Kali Raspberry Pi/Post Install: Difference between revisions
From charlesreid1
| (21 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Image:KaliPi.jpg|400px]] | [[Image:KaliPi.jpg|400px]] | ||
This is a guide to connecting to a headless | This is a guide to the post-installation process, after connecting to a freshly-installed headless Kali Linux Raspberry Pi. | ||
Info on setting up the headless Raspberry Pi with Kali Linux 2.0: [[Kali Raspberry Pi/Headless Walkthrough]] | |||
General info about running Kali on the Pi here: [[Kali Raspberry Pi]] | |||
More info about all-things Kali Linux: [[Kali]] | More info about all-things Kali Linux: [[Kali]] | ||
| Line 16: | Line 20: | ||
==Change Your Password== | ==Change Your Password== | ||
Kali installations use a default password of "toor". Change this IMMEDIATELY. | Kali installations use a default password of "toor". Change this IMMEDIATELY. Use the <code>passwd</code> command. | ||
==Flush Some Turds== | |||
Three big turds that come with the Kali Raspberry Pi image that should be flushed (done away with, destroyed, vaporized, wiped from the face of the pi): apache, xfce (x windows system), and network manager. | |||
<pre> | |||
$ apt-get remove -y apache2 xfce4 xfwm4 | |||
$ apt-get remove -y network-manager network-manager-gnome | |||
$ apt -y autoremove | |||
</pre> | |||
Also see [[Kali/Annoyances]] | |||
==Software Update== | ==Software Update== | ||
(If you're connecting the Pi to a computer via a crossover ethernet cable, you won't have internet access and so you won't be able to do any software updates. If you connect the Pi to a router that is connected to the internet, you will (should) have an internet connection.) | |||
Kali uses aptitude as a software manager. Update all your packages, and upgrade your distribution: | Kali uses aptitude as a software manager. Update all your packages, and upgrade your distribution: | ||
| Line 31: | Line 49: | ||
<pre> | <pre> | ||
apt-get install -y vim | apt-get install -y vim screen tmux tshark tcpdump git stunnel | ||
</pre> | </pre> | ||
| Line 40: | Line 56: | ||
<pre> | <pre> | ||
apt-get install -y python-dev | apt-get install -y python-dev | ||
wget https:// | wget https://bootstrap.pypa.io/get-pip.py | ||
python get-pip.py | python get-pip.py | ||
</pre> | </pre> | ||
| Line 50: | Line 66: | ||
/usr/local/bin/pip | /usr/local/bin/pip | ||
</pre> | </pre> | ||
==Fix SSH Keys== | ==Fix SSH Keys== | ||
| Line 109: | Line 113: | ||
Next, disable root login via SSH. | Next, disable root login via SSH. | ||
==Passwordless Login== | |||
You can transfer your computer's public key to the Pi and the Pi's public key to your computer to enable SSH access without a password (unless you set a passphrase on the public key, which is recommended). | |||
See [[SSH#Passwordless Login]]. | |||
The step-by-step to enable remote access FROM YOUR COMPUTER ONTO THE PI. | |||
'''DO THIS STEP ONCE''' | |||
1. Create public SSH key on your computer <code>ssh-keygen -t rsa</code> | |||
2. Print the public key for your computer to the screen so you can copy it to the clipboard: <code>cat ~/.ssh/id_rsa.pub</code> | |||
3. Remotely log into the Pi via SSH | |||
4. Edit the list of authorized keys on the Pi by editing the file <code>vi ~/.ssh/authorized_keys</code> | |||
5. Paste the contents of your public key into the Pi's authorized keys file. | |||
'''END DO THIS STEP ONCE''' | |||
Now you can log into the Pi by setting up the SSH agent. You will need to do this step once per login: | |||
<pre> | |||
# this command outputs environment variable definitions | |||
ssh-agent > ~/ssh.file | |||
# execute this file, sending output to /dev/null | |||
chmod +x ~/ssh.file | |||
~/ssh.file > /dev/null | |||
# this will set the variables $SSH_AGENT_PID and $SSH_AUTH_SOCK | |||
rm -f ~/ssh.file | |||
ssh username@pi-ip-address | |||
</pre> | |||
Or, to make it less cumbersome, create an alias to log into the Pi. Add this to your <code>.bashrc</code> or <code>.bash_profile</code> or <code>.aliases</code> or whatever dot files you use. | |||
<pre> | |||
alias pi="pi" | |||
function pi() { | |||
ssh-agent > ~/ssh.file | |||
chmod +x ~/ssh.file | |||
~/ssh.file > /dev/null | |||
# echo $SSH_AGENT_PID | |||
# echo $SSH_AUTH_SOCK | |||
rm -f ~/ssh.file | |||
# ssh to pi | |||
ssh username@pi-ip-address | |||
} | |||
</pre> | |||
{{PiFlag}} | {{PiFlag}} | ||
{{KaliFlag}} | {{KaliFlag}} | ||
Latest revision as of 11:24, 17 January 2018
This is a guide to the post-installation process, after connecting to a freshly-installed headless Kali Linux Raspberry Pi.
