Windows 10 WSLのKali Linuxにsshを追加といろいろ

先日､インストールしたWindows 10のWindows Subsystem for Linux(WSL)上で動作するKali Linuxにsshが無いので追加しました｡

Windows 10のWSLでKali Linuxを動作させてみる

• sshのインストール
Shell

rootlinks@Win10:~$ apt-cache search ssh | grep ^ssh ssh - secure shell client and server (metapackage) ssh-agent-filter - filtering proxy for ssh-agent ssh-askpass - under X, asks user for a passphrase for ssh-add ssh-askpass-fullscreen - Under Gnome2, asks user for a passphrase for ssh-add ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-add ssh-audit - tool for ssh server auditing ssh-contact - establish SSH connections to your IM contacts using Telepathy (metapackage) ssh-contact-client - establish SSH connections to your IM contacts using Telepathy (client) ssh-contact-service - establish SSH connections to your IM contacts using Telepathy (server) ssh-cron - cron daemon allowing ssh keys with passphrases to be used ssh-import-id - securely retrieve an SSH public key and install it locally sshcommand - turn SSH into a thin client specifically for your command sshfp - DNS SSHFP records generator sshfs - filesystem client based on SSH File Transfer Protocol sshguard - Protects from brute force attacks against ssh sshpass - Non-interactive ssh password authentication sshuttle - Transparent proxy server for VPN over SSH rootlinks@Win10:~$ sudo apt-get install -y ssh Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ncurses-term openssh-client openssh-server openssh-sftp-server Suggested packages: keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh ufw The following NEW packages will be installed: ncurses-term openssh-client openssh-server openssh-sftp-server ssh 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 1,829 kB of archives. After this operation, 9,722 kB of additional disk space will be used. (snip)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

rootlinks@Win10:~$ apt-cache search ssh | grep ^ssh ssh - secure shell client and server (metapackage) ssh-agent-filter - filtering proxy for ssh-agent ssh-askpass - under X, asks user for a passphrase for ssh-add ssh-askpass-fullscreen - Under Gnome2, asks user for a passphrase for ssh-add ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-add ssh-audit - tool for ssh server auditing ssh-contact - establish SSH connections to your IM contacts using Telepathy (metapackage) ssh-contact-client - establish SSH connections to your IM contacts using Telepathy (client) ssh-contact-service - establish SSH connections to your IM contacts using Telepathy (server) ssh-cron - cron daemon allowing ssh keys with passphrases to be used ssh-import-id - securely retrieve an SSH public key and install it locally sshcommand - turn SSH into a thin client specifically for your command sshfp - DNS SSHFP records generator sshfs - filesystem client based on SSH File Transfer Protocol sshguard - Protects from brute force attacks against ssh sshpass - Non-interactive ssh password authentication sshuttle - Transparent proxy server for VPN over SSH   rootlinks@Win10:~$ sudo apt-get install -y ssh Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed:   ncurses-term openssh-client openssh-server openssh-sftp-server Suggested packages:   keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh ufw The following NEW packages will be installed:   ncurses-term openssh-client openssh-server openssh-sftp-server ssh 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 1,829 kB of archives. After this operation, 9,722 kB of additional disk space will be used. (snip)

• sshクライアント

当たり前ですが､他のサーバに接続できました｡

Shell

rootlinks@Win10:~$ ssh -V OpenSSH_7.6p1 Debian-4, OpenSSL 1.0.2n 7 Dec 2017 rootlinks@Win10:~$ ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

1 2 3 4 5 6 7 8 9 10 11

rootlinks@Win10:~$ ssh -V OpenSSH_7.6p1 Debian-4, OpenSSL 1.0.2n  7 Dec 2017   rootlinks@Win10:~$ ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]            [-D [bind_address:]port] [-E log_file] [-e escape_char]            [-F configfile] [-I pkcs11] [-i identity_file]            [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]            [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]            [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]            [user@]hostname [command]

• sshサーバ
Shell

rootlinks@Win10:~$ cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123

rootlinks@Win10:~$ cat /etc/ssh/sshd_config #       $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $   # This is the sshd server system-wide configuration file.  See # sshd_config(5) for more information.   # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin   # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented.  Uncommented options override the # default value.   #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::   #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key   # Ciphers and keying #RekeyLimit default none   # Logging #SyslogFacility AUTH #LogLevel INFO   # Authentication:   #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10   #PubkeyAuthentication yes   # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2   #AuthorizedPrincipalsFile none   #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody   # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes   # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no   # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no   # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no   # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no   # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication.  Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes   #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none   # no default banner path #Banner none   # Allow client to pass locale environment variables AcceptEnv LANG LC_*   # override default of no subsystems Subsystem       sftp    /usr/lib/openssh/sftp-server   # Example of overriding settings on a per-user basis #Match User anoncvs #       X11Forwarding no #       AllowTcpForwarding no #       PermitTTY no #       ForceCommand cvs server

