Step 3: Change Kali default ssh keys to avoid MITM attack
At this point you will have
openssh-server installed on Kali Linux and enabled at runlevel 2,3,4 and 5. But now we got a problem. Every Linux system that you install via a CD or DVD or similar uses a default SSH key. This is same for all first installation that means, anyone with a similar version can perform a Man in the Middle Attack (MITM) and listen to your encrypted traffic. To fix that we will do the followings:
Note: At least one reader confirms that this step is not necessary in new Kali Linux installation as the keys are different for each installation. I will leave the decision of changing default SSH keys to the readers.
Step 3.1: Move the default Kali ssh keys to a new folder:
Issue the following commands one line at a time:
root@kali:~# cd /etc/ssh/ root@kali:/etc/ssh# mkdir default_kali_keys root@kali:/etc/ssh# root@kali:/etc/ssh# mv ssh_host_* default_kali_keys/ root@kali:/etc/ssh#
This will move your default keys to the new folder.
Step 3.2: Regenerate the keys
Use the following command to regenerate
root@kali:/etc/ssh# dpkg-reconfigure openssh-server Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... [ ok ] Restarting OpenBSD Secure Shell server: sshd. root@kali:/etc/ssh#
Step 3.3: Verify ssh key hashes are different
Use the following commands to verify SSH key hashes are different
root@kali:/etc/ssh# md5sum ssh_host_* d5dff2404dd43ee0d9ed967f917fb697 ssh_host_dsa_key 2ec88dc08f24c39077c47106aab1e7f4 ssh_host_dsa_key.pub ab96da6ffc39267f06e7f9497c4f5755 ssh_host_ecdsa_key 614e36d18dc2c46178d19661db4dbd7b ssh_host_ecdsa_key.pub abcc037705e48b3da91a2300d42e6a2b ssh_host_rsa_key e26eaa1c5cff38457daef839937fcedd ssh_host_rsa_key.pub root@kali:/etc/ssh#
Compare new key hashes to the hashes below)
root@kali:/etc/ssh# cd default_kali_keys/ root@kali:/etc/ssh# root@kali:/etc/ssh/default_kali_keys# md5sum * 9a09f49be320e561dc6cf95463d4378c ssh_host_dsa_key 1a52709d596569224822e870239c9298 ssh_host_dsa_key.pub 65d0af7fdc5c50f67f90cb953460ba61 ssh_host_ecdsa_key 606d1ac71100c8b38e0f87951bb94855 ssh_host_ecdsa_key.pub c871ecf961924389f2cddbd5888b5037 ssh_host_rsa_key 99d4c4c68224900d0430f0bee9baf28e ssh_host_rsa_key.pub root@kali:/etc/ssh/default_kali_keys#
root@kali:/etc/ssh/default_kali_keys# service ssh restart
Step 4: Set MOTD with a nice ASCII
So far, we have installed and configured Kali Linux remote SSH – openssh-server, enabled openssh-server to run on boot, changed Kali default SSH keys to avoid MITM attacks.
Now the usual SSH
Message of the Day – Banner) is boring. I want my name on that and add some useful info. Following is what a usual
MOTD looks like:
Well, that’s just plain and boring for me.
Type something in “
Type Something” Box! Play around with the settings and you get a nice
Edit the following file and add your text.
root@kali:~# vi /etc/motd root@kali:~# service ssh restart
Save the file and restart/reload SSH … both should just work. I’ve added
blackMORE Ops as ASCII and
http://www.blackmoreops.com/ as a second line…
So next time I try to login I get this nice screen with some more info
Step 5: Troubleshooting
Because I changed SSH keys in the middle of change, (I was logged in before), I had this BIG warning message coming up
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 26:65:52:75:81:71:a8:c5:4c:ad:b6:81:78:58:18:af. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for localhost has changed and you have requested strict checking. Host key verification failed.
It kicked me right out.
Usually this is the sign of something bad. As you can see
MITM attacks does this:
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)!
This was the reason I changed Kali Linux default key (You wouldn’t even notice
MITM if you’re using the default key).
This is a rather easy fix. You just need to delete the offending line in
Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1
Use the following command:
root@kali:~# vi /root/.ssh/known_hosts
Following was the key I had
Just delete the line, save the file and try to SSH again.
and it worked.