Info on setting up the headless Raspberry Pi with Kali Linux 2.0: Kali Raspberry Pi/Headless Walkthrough
General info about running Kali on the Pi here: Kali Raspberry Pi
More info about all-things Kali Linux: Kali
(older, outdated information is also on the wiki at the RaspberryPi/First_Steps page.)
Post-Installation Procedure
The post-installation procedure that will be covered by the guide includes:
- update and install software
- set startup services
- set configuration for programs
Change Your Password
Kali installations use a default password of "toor". Change this IMMEDIATELY. Use the passwd command.
Flush Some Turds
Three big turds that come with the Kali Raspberry Pi image that should be flushed (done away with, destroyed, vaporized, wiped from the face of the pi): apache, xfce (x windows system), and network manager.
$ apt-get remove -y apache2 xfce4 xfwm4 $ apt-get remove -y network-manager network-manager-gnome $ apt -y autoremove
Also see Kali/Annoyances
Software Update
(If you're connecting the Pi to a computer via a crossover ethernet cable, you won't have internet access and so you won't be able to do any software updates. If you connect the Pi to a router that is connected to the internet, you will (should) have an internet connection.)
Kali uses aptitude as a software manager. Update all your packages, and upgrade your distribution:
apt-get update apt-get -y dist-upgrade apt-get install -y build-essential
Install Pi Toolbox
apt-get install -y vim screen tmux tshark tcpdump git stunnel
Python stuff to get pip onboard:
apt-get install -y python-dev wget https://bootstrap.pypa.io/get-pip.py python get-pip.py
Now "which pip" should return:
# which pip /usr/local/bin/pip
Fix SSH Keys
OpenSSH server should be installed, but if it isn't:
apt-get install openssh-server
Remove any existing startup SSH service, and set the SSH service to run at SSH's default runlevel (that is, to run on boot):
update-rc.d -f ssh remove update-rc.d -f ssh defaults
Next you will want to replace the default SSH keys provided on the SD card image. Move the old SSH keys somewhere else:
cd /etc/ssh/ mkdir insecure_original_default_kali_keys mv ssh_host_* insecure_original_default_kali_keys/
And finally, make new SSH keys for this machine.
dpkg-reconfigure openssh-server
Non-Root User
Disable the ability to SSH as root, reducing risk of hijacking. (You did change the default root password, didn't you?) Make a non-root user who can sudo:
useradd charles adduser charles sudo
Print info:
id charles
Next, disable root login via SSH.
Passwordless Login
You can transfer your computer's public key to the Pi and the Pi's public key to your computer to enable SSH access without a password (unless you set a passphrase on the public key, which is recommended).
The step-by-step to enable remote access FROM YOUR COMPUTER ONTO THE PI.
DO THIS STEP ONCE
1. Create public SSH key on your computer ssh-keygen -t rsa
2. Print the public key for your computer to the screen so you can copy it to the clipboard: cat ~/.ssh/id_rsa.pub
3. Remotely log into the Pi via SSH
4. Edit the list of authorized keys on the Pi by editing the file vi ~/.ssh/authorized_keys
5. Paste the contents of your public key into the Pi's authorized keys file.
END DO THIS STEP ONCE
Now you can log into the Pi by setting up the SSH agent. You will need to do this step once per login:
# this command outputs environment variable definitions ssh-agent > ~/ssh.file # execute this file, sending output to /dev/null chmod +x ~/ssh.file ~/ssh.file > /dev/null # this will set the variables $SSH_AGENT_PID and $SSH_AUTH_SOCK rm -f ~/ssh.file ssh username@pi-ip-address
Or, to make it less cumbersome, create an alias to log into the Pi. Add this to your .bashrc or .bash_profile or .aliases or whatever dot files you use.
alias pi="pi"
function pi() {
ssh-agent > ~/ssh.file
chmod +x ~/ssh.file
~/ssh.file > /dev/null
# echo $SSH_AGENT_PID
# echo $SSH_AUTH_SOCK
rm -f ~/ssh.file
# ssh to pi
ssh username@pi-ip-address
}