起動してみます｡起動にはinitd経由でのスクリプトが用意されています｡

Shell

rootlinks@Win10:~$ sudo /etc/init.d/ssh start [ ok ] Starting OpenBSD Secure Shell server: sshd. rootlinks@Win10:~$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 10356 104 ? Ss 10:19 0:00 /init rootlin+ 2 0.0 0.0 24408 1496 tty1 Ss 10:19 0:01 -bash root 1677 0.0 0.0 79292 820 ? Ss 11:16 0:00 /usr/sbin/sshd rootlin+ 1695 0.0 0.0 39720 1884 tty1 R 11:16 0:00 ps aux

1 2 3 4 5 6 7 8 9

rootlinks@Win10:~$ sudo /etc/init.d/ssh start [ ok ] Starting OpenBSD Secure Shell server: sshd.   rootlinks@Win10:~$ ps aux USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND root         1  0.0  0.0  10356   104 ?        Ss   10:19   0:00 /init rootlin+     2  0.0  0.0  24408  1496 tty1     Ss   10:19   0:01 -bash root      1677  0.0  0.0  79292   820 ?        Ss   11:16   0:00 /usr/sbin/sshd rootlin+  1695  0.0  0.0  39720  1884 tty1     R    11:16   0:00 ps aux

ちなみにsystemd経由ではsystemdが起動されていないのでエラーになります｡

Shell

rootlinks@Win10:~$ systemctl list-unit-files --type=service | grep ssh ssh.service disabled ssh@.service static rootlinks@Win10:~$ sudo systemctl start ssh System has not been booted with systemd as init system (PID 1). Can't operate.

1 2 3 4 5 6

rootlinks@Win10:~$ systemctl list-unit-files --type=service | grep ssh ssh.service                                disabled ssh@.service                               static   rootlinks@Win10:~$ sudo systemctl start ssh System has not been booted with systemd as init system (PID 1). Can't operate.

• ローカルでsshサーバに接続

ローカルからsshサーバに接続してみます｡

Shell

rootlinks@Win10:~$ ssh rootlinks@localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:030Sshosdflksjidrklwfsfosadifsadkfjv. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. rootlinks@localhost's password: The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. rootlinks@Win10:~$ exit logout Connection to localhost closed.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

rootlinks@Win10:~$ ssh rootlinks@localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:030Sshosdflksjidrklwfsfosadifsadkfjv. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. rootlinks@localhost's password:   The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.   Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. rootlinks@Win10:~$ exit logout Connection to localhost closed.

• リモートからsshサーバに接続

他のWindowsパソコンからKali Linuxにssh接続してみます｡
Windows Firewallが有効な場合はポート22への接続を許可するルールを追加して下さい｡




Kali LinuxにTeraTermで接続してみます｡




• rootのパスワード設定

デフォルトではrootのパスワードはtoorの設定なのですが､エラーになりました｡
Kali Linux Default Passwords
https://docs.kali.org/introduction/kali-linux-default-passwords

どちらにしろ変更は必要なので変更しました｡

Shell

rootlinks@Win10:~$ su - Password: su: Authentication failure rootlinks@Win10:~$ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully rootlinks@Win10:~$ su - Password: root@Win10:~#

1 2 3 4 5 6 7 8 9 10

rootlinks@Win10:~$ su - Password: su: Authentication failure rootlinks@Win10:~$ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully rootlinks@Win10:~$ su - Password: root@Win10:~#

• ipコマンドがエラー

ipコマンドがエラーになります｡

Shell

rootlinks@Win10:~$ ip addr DONE truncated Dump terminated

1 2 3

rootlinks@Win10:~$ ip addr DONE truncated Dump terminated

代わりにifconfigなど使いそうなプログラムをインストールしました｡

Shell

rootlinks@Win10:~$ sudo apt-get install -y file curl git net-tools rootlinks@Win10:~$ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2408:212:d01:b100:103d:4454:549a:596b prefixlen 64 scopeid 0x0<global> inet6 2408:212:d01:b100:257d:4b7:8ac3:8842 prefixlen 128 scopeid 0x0<global> inet6 fe80::103d:4454:549a:596c prefixlen 64 scopeid 0xfd<compat,link,site,host> ether 00:0c:28:bc:0a:54 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 1500 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x0<global> loop (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

rootlinks@Win10:~$ sudo apt-get install -y file curl git net-tools   rootlinks@Win10:~$ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255         inet6 2408:212:d01:b100:103d:4454:549a:596b  prefixlen 64  scopeid 0x0<global>         inet6 2408:212:d01:b100:257d:4b7:8ac3:8842  prefixlen 128  scopeid 0x0<global>         inet6 fe80::103d:4454:549a:596c  prefixlen 64  scopeid 0xfd<compat,link,site,host>         ether 00:0c:28:bc:0a:54  (Ethernet)         RX packets 0  bytes 0 (0.0 B)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 0  bytes 0 (0.0 B)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0   lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 1500         inet 127.0.0.1  netmask 255.0.0.0         inet6 ::1  prefixlen 128  scopeid 0x0<global>         loop  (Local Loopback)         RX packets 0  bytes 0 (0.0 B)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 0  bytes 0 (0.0 B)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0