Linux Essentials For Hackers - #17 - SSH And SSH Security

HackerSploit · Intermediate ·🔐 Cybersecurity ·6y ago

Key Takeaways

This video covers setting up OpenSSH and SSH key-based authentication on Linux, essential skills for hackers and cybersecurity professionals.

Full Transcript

hey guys welcome back to the linux essential series for hackers in this video we're going to be talking about ssh uh how to configure it securely uh and then of course we'll talk about you know how to uh how to securely transfer files with ssh so let's get started um first of all with establishing what ssh client and server we're going to be using so in our case we want to be uh we want to be using openssh which is pretty much the go to uh the go to ssh client and server solution it's completely open source and it's uh it's one of these uh you know great services so again that was uh developed by the bsd team so um again uh we must first of all understand the uh the connection type or the connection model uh with ssh so ssh is primarily a client server connection model so that means you need the client software to connect to the to the server software in our case we need to install the openssh client service or the client package on our client and of course the open sh server package on our server and i'll show you that right now so i'm currently on my client here which is going to be ubuntu our remote server is going to be one of my ubuntu servers uh running on my virtualization surface so what i'll do is i'll say sudo apt uh apt uh get install and we say open ssh and we we're looking for the openssh if we double tap we can see we're looking for the openssh client right so i'm gonna hit enter and um i already have this installed right now the open sh client configuration file is found so if i say cat hc ssh sorry ssh and this is found under it is the ssh config the sshd config file is for the open ssh server so you can see i also have my uh my my public and private keys here as well but i'll get into that in a second we don't need to complicate this right now so if i take a look at me at my config file here uh this is the client config you can see that um the options are quite straightforward in regards to what you can enable and disable so you can specify the port uh the protocol um and uh various other bits of uh you know configurations here but that's not the the in within the scope of the video but i just wanted to get to that so uh my remote server is running on um it's currently running on an ip of 182.168.1.11 so we already have an admin user on that system so we'll just say admin and we'll say 192.168.1.113 all right and i will just enter the password here for the admin user and there we are so you can see i'm currently logged in as uh the admin user so uh the first thing we want to do is we need to install uh the openssh server so you say oh apt-get install open ssh server and the reason i'm doing this even though i have it installed already just to show you how one would go about doing it right um so hit install already installed there excellent all right all right all right now that we have this uh both the pieces of software installed on the client and the server we can talk about configuring you know ssh right so pretty much when dealing with the remote server and remote authentication the first thing you need to do is you need to disable root logins because the root the root user account is extremely powerful because it really has no restrictions in regards to what it can do so that's our first order of business here and this can be done by modifying this can be done by modifying the openssh the openssh configuration file open sh server configuration file so if i say sudo vim hc ssh and we're looking for sshd sshd and we say sshdconfig and we hit enter so you can see this is the openbsd openssh sshd config file and it does you it tells you here this is a sshd server systemwide configuration file so the first thing we want to do is we can let's take a look at some of the various configurations you can set here so you can change the default port this is great for those of you who want to set up a honeypot on that exact port like port 22 and then have ssh run on another port like 2 2 2 0 you can do that as well you can also change the listen address if you want to the host key names uh let's talk about uh let's just go down into logging you can play around with logging here and i'll talk about logs probably in another video and here we are we have uh we have authentication all right so within authentication you can see we have an option called permit root login right and we want to change this to no right so from yes to no and we we can also play around with the grace uh the login grace time so we can increase this or decrease it based on the uh on the time you want to provide uh we can keep uh strict modes to yes uh in regards to the max authentication tries we can change this to four although i'll be making a separate video where i'll be showing you how to set up ssh brute force protection the max sessions i want are going to be three public key authentication uh yes let's go all the way down now um and we are primarily looking for password authentication so we'll talk about this when we're going to be setting up ssh keys so for now we've we've essentially disabled where we've disabled the root logins so if i just save the the files here now when whenever you've made changes to the uh to the openssh server configuration file we need to restart uh the openssh server so to do this again we'll use systemd so we say system and we say let's say restart sshd sshd service remember this is the sshd daemon or the openssh server and we hit enter all right so now uh pretty much if we just open up a new tab on my client and i try and log into the root user account i would say ssh root and i would say 192 168.1.113 and hit enter right and i enter the password for the root user and um you'll see pretty much that we will not be able to do it so uh that is pretty much uh going to block any logins to this uh to this particular account now the other thing we we want to do is we want to disable or we want to lock uh the password for the we want to lock the password for the root account this will ensure that even though a person or an attacker may have the password the legitimate password they can get through it through another user account because remember remember if if a user gets access to the admin account via ssh they can easily switch to to the root user account so we also have to disable uh you know the the password login here and this will pretty much lock the account unless we have the privileges to actually change the password manually and to unlock it but it's a great way of you know protecting yourself from script kiddies so what we can do is we can say um we can use the password command and say password uh l and we specify the account we or the the account whose password we want to lock and we hit enter uh we need uh pseudo privileges here so you say sudo hit enter and the password expiry information has changed so you can say sudo password and then status uh i believe it's status what options can we specify here root uh wait enter no we do not want to enter a new password so we can just do this one more time yeah so you can see that i can actually change the password but let me lock it um let me see root uh where is the status how do we check the status oh yeah there is a capital s so if we hit enter you can see that the password is now going to be locked now uh the second step would be to disable password authentication and to use ssh keys which is exactly what i'm going to show you right now so that will pretty much ensure that you're protected from brute force attacks because you're pretty much ensuring that you cannot log into this ssh server without an ssh key right so uh what we'll do is we will create a new ssh key here and this is very this is very easy to do so uh first of all uh we need to uh we need to establish uh what user account we're going to be you know pretty much be using we've already locked out the root account and once we set up the ssh keys we'll be pretty much logging into the admin user account and the asset the ssh keys or the ssh key based authentication will only allow us to to access the admin account after which we will we will modify the uh the openssh server configuration file to disable uh password authentication so what we'll do is we'll say um ssh key gen um there we are uh t rsa and we hit enter and it's gonna ask us uh for uh it's gonna say generating public private uh rsa key pair enter the file in which to save the key so we'll say home or let's leave it in this directory hit enter we can enter our passphrase that's always recommended i'll enter password is here that'll also add an additional level of security to your ssh key because remember the ssh private key has to be kept secret so we can see that the keys have been copied into a home alexis and ssh directory here so pretty much what we can do now is uh if we change our directory into the ssh directory here you can see that we have the public and private keys right over here so what we need to do now is we need to copy the the public key onto the server so let me just explain how ssh works really quickly how the authentication works so you store your public key on your on the server and you have your private key uh with you and the private key is the most important as it's the it's pretty much the key that will allow you to authenticate successfully with the server so you need to keep it secure and backed up in the event you lose it you lose access to the server that's very important right so essentially what what's going to happen here is your private key is used for encryption right so your server the ssh server will use your it will send a random string of data to you the ssh client uh after which the ssh client will encrypt that a random string of data with the private key and send the encrypted data to the server the server will then use your public key to decrypt it and if it then matches and you know so on and so forth i'll explain that in a second so what we can do now is we need to copy this so we say ssh copy id and we specify the the server so we say 192.168.1.113 and we hit enter it's going to ask you you can see it's asking for the user alexis but we don't want to do this remember because we want to use the uh the user admin so we're going to say admin and we're going to enter it's going to ask for admins password like so and uh with we you can see after we've entered the password is going to ask us for the it's going to tell us the number of keys added is one and we can now try try log into the machine with ssh admin and we will essentially not have uh we will not need to use passwords but before we do that uh we need to disable password authentication with ssh so to do this again we say sudo vim and i'm back on the server now ssh and we say sshd config and we hit enter and we'll go all the way to the bottom here uh am i in the right configuration file i believe so uh yes we are i believe uh your possible authentication right over here and we will change this to no so this will essentially disable the ability for you to log in to this over to this remote server via ssh with passwords so the only way you can log in is going to be through ssh keys so now i can write changes and exits here and we'll restart the um the ssh server service or the sshd service we enter and that's going to restart it for us orange so now if we exit we can essentially say ssh admin at 182 168.1.1 and i hit enter and it's going to ask me for the passphrase for the for the private key and we're going to unlock and there we are we now have access right now some of you might be saying well uh you have the private key what if the location is different so let me just show you this right now so i'll go into my ssh directory here and uh let's list all the files and i'll say i'll move the this is oh sorry sorry about that let me just go to my local directory here i can actually just log out so cd ssh and what i'll do is i'll move the private key so i'll say move id rsa to uh sorry to my desktop and i'll hit enter and now if i try and log in so i say ssh admin sorry uh states 1.113.8 enter you can see it logs in just fine however if if i didn't know the location what i would say is for example let me just exit i would say for example if i was logged in on another computer i would then say uh so again let me just go on to my desktop here if i wanted to specify a private key for logging in i would say ssh i and then i would say id rsa and then i say admin at 192.168.1.113 8 enter and typically what you want to do is you want to ensure that your private key has permissions uh you want to ensure that it can only be read by the current user and not by the group or all other users on the system so a great precaution or a great way of doing this is saying chmod 400 id rsa and that will essentially protect your private key right so that is essentially how to you know set up ssh uh and how to copy your how to set up key based authentication how to copy your ssh keys onto the server and uh we cannot talk about you know copying remote files or copying you know files remotely with ssh so again to do this is very simple what i'll do is i'll just create a file let's say touch test dot txt and i'll cut fc password into the test.txt file here and what let's say i wanted to copy this test.txt file into the ssh server what i would do is i would use the scp utility so the sap is again secure copy so i would say scp and then i would specify the file so i say touch sorry test test.txt and then i would spit i would specify the credentials so it's admin 192.168.1.113 and then i'll specify the location i want to save it in so i say home admin uh this is on the remote server by the way so home i can't seem to write admin today for some reason and i'll essentially hit enter and you can see that it actually copied quite quickly so now if we try and log in so we say ssh uh 113 and eight enter and we list the files within the home directory for admin you can see that we have the test.txt file and if i catch the content here it's the it's the password information for the uh for my client right over here which is running ubuntu and you can see my user accounts there so um that is pretty much how to use ssh how to set it up how to set up authentication how to protect uh your root user account how to copy file securely how to set up key based authentication so i hope that was comprehensive enough let me know if you have any questions or suggestions and are happy to respond to them and i'll be seeing you in the next video [Music] you

