29 June, 2012

How to Setup SSH on MobiSec

How to Setup SSH on MobiSec
Secure Ideas
Author: Secure Ideas

For most testers, MobiSec will be installed on a VM running on their testing machine, however, I recently came across the need to run MobiSec on an ESXi server, and I don’t want to have to use the vSphere client (which only runs on Windows) to access the “console” on the VM. I could setup VNC on MobiSec (maybe an idea for a future blog entry), but my needs today are just for using MobiSec as a BeEF server, and possibly for Metasploit.

Neither of these tools require the Ubuntu GUI to setup and launch, so I decided on using SSH to remote access to MobiSec. The problem is, it’s not setup for that as it wasn’t something I thought of as a need until recently. So I’m including the instructions for setting up SSH using MobiSec v1.1, which is the latest release and is available on Source Forge at http://sourceforge.net/p/mobisec. I’m sure many of you already know how to setup a ssh server on Ubuntu, so these instructions will look familiar, however, there are a couple items to be aware of on MobiSec, so be sure to look through them before you get started.

First, you will need to startup MobiSec and login.  Hopefully by now you already know the default username and password is mobisec:mobisec.  MobiSec by default comes with the OpenSSH server installed, but, if it’s been removed, you can re-install it using apt-get
     sudo apt-get install openssh-server
The next step is to configure the SSH server, but before you do, it’s a good idea to make a read-only backup copy of the config file.
     sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
     sudo chmod a-w /etc/ssh/sshd_config.backup
Now you have a backup of the config file, use your favorite editor and edit the SSH server config file as root.
     sudo vi /etc/ssh/sshd_config
The SSH server needs to be configured to not permit root login and to allow only a specific user or users, such as mobisec.  If you have added additional users to your MobiSec install, then you may want to add them as well, or instead of the mobisec user.
     PermitRootLogin no
     AllowUsers mobisec
Now it’s time to start the ssh server, or restart it if it’s already running, to have the changes made to the config file take effect.  Let’s first check if it’s running, which is always good to know how to do.  
     ps -ef | grep sshd
Check the output for /usr/sbin/sshd running as root.  If it’s not running, then you can start it using this command:
     sudo /etc/init.d/ssh start
If it’s already running, then ssh will need to be restarted using this commend.
     sudo /etc/init.d/ssh restart
It is strongly recommended to use SSH keys instead of passwords for remote access, especially if MobiSec is, or will be, accessible on the Internet or even a large internal network.  Creating the SSH key pair is performed on your remote (local) machine.  It is recommended to create and use RSA (Rivest-Shamir-Adleman) key type as the DSA (Digital Signature Algorithm) key type is considered to be less secure, however, SSH will use either.  The key pair must be created on the remote machine that will be connecting via SSH to MobiSec.  For Mac OSX and Linux platforms, the key pair is generated using the ssh-keygen command.  Firstly, a .ssh folder needs to be created, as this is where the ssh config file and rsa keys will be stored, and should have directory permissions set to be 700 (drwx——).  Once the directory is created and permissions set, the key pair can be generated and should be stored in the .ssh directory, and permissions set so that the public key (.pub file) is 644 (-rw-r–r–), and the private key is set to 600 (-rw——-).
     mkdir ~/.ssh
     chmod 700 ~/.ssh
     ssh-keygen -t rsa -f ~/.ssh/ssh_rsakey
     chmod 644 ssh_rsakey.pub
     chmod 600 ssh_rsakey
If you’re using Windows, then it is recommended to use PuttyGen (or similar product) to generate the RSA key pair.  Be sure to select RSA protocol 2 (SSH-2 RSA) and use at least 2048 bits to generate the key.  For help on generating RSA keys and setting up Putty for SSH, go to the link below.  If you use PuttyGen to generate the keys, you will need to export the public key using the Conversion -> Export OpenSSH key function.  If you created the key pair using ssh-keygen, then the private key will need to be converted for Putty by using the Conversion -> Import key function in PuttyGen.  Be sure to continue reading below as it will provide the details for setting up Putty to connect to MobiSec.
Once the key pair is created, you’ll need to copy the public key over to MobiSec.  Since SSH is up and running, you can connect to MobiSec and copy the file over.  But before you can do that, ssh has to be configured on the remote machine.  For Mac OSX and Linux, the config file needs to be created and stored in the ~/.ssh folder
     vi ~/.ssh/config
To create the config file, you will need the IP address or resolvable hostname of MobiSec.  The default port number for SSH is 22.  If you need to use a different port number, it must be configured in both sshd_config on MobiSec, and in the config file on the remote machine, which of course need to be the same. To change the port number in the sshd_config on MobiSec, search for Port and replace the number 22 with the desired port.  Don’t forget to restart SSH on MobiSec if you change the port number.  The config file on the remote machine should look something like this:
     Host ssh-mobisec
          Hostname <enter IP address of MobiSec here>
          Port     <port number that is configured in sshd_config on MobiSec>
Once the config file is ready, connect to MobiSec via SSH using the following syntax:
     ssh <username>@<hostname>
So for our configuration, the command would be:
     ssh mobisec@ssh-mobisec
Enter the password for the mobisec user account (mobisec) and you should then be connected.  Before we can copy the public rsa key file, we need to create a folder to store it in.  The sshd_config file has a setting for the default location for authorized keys, which should be %h/.ssh/authorized_keys (the %h refers to the home directory of the current user, which for mobisec is /home/mobisec).  
     mkdir ~/.ssh
Once the .ssh folder is created, the public rsa key can be copied over to MobiSec using the following syntax:
     scp <local filename> <username>@<hostname>:<remote directory path/filename>
To copy the public key that was just created to the mobisec home directory, the command would be:
     scp ssh_rsakey.pub mobisec@ssh-mobisec:/home/mobisec/.ssh/authorized_keys
Once the rsa public key is copied over to MobiSec, the sshd_config file must be modified to disable password authentication.  Edit /etc/ssh/sshd_config and search for #PasswordAuthentication, and replace it with this:
     PasswordAuthentication no
Once the sshd_config file has been modified and saved, ssh must be restarted.
     sudo /etc/init.d/ssh restart
On your remote (local) machine, logout of the current ssh session and attempt to reconnect.
     ssh mobisec@ssh-mobisec
You should now be logged in via ssh using your RSA key pair and not prompted for a password. 


Join the professionally evil newsletter

Related Resources