环境
(1)Kali(源主机),IP:10.211.55.4/24
(2)Ubuntu(目标主机),IP:10.211.55.5/24
SSH
OpenSSH
用于在远程系统上安全的运行Shell
,假设现在需要在Kali
机器上通过root
用户远程登陆另一台机器Ubuntu
,那么就可以使用SSH
服务,但是使用SSH
登录每次都需要输入密码,为了节省时间,可以配置SSH免密登陆
。这样Kali
这台机器就可以通过SSH
直接登陆到Ubuntu
。
SSH免密登陆
主机连通性
首先使用ping
命令确保两台主机的连通性。
┌──(root㉿kali-linux-2022-2)-[~]
└─# ping 10.211.55.5
PING 10.211.55.5 (10.211.55.5) 56(84) bytes of data.
64 bytes from 10.211.55.5: icmp_seq=1 ttl=64 time=0.928 ms
64 bytes from 10.211.55.5: icmp_seq=2 ttl=64 time=0.818 ms
64 bytes from 10.211.55.5: icmp_seq=3 ttl=64 time=0.832 ms
^C
--- 10.211.55.5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2050ms
rtt min/avg/max/mdev = 0.818/0.859/0.928/0.048 ms
创建配置文件
在Kali
虚拟机虚拟机下创建SSH
配置文件~/.ssh/config
,先使用mkdir .ssh
创建.ssh
文件夹,然后进入.ssh
文件夹通过touch config
命令创建config
文件,并在文件中配置以下按照格式配置以下信息:
Host 目标主机的别名
HostName 目标主机的IP或者域名
User 登陆目标主机使用的用户名
在Kali
上配置如下:
┌──(root㉿kali-linux-2022-2)-[~]
└─# cat ~/.ssh/config
Host ubuntu
HostName 10.211.55.5
User parallels
创建密钥
使用ssh-keygen
命令创建密钥,所有的配置默认即可。
┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:b/TY2e8TfhNTQu+lx+cnstlRZAeKEICVgKyGc2DeWy8 root@kali-linux-2022-2
The key's randomart image is:
+---[RSA 3072]----+
| . ..+ooo. . |
|..o . . . . ... |
|+o. . .. .+|
|+o.. . .o=|
|.o o . S . =+|
| . E . o + o.==|
| . + + +o=|
| . .o.*+|
| oo.oB|
+----[SHA256]-----+
创建完成之后,可以在.ssh
文件下看到多出了两个文件:id_rsa
和id_rsa.pub
,id_rsa
是私钥,
id_rsa.pub
是公钥。
┌──(root㉿kali-linux-2022-2)-[~]
└─# ls .ssh
config id_rsa id_rsa.pub
发送公钥
现在只要将公钥传给你需要登录的主机即可,在这里就是将公钥传给ubuntu
虚拟机,可以直接使用ssh-copy-id ubuntu
将密钥传过去,这里的ubuntu
就是之前在config
文件里设置的别名。这里只需要输入一次parallels
用户登陆ubuntu
时使用的密码,也就是在config
文件里设置的用户名对应的密码。
┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# ssh-copy-id ubuntu
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.211.55.5 (10.211.55.5)' can't be established.
ED25519 key fingerprint is SHA256:lN78YGD118UAp/ZmzrtWnrqicHaFkJbs5pIZfTH06b0.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
parallels@10.211.55.5's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu'"
and check to make sure that only the key(s) you wanted were added.
第一次与陌生的主机建立连接之后会自动创建.ssh/know_hosts
文件,这个文件中记录的是连接过的主机的信息
登录测试
完成上述步骤之后,通过ssh 主机别名
的方式就可以实现免密登陆,退出时直接使用exit
就可以退出。
┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# ssh ubuntu
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
129 updates can be applied immediately.
32 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Last login: Mon Aug 29 22:20:01 2022 from 10.211.55.4
parallels@ubuntu:~$
parallels@ubuntu:~$ exit
logout
Connection to 10.211.55.5 closed.
ssh和sshd
ssh
是OpenSSH
的服务端,sshd
是OpenSSH
的客户端。
配置文件
有关SSH
的配置文件在/etc/ssh
目录下
┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# cd /etc/ssh
┌──(root㉿kali-linux-2022-2)-[/etc/ssh]
└─# ls
moduli sshd_config.d ssh_host_ed25519_key.pub
ssh_config ssh_host_ecdsa_key ssh_host_rsa_key
ssh_config.d ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub
sshd_config ssh_host_ed25519_key
其中,ssh_config
的配置是针对ssh
的,sshd_config
的配置是针对sshd
的,这两个文件根据当前机器是用作客户端还是服务端对应修改的,配置文件中的具体内容在后面用到时再详解解释。
root用户远程登录
root
用户默认是不允许远程登录的,如果想要开启root
用户远程登录,需要在ubuntu
上找到/etc/ssh
中的配置文件sshd_config
,然后将这个文件的权限改为读写:
parallels@ubuntu:~$ cd /etc/ssh/
parallels@ubuntu:/etc/ssh$ sudo chmod 666 sshd_config
接着在这个文件末尾添加PermitRootLogin yes
,最后使用service ssh restart
命令重启SSH
服务。
这时,在Kali
上,将~/.ssh/config
中的User
改为root
:
Host ubuntu
HostName 10.211.55.5
User root
通过ssh-copy-id ubuntu
将密钥传过去:
┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh-copy-id ubuntu
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.211.55.5's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu'"
and check to make sure that only the key(s) you wanted were added.
这样就可以实现root
用户的免密登录:
┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh ubuntu
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
129 updates can be applied immediately.
32 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
root@ubuntu:~# who am i
root pts/1 2022-08-29 23:02 (10.211.55.4)
root@ubuntu:~# exit
logout
Connection to 10.211.55.5 closed.