Sunday, August 28, 2016

SSH into Kali 2.0 on ARM (Odroid, Banana Pi, etc)

My latest pen testing tool is an Odroid UX4 from Ameridriod.com. The XU4 is an 8 core ARM based Single Board Computer (SBC). The team at Offensive Security have ported Kali 2.0 to run on the Odroid. I flashed Kali 2.0 onto the eMMC card and the image works great. My next step was to setup SSH for remote access.



Kali 2.0 follows the Debian model of not allowing Root logins without a key.  This is definitely the most secure way to use SSH for remote access and it easy to set up.

If you are running headless you will need to use the USB/UART that Hardkernel sells for the UX4. I have found the Logitech MK620 wireless keyboard/mouse works great with the Odroid XU4. The wireless keyboard does have security issues (see Keysniffer.net) but I don't use it anywhere but in my lab.

Generating the RSA private/pubic keys

If you need to create RSA keys on Windows please see my blog Authenticating to Cisco devices using SSH and your RSA Public Key on using puttygen to create the keys.

On a Linux box

You should always move the default SSH keys on your distribution to a backup folder and create new keys before using SSH. See Duplicate SSH Keys Everywhere
If you need to generate an RSA key pair:
ssh-keygen
select the default location
enter a pass phrase to protect the keys.

Here's what it looked like on my Ubuntu laptop:

mhubbard@1S1K-SYS76:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mhubbard/.ssh/id_rsa):
Created directory '/home/mhubbard/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mhubbard/.ssh/id_rsa.
Your public key has been saved in /home/mhubbard/.ssh/id_rsa.pub.
The key fingerprint is:
3a:1f:82:3a:60:b5:99:e0:4e:9e:91:92:12:05:4d:fc mhubbard@1S1K-SYS76

Here are the keys in the hidden .ssh folder:
mhubbard@1S1K-SYS76:~$ ls -la ~/.ssh
total 20
drwx------  2 mhubbard mhubbard 4096 Aug 30 11:13 .
drwxr-xr-x 18 mhubbard mhubbard 4096 Aug 30 11:13 ..
-rw-------  1 mhubbard mhubbard 1766 Aug 30 11:05 id_rsa
-rw-r--r--  1 mhubbard mhubbard  401 Aug 30 11:05 id_rsa.pub
-rw-r--r--  1 mhubbard mhubbard  222 Aug 30 11:13 known_hosts

To display the fingerprint in the future:
mhubbard@1S1K-SYS76:~$ ssh-keygen -lf ~/.ssh/id_rsa
2048 3a:1f:82:3a:60:b5:99:e0:4e:9e:91:92:12:05:4d:fc  mhubbard@1S1K-SYS76 (RSA)


This pass phrase will be required the first time you connect to a device but is it much safer than not using one. If you lose control of your private key and didn't have a pass phrase set it could be used to log into any device you set up.

Once you have the key pair generated you need to copy the public key and paste it into the authorized_keys file on the Odroid.

mhubbard@1S1K-SYS76:cd ~/.ssh
mhubbard@1S1K-SYS76:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUUfkp+xPLQDmGaPokHXxK6yhxG1a+pmdCHDzHFBSqsGJIMuVSSwzUksfJU7XG5PEcE8Yt9qU2WVieZXsjMcdZDphhNzdT4RSW63m12ov7jo35KBGFEHnNGv/m6cUEOq9oGfRD5sE7g2wF+QQh74Y4m1ld5VnOicGaR/qyYSazpBJlZKHP2lYfb2coDhHHsnoyBedZbtFxNK3lPKggd4mywmJ19XSZ9Bm2/HurcibYJodHdDn0BoP9Qlvc5vRiZqT6XAS9tIhzeydgkmhYQ8UnAYeclo/WiTR98FYEXzm+aGV0/bH4IZB6mlth53YyR/hxeeKzn7WqTc6/WKx9qrSB mhubbard@1S1K-SYS76

Copy the entire key including the ssh-rsa and username@system

On the Odriod

cd ~
mkdir .ssh
nano /root/.ssh/authorized_keys


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUUfkp+xPLQDmGaPokHXxK6yhxG1a+pmdCHDzHFBSqsGJIMuVSSwzUksfJU7XG5PEcE8Yt9qU2WVieZXsjMcdZDphhNzdT4RSW63m12ov7jo35KBGFEHnNGv/m6cUEOq9oGfRD5sE7g2wF+QQh74Y4m1ld5VnOicGaR/qyYSazpBJlZKHP2lYfb2coDhHHsnoyBedZbtFxNK3lPKggd4mywmJ19XSZ9Bm2/HurcibYJodHdDn0BoP9Qlvc5vRiZqT6XAS9tIhzeydgkmhYQ8UnAYeclo/WiTR98FYEXzm+aGV0/bH4IZB6mlth53YyR/hxeeKzn7WqTc6/WKx9qrSB mhubbard@1S1K-SYS76

CTRL+x to exit. Be sure to answer y and save the file.

Note: Make sure the key is on one line! This isn't an issue on Linux/Mac OX but if you copy the key from a Windows box it will probably have line feeds in it. MS can never follow the standards set by Unix decades ago!

On your favorite ssh client 

I use Perl Auto Connect (PAC) on Linux and Putty on Windows. If you are a Windows user my previous blog covers using an RSA key pair with Putty.

On PAC
Create a new connection
Click the Private Key Radio button
Browse to the ~/.ssh folder and select your private key
Enter root as the user:
Enter the pass phrase for the private key.
Click "Save and Close".



You can now log into Kali with your RSA key pair.

References
Kali Linux 2.0 Top 10 Post Install Tips
Kali SSH problems