Home / Command Line Interface (CLI) / Kali Linux remote SSH – How to configure openSSH server

Kali Linux remote SSH – How to configure openSSH server

Step 6: Change SSH server port for extra safety

As a last step and just to be sure, you should also change SSH port from 22 to something else. (any port between 10000-64000 is okay)

Make a backup of existing SSH config file.

[email protected]:/etc/ssh# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Edit the SSH_Config file.

[email protected]:/etc/ssh#  vi /etc/ssh/sshd_config

Look for the following line:

    #Port 22

Change the line so it looks like this:

    Port 10101

Restart OpenSSH server

[email protected]:/etc/ssh#  service ssh restart

Next time you SSH, you use the following command:

[email protected]:~#  ssh [email protected] -p 10101

Where

  1. [email protected] = Username and Hostname where hostname can be an IP or FQDN.
  2. -p = Port
  3. 10101 = Destination Port

Conclusion:

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model.

The standard TCP port 22 has been assigned for contacting SSH servers. If you scan for this port using NMAP, you will see many servers has it open to the world and you can try to bruteforce it and gain access.

An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, most distributions of GNU/Linux, OpenBSD, FreeBSD, NetBSD, Solaris and OpenVMS. Notably, Windows is one of the few modern desktop/server OSs that does not include SSH by default. Some common SSH clients includes

  1. PuTTY
  2. Cygwin
  3. WinSCP

and they all provide similar file management (synchronization, copy, remote delete) capability using PuTTY as a back-end.

Both WinSCP and PuTTY are available packaged to run directly off of a USB drive, without requiring installation on the client machine. Setting up a SSH server in Windows typically involves installation (e.g. via installing Cygwin, or by installing a stripped down version of Cygwin with the SSH server.

SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.

Thanks for reading. Please share.

Check Also

Find exact installation date of Linux

Ran into an interesting question today while trying to debug a problem with a monitoring …

Correct way of installing VirtualBox Guest Additions in Kali Linux 2016.2/2017 (Kali Rolling)

How to install VirtualBox Guest Additions in Kali Linux (Kali Rolling / Kali Linux 2016.2 / Kali 2017)

Since Kali Linux 2016 came out (also known as Kali Rolling), it seems that Official …

37 comments

  1. zimmaro_the_g0at

    GOOD-WORK!!!
    as always .. thank you very much MY “guru”friend :-) +1
    http://www.imagestime.com/show.php/956618_Screenshot20140620093707.png.html
    zimmaro_the_g0at
    :-)

  2. wow awsome tutorial thanks you very much sir,
    i have one qestion: how to set ssh to not keep the logs?
    Thanks in advance.

  3. A little piece of advice. No matter what port you chose for SSH, make sure it’s below 1024. On Linux systems, any user can listen on ports above 1024, but only root can listen on ports below 1024. Running SSH on a port above 1024 increases a chance of crashing your SSH daemon and replacing it with some dodgy proxy etc.

    Some other suggestions for “extra safety”:

    Protocol 2
    PermitRootLogin no
    StrictModes yes
    AllowUsers
    DenyUsers root
    DenyGroups root
    PasswordAuthentication no
    PermitEmptyPasswords no
    PubkeyAuthentication yes
    MaxAuthTries 1
    X11Forwarding no

    You may also be interested in DenyHosts if using password authentication for SSH.

    • Hi Tomas,

      Below 1024 is usually a port that is registered with IANA for the applications/existing well known services (maybe unused on particular systems). See WikiPedia references here.

      If you got a user in your system who can sniff traffic with malicious intentions, then you got bigger problem at hand. A user with sudo access can just enable debug on or turn on plaintext incorrect password logging .. few incorrect password retries and he’s got root password! … Agreed with the rest. PubKeyAuth is possibly second best option with DenyHosts combination (where you login via a VPN or got stationary workstation/static IP etc… etc..) My post was about enabling SSH, not security in general, but I do agree with your notion. Will update it soon. ta.

      BTW, keep an eye on my site for my next post that actually addresses exactly what you’ve pointed out. I’m sure you’ll like my new post.

      Thanks again for your comment, always appreciate a positive feedback. Cheers,
      -BMO

  4. Great post on how to setup OpenSSH. This allowed me to take it one step further, and set up VNC over SSH.

  5. Excellent tutorial. Well done.

  6. Very Nice tutorial sir, I just need to ask you that, after applying all these steps, i can access ssh-server through lan, But this is not working on internet, What might be the reason?

  7. When I run ssh [email protected] it just leaves me with a blinking cursor but no prompt. Root log in is enabled in sshd_config. Any thoughts?

  8. Hi, Step 3 doesn’t need to be completed. I’ve compared the SSH Keys on two different installs of Kali1.10 and they have different keys by default.

    • Thanks for letting me know. It wasn’t the case when I wrote this article. Instead of removing step 3, I’ll mark it as optional. In that way, readers can make an informed decision. Thanks again.

  9. Thank you for the tutorial, its so educating now my question is, how can I use my android app with Kali Linux remote SSH. I’m aware of the apps that I can download, i’m in the process of developing my own.

  10. Johnnycakes581

    I am trying to access my own SSH server by doing
    ssh [email protected]
    then it comes up with
    [email protected]’s password:
    Where would you get this password?

  11. Great article! Thank you for the time you took to put this together!

  12. See below output:

    [email protected]:~# service ssh status
    ● ssh.service – OpenBSD Secure Shell server
    Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
    Active: inactive (dead)
    [email protected]:~#

    I Want to start this service automatically whenever I boot my system. Let me know how to do that.

    At present I am manually starting the service.

  13. Great tutorial!
    The only problem for me is that after [email protected] and after the password it says : Permission denied, please try again…

  14. Solved, I changed

    PermitRootLogin without-password

    with

    PermitRootLogin yes

    In /etc/ssh/sshd_config

    • Hey guys i hope you respond me , i have some problemes using kali 2 ,
      for any link i make is not shared with my local state any link i make ( with a real kali ip 192.168.1.xx) it works only in the kali and is not shared to other wifi’s users i tried many methodes but they didnt work i hope will help me and thank you !

  15. add or update your tutorials to modern day 2.0

    well make a new one for 2.0. you need to update alot of your old very good tutorials for previous versions, now you have nothing for 2.0. killing us.

  16. This was a great help, thank you.

  17. Hello, is it possible, that we must also open the ssh port in kali’s firewall?

  18. i got a problem here. i started the ssh server in linux kali.but when i try to connect from windows using putty i am asked username and passworsd. what xactly are the username and password ? i tried my linux usernmae and passwd but i got access denied. should i configure linux to allow windows??

  19. Install openssh in Android terminal
    https://youtu.be/mh6Ldvn__H4

  20. I can confirm that on Kali Linux 2018.3a on the AWS Marketplace, the SSH keys are unique to each provisioned instance.

  21. Anybody have any words of advice on how to perform a remote SSH session with Kali 2018.4 with an IPv6 address? Nowhere can I find an actual guide or word of help on the internet…

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.

%d bloggers like this: