Using the SSH protocol to connect to a remote Linux or UNIX machine is much more secure than RSH or Telnet by a million miles. Especially if the user is using secure SSH keys. As long as they are protected from theft. Below is a simple SSH session beginning, this is connecting to a remote server over a LAN.
┏━(Message from Kali developers) ┃ ┃ This is a minimal installation of Kali Linux, you likely ┃ want to install supplementary tools. Learn how: ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-minimum-setup/ ┃ ┗━(Run: “touch ~/.hushlogin” to hide this message) ┌──(john㉿DESKTOP-PF01IEE)-[~] └─$ ssh jason@192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. ED25519 key fingerprint is SHA256:LwQeGXXSqBviREKL2VaRXzysKiB41YbRftIxnjkoSbA. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: [hashed name] Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.1.2' (ED25519) to the list of known hosts. [email protected]'s password: |
This is using a password to authenticate with the server. This is quite secure as long as the password is very strong.
You may also use the SSH keys feature instead and authenticate using an encrypted key instead of a password.
This is how to generate an SSH key for your user.
jason@jason-Lenovo-H50-55:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/jason/.ssh/id_rsa): Created directory '/home/jason/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/jason/.ssh/id_rsa Your public key has been saved in /home/jason/.ssh/id_rsa.pub The key fingerprint is: SHA256:2tTGHZQ4Ay/kIX2Wwzck+GVtTb3oXpblVsohF96jWXY jason@jason-Lenovo-H50-55 The key's randomart image is: +---[RSA 3072]----+ | ..++.+oo oo| | +ooXo* + o| | o+.B.+.o.| | +...o+=E| | S + o+=+*| | + . +o+o| | . . . o. | | . | | | +----[SHA256]-----+ |
Then append this to the ~/.ssh/authorized_keys file to allow the user to use this new key.
jason@jason-Lenovo-H50-55:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys |
This is how to create the user`s public key to connect to the server.
jason@jason-Lenovo-H50-55:~$ ssh-keygen -f ~/.ssh/id_rsa.pub -m 'PEM' -e > id_jason.pem |
Crack an SSH password with hydra and ways to avoid this in future.
To change the port used by the SSH server, use this simple script.
#!/bin/bash -ex perl -pi -e 's/^#?Port 22$/Port 443/' /etc/ssh/sshd_config /etc/init.d/ssh restart |
This will do it in one simple operation.