. Anyway, moving on..

Step 2: Enable Kali Linux remote SSH service

Now we are about to enable SSH service and keep that running the whole time. (changes wont get lost after boot).

First of all remove run levels for SSH.

root@kali~:# update-rc.d -f ssh remove

Next load SSH defaults to run level

root@kali~:# update-rc.d -f ssh defaults

Check if SSH service is up and running

root@kali~:# chkconfig ssh

Kali Linux remote SSH - How to configure openSSH server - blackMORE Ops -3

If you don’t have chkconfig installed, install via

root@kali~:# apt-get install chkconfig

You can run chkconfig to see a lot more too:

root@kali~:# chkconfig -l ssh
root@kali~:# chkconfig -l

Check Also

Cracking password using John the Ripper in Kali Linux - blackMORE Ops

Cracking password in Kali Linux using John the Ripper

John the Ripper is a free password cracking software tool. Initially developed for the Unix …


  1. zimmaro_the_g0at

    as always .. thank you very much MY “guru”friend :-) +1

  2. wow awsome tutorial thanks you very much sir,
    i have one qestion: how to set ssh to not keep the logs?
    Thanks in advance.

  3. A little piece of advice. No matter what port you chose for SSH, make sure it’s below 1024. On Linux systems, any user can listen on ports above 1024, but only root can listen on ports below 1024. Running SSH on a port above 1024 increases a chance of crashing your SSH daemon and replacing it with some dodgy proxy etc.

    Some other suggestions for “extra safety”:

    Protocol 2
    PermitRootLogin no
    StrictModes yes
    DenyUsers root
    DenyGroups root
    PasswordAuthentication no
    PermitEmptyPasswords no
    PubkeyAuthentication yes
    MaxAuthTries 1
    X11Forwarding no

    You may also be interested in DenyHosts if using password authentication for SSH.

    • Hi Tomas,

      Below 1024 is usually a port that is registered with IANA for the applications/existing well known services (maybe unused on particular systems). See WikiPedia references here.

      If you got a user in your system who can sniff traffic with malicious intentions, then you got bigger problem at hand. A user with sudo access can just enable debug on or turn on plaintext incorrect password logging .. few incorrect password retries and he’s got root password! … Agreed with the rest. PubKeyAuth is possibly second best option with DenyHosts combination (where you login via a VPN or got stationary workstation/static IP etc… etc..) My post was about enabling SSH, not security in general, but I do agree with your notion. Will update it soon. ta.

      BTW, keep an eye on my site for my next post that actually addresses exactly what you’ve pointed out. I’m sure you’ll like my new post.

      Thanks again for your comment, always appreciate a positive feedback. Cheers,

  4. Great post on how to setup OpenSSH. This allowed me to take it one step further, and set up VNC over SSH.

  5. Excellent tutorial. Well done.

  6. Very Nice tutorial sir, I just need to ask you that, after applying all these steps, i can access ssh-server through lan, But this is not working on internet, What might be the reason?

  7. When I run ssh root@localhost it just leaves me with a blinking cursor but no prompt. Root log in is enabled in sshd_config. Any thoughts?

  8. Hi, Step 3 doesn’t need to be completed. I’ve compared the SSH Keys on two different installs of Kali1.10 and they have different keys by default.

    • Thanks for letting me know. It wasn’t the case when I wrote this article. Instead of removing step 3, I’ll mark it as optional. In that way, readers can make an informed decision. Thanks again.

  9. Thank you for the tutorial, its so educating now my question is, how can I use my android app with Kali Linux remote SSH. I’m aware of the apps that I can download, i’m in the process of developing my own.

  10. I am trying to access my own SSH server by doing
    ssh root@localhost
    then it comes up with
    root@localhost’s password:
    Where would you get this password?

    • You need to know your root password, on a default install of kali it is set to ‘toor’ but this is the first thing you should have changed.

  11. Great article! Thank you for the time you took to put this together!

  12. See below output:

    root@kali2:~# service ssh status
    ● ssh.service – OpenBSD Secure Shell server
    Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
    Active: inactive (dead)

    I Want to start this service automatically whenever I boot my system. Let me know how to do that.

    At present I am manually starting the service.

  13. Great tutorial!
    The only problem for me is that after root@localhost and after the password it says : Permission denied, please try again…

  14. Solved, I changed

    PermitRootLogin without-password


    PermitRootLogin yes

    In /etc/ssh/sshd_config

    • Hey guys i hope you respond me , i have some problemes using kali 2 ,
      for any link i make is not shared with my local state any link i make ( with a real kali ip 192.168.1.xx) it works only in the kali and is not shared to other wifi’s users i tried many methodes but they didnt work i hope will help me and thank you !

  15. add or update your tutorials to modern day 2.0

    well make a new one for 2.0. you need to update alot of your old very good tutorials for previous versions, now you have nothing for 2.0. killing us.

Leave a Reply. (Anonymous comments allowed). Use WP, Twitter, FaceBook or Google+ for faster responses.