Upgrading and Securing SSH Connection

Introduction

Welcome to the Upgrading and Securing SSH Connection Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Connecting to Kali
• Upgrading OpenSSH
• Adding Sudo User
• Regenerate SSH keys to avoid MITM attacks
• MOTD (Message of the Day)
• Change the SSH Port

After completing this lab, you will be able to:

• Connect to Windows 10 and Kali
• Remove old OpenSSH
• Install an upgraded OpenSSH
• Add a new user
• Test SSH Connectivity with Putty
• Produce new keys
• Edit the MOTD
• Edit the SSH port value

Exam Objectives

The following exam objectives are covered in this lab:

• CAS-003 4.3 Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives
• CAS-003 4.4 Given a scenario, implement cryptographic techniques..

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Connecting to Kali

You will first connect to Kali which will permit the path to configure SSH installation and configure into the Linux system.

Learning Outcomes

After completing this exercise, you will be able to:

• Connect to Kali

Exercise 2 - Upgrading OpenSSH

SSH like all protocols needs to be updated, as well as the services which manage those protocols. Moving to a more up-to-date version of the service helps to overcome vulnerabilities in older types and assists in making sure no data is being leaked out unnecessarily from the connection.

Learning Outcomes

After completing this exercise, you will be able to:

• Remove old OpenSSH
• Install an upgraded OpenSSH

Exercise 3 - Adding Sudo User

Kali inherently has the main user as root, which can be dangerous in the wrong hands because it has all the administrative privileges and can perform any task. Adding a non-root user to Kali is trivial and is essential to maintaining good security measures within a system.

Learning Outcomes

After completing this exercise, you will be able to:

• Add a new user
• Test SSH connectivity with Putty

Exercise 4 - Regenerate SSH Keys to Avoid MITM Attacks

Default SSH keys are vulnerable from the fact that they are possible to guess. Therefore, changing those keys is an immediate, secure enhancement to the connection.

Learning Outcomes

After completing this exercise, you will be able to:

• Produce New Keys

Exercise 5 - Display Message of the Day (MOTD)

The MOTD is a legal requirement for all networks to present on a connection with the European Union and is good practice when considering computing ethics. The message should be clear and robust in its nature, avoiding confusion on terms and meanings as much as possible.

Learning Outcomes

After completing this exercise, you will be able to:

• Edit the MOTD

Exercise 6 - Change the SSH Port

Changing the SSH port helps to evade obvious detection by sniffing tools and port scanners by placing the connection on a port value not normally recognized for SSH connections. This form of obfuscation acts only to bypass common port scans initially.

Learning Outcomes

After completing this exercise, you will be able to:

• Edit the SSH port value