SSH Authentication HACKS! Kali, Debian, Ubuntu Linux (Step-by-Step)

If you’re still using passwords for managing your servers, it’s time to switch to a more secure and efficient method—SSH keys. This guide will walk you through setting up key-based authentication between two Linux servers.

Why SSH Key-Based Authentication?

Passwords are vulnerable to being stolen, guessed, or brute-forced. In contrast, SSH keys provide a more secure alternative by utilizing asymmetric cryptography. This involves two keys: a public key and a private key.

• Public Key: Stored on the server.
• Private Key: Stored securely with you.

When you attempt to log in, the server checks if the private key matches the public key, allowing access only if they match.

Prerequisites

In this tutorial, we’ll be working with two servers:

• Source Server (e.g., Ubuntu): Where we will generate the keys.
• Destination Server (e.g., Debian): Where we will install the public key.

Step 1: Get IP Addresses

First, let’s retrieve the IP addresses of both servers. On each server, run:

hostname -I

Keep note of the IP addresses.

Step 2: Generate SSH Keys

On the source server, navigate to your home directory and generate an SSH key pair using the following command:

ssh-keygen -t rsa -b 4096

You’ll be prompted to name the key and provide a location. For example, if your username is user123, you might store it at /home/user123/.ssh/test_key.

Note: You can skip setting a passphrase for now.

After generating the keys, you’ll see a Randomart image representing your key.

Step 3: Verify the Keys

Check the contents of your .ssh directory:

cd ~/.ssh
ls

You should see two files:

• test_key (Private Key)
• test_key.pub (Public Key)

To view the contents of the keys:

cat test_key     # Private Key
cat test_key.pub # Public Key

Step 4: Transfer the Public Key to the Destination Server

Next, we’ll transfer the public key from the source server to the destination server. On the destination server:

nano ~/.ssh/authorized_keys

If you already have keys in this file, just append the new public key. To do this:

• On the source server, run:

cat ~/.ssh/test_key.pub

• Copy the output and paste it into the authorized_keys file on the destination server.

Once done, save and exit the editor with Ctrl+X and Y.

Step 5: Configure SSH for Security

Now let’s make sure SSH is configured securely on the destination server. Open the SSH config file:

sudo nano /etc/ssh/ssh_config

Ensure the following settings are applied:

• PasswordAuthentication no
• PermitRootLogin no

Save and close the file.

Step 6: Connect to the Destination Server

From the source server, use the following command to connect to the destination server via SSH:

ssh -i ~/.ssh/test_key <username>@<ip-address-of-destination-server>

Replace <username> with your actual username on the destination server and <ip-address-of-destination-server> with the destination server's IP address.

This will log you in without needing a password.

Troubleshooting

If you encounter any issues connecting, you can use the -v option for verbose output:

ssh -i ~/.ssh/test_key -v <username>@<ip-address-of-destination-server>

For more detailed debugging, you can use -vvv:

ssh -i ~/.ssh/test_key -vvv <username>@<ip-address-of-destination-server>

Step 7: Clean Up

To undo the key setup, follow these steps:

1. On the source server:
   Remove the keys you created:

rm ~/.ssh/test_key*

1. On the destination server:
   Remove the public key from the authorized_keys file:

nano ~/.ssh/authorized_keys

Use Ctrl+K to delete the last line (the public key), then save with Ctrl+X and Y.

Download the complete SSH SysAdmin Cheat Sheet Below...

Cheers!

Dan Duran @GetCyber