Original Description

Welcome to the Linux Essentials For Hackers series, where we will be covering the 20% you need to know to be efficient with Linux. In this video, we will take a look at how to setup OpenSSH and SSH key-based authentication. This series is sponsored by Linode, use the link below to get 20$ in free credits. https://promo.linode.com/hackersploit/ Promo code: HACKERSPLOIT20 ◼️Get Our Courses: Python For Ethical Hacking: https://www.udemy.com/python-for-ethical-hacking-develop-pentesting-tools/?couponCode=PFEHJUN Ethical Hacking Bootcamp: https://www.udemy.com/the-complete-ethical-hacking-bootcamp/?couponCode=TCEHB2019 ◼️Our Platforms: Blog: https://hsploit.com/ HackerSploit Forum: https://hackersploit.org/ HackerSploit Cybersecurity Services: https://hackersploit.io HackerSploit Academy: https://www.hackersploit.academy HackerSploit Discord: https://discord.gg/j3dH7tK HackerSploit Podcast: https://soundcloud.com/hackersploit iTunes: https://itunes.apple.com/us/podcast/the-hackersploit-podcast/id1439732519?mt=2 ◼️Support us by using the following links: Patreon: http://patreon.com/hackersploit I hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to post them in the comments section or on my social networks. Social Networks - Connect With Us! ------------------------------- Facebook: https://www.facebook.com/HackerSploit/ Twitter: https://twitter.com/HackerSploit Instagram: https://www.instagram.com/hackersploit/ Patreon: http://patreon.com/hackersploit -------------------------------- Thanks for watching! Благодаря за гледането Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة #Linux#Hacking
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches how to setup OpenSSH and SSH key-based authentication on Linux, which is crucial for secure remote access and a fundamental skill for hackers and cybersecurity professionals.

Key Takeaways
  1. Install OpenSSH on Linux
  2. Generate SSH keys
  3. Configure SSH key-based authentication
  4. Test SSH connection
💡 SSH key-based authentication provides an additional layer of security compared to traditional password-based authentication.

Related Reads

📰
Treasury Sanctions Two Individuals and VPN Firm Enabling Ransomware Attacks on Americans
US Treasury sanctions individuals and a VPN firm for enabling ransomware attacks, learn how to protect against such threats and the role of cybersecurity in preventing them
Dev.to · Codego Group
📰
Inside-Out Learning
Learn how to prepare students for a career in cybersecurity by teaching them to think, build, defend, and adapt
Medium · Cybersecurity
📰
GhostExodus Forces Cybersecurity to Trust a Rule-Breaker
Learn how a former rule-breaker's transformation raises questions about trust in cybersecurity
Dev.to · XOOMAR
📰
​Supply Chain Attacks Are Forcing Threat Detection To Focus On What Code Can Do
Supply chain attacks are shifting threat detection focus to code capabilities, requiring a merge of dev speed and security scrutiny
Forbes Innovation
Up next
Cryptography Explained Visually — Watch AES, RSA, TLS & More Work Step by Step
Zariga Tongy
Watch →