The Secure Shell (SSH) allows cryptographically secure remote system management and file transfers. Utilizing various encryption techniques, SSH ensures the link between a client and a server against illegal access and attacks. In other words, Secure Shell, also called Secure Socket Shell, is a custom that enables you to connect safely and securely to a remote computer or a server by utilizing a text-based interface. When a secure SSH connection is set, a shell session can be started, and users can manage the server by entering commands within the client on the local computer. System and network administrators utilize this custom the most.
Reducing vulnerabilities in the Secure Shell (SSH) protocol is core to assuring the safety of the Linux environment. In this virtual lab, learners will learn the most common and essential Linux SSH security measures that can be taken to make their servers more secure. They will learn how to use the key pairs and how to follow the other prescribed best practices, such as connecting via SSH without using a password and key pair to improve the overall security significantly. Other guided challenges in this series are "Test and Mitigate Default Port Vulnerabilities" and "Configure SSH To Connect Without Passwords."
Understand the Scenario
In this challenge, you are a system administrator for a company that is implementing security improvements. The job responsibility is to improve the security posture of the organization by implementing a policy that requires Linux users to verify SSH connections by using an encrypted key pair only. Transmitting passwords, even in encrypted form, is no longer permitted. To accomplish this task, first, you will reconfigure SSH to accept only connections that use an encrypted key pair, and then you will set up a connection for the user jsnow on the Ubuntu workstation. In this lab, learners will use a Kali Linux server and an Ubuntu workstation to connect to the server.
Verify that SSH connections require a password
Before you begin reconfiguring the server, it is a good practice to establish an SSH connection to the server to verify the original configuration. For this, you will first sign in to the Ubuntu -workstation as jsnow and open the terminal. You will then learn how to establish an SSH connection for the root user to Server1 by using the given IP address and verify that you can create a connection and how to disconnect from Server1.
Create a set of keys on the client
SSH keys allow the self-regulation that makes new services efficient and effective. They give accessibility and enhanced security when properly configured. The SSH keys are just like passwords. They provide access and authority to various users. One cannot have confidentiality and the integrity of the widespread availability of systems without managing SSH keys. In this section of the lab, learners will first generate a set of encryption keys by using the ssh-keygen tool and save the keys in the default location. After this, they will learn how to configure a blank passphrase. The keys generated by ssh-keygen are stored locally in the .ssh subdirectory. Finally, they will check and confirm that the new key files exist in the .ssh directory.
Copy the keys to the Kali server
After creating the set of keys on the client machine, the next step is to copy the keys to the Kali server. For this, learners will use the .ssh directory to rename the key file by opening an SFTP connection to Server1 by using the IP address. Before you upload files, you should make sure that the .ssh directory does not exist. If it already exists, you need to make sure that you're not going to overwrite any existing files before uploading. Finally, learners will review the directories on server 1 and confirm that they have uploaded a correct file to Server1 and renamed it as authorized_keys.
Disable password authentication on Server1
Now that you can connect by using a key pair instead of password authentication, the next step is to disable the password authentication option altogether. For this, learners will learn how to restart the SSH service and then disconnect. Next, they will detach from the SFTP session and open an SSH connection to Server1 by using the given IP address. Secure File Transfer Protocol (SFTP) is a stable version of the File Transfer Protocol (FTP). It allows data transfer over a Secure Shell data stream. Finally, you will restart the SSH service and then disconnect. After successfully disabling the password authentication on server 1, you will attempt to sign in to Server1 as jsnow and then review the error message that is displayed.
Lab Summary Conclusion
After completing the "Configure SSH To Connect Without Passwords" virtual lab, you will have accomplished the following:
- Connected via SSH by using a password
- Configured SSH to connect by using a key pair
- Connected via SSH without using a password