If you are running Kali Linux as a live image (from a CD/DVD or USB) or have downloaded the VMWare or Vbox image, security best practice is that you should change the SSH keys that are already present in the image.
This is because the keys are the same in every image and an attacker could use this knowledge to conduct a Man in the Middle (MitM) attack on your SSH session.
The keys we need to replace are located in the
/etc/ssh directory and have the name format
-rw------- 1 root root 227 Sep 22 2016 ssh_host_ecdsa_key -rw-r--r-- 1 root root 171 Sep 22 2017 ssh_host_ecdsa_key.pub -rw------- 1 root root 399 Sep 22 2017 ssh_host_ed25519_key -rw-r--r-- 1 root root 91 Sep 22 2017 ssh_host_ed25519_key.pub -rw------- 1 root root 1679 Sep 22 2017 ssh_host_rsa_key -rw-r--r-- 1 root root 391 Sep 22 2017 ssh_host_rsa_key.pub
I suggest creating a folder in the
/etc/ssh directory and moving the existing keys into it for safe keeping.
root@kali:~$ mkdir /etc/ssh/backup-keys root@kali:~$ mv /etc/ssh/ssh_host_* /etc/ssh/backup-keys
Once the keys have been moved we can create new keys using the command
root@kali:~$ dpkg-reconfigure openssh-server Creating SSH2 RSA key; this may take some time ... 2048 SHA256:mvAt52noMi7BU4/TWj9pkKYOGvF+Jd8iDA54fEn3HrY root@kali (RSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:sn2iKR20fLJshc9pU222VSk7ipMdWtg/k6qTcFiMvRU root@kali (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:l63L+2A0qbYBABs4kDeVZxr2WgLyK5zLmZt/S8SMlKw root@kali (ED25519) insserv: warning: current start runlevel(s) (empty) of script `ssh` overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh` overrides LSB defaults (empty).
You can ignore the warnings in the last two lines of the output as the command has executed successfully.
To confirm that the new keys are different from the default ones run
md5sum against both sets of keys and compare the outputs.
root@kali:~$ md5sum /etc/ssh/ssh_host_* e3d469c240896191066351f3a8368794 /etc/ssh/ssh_host_ecdsa_key 4ead1d20ce610a7f1ae3884b5846ac6b /etc/ssh/ssh_host_ecdsa_key.pub 984898c5d8e8f21d804cef7328f3f3b4 /etc/ssh/ssh_host_ed25519_key 9523952991ea0b8412184bc21848b9e9 /etc/ssh/ssh_host_ed25519_key.pub cba13daf15ad99844a5da606524c653e /etc/ssh/ssh_host_rsa_key 5eb0d0dd1e96c340c3ab4ba2fe0fb8d5 /etc/ssh/ssh_host_rsa_key.pub root@kali:~$ md5sum /etc/ssh/backup-keys/ssh_host_* 6fe83a1e1d194bae3bf6f7144b34c365 /etc/ssh/backup-keys/ssh_host_ecdsa_key e62b60b1f3f24004f05824aed96891af /etc/ssh/backup-keys/ssh_host_ecdsa_key.pub 1a8c458c5f9376a6d8093c2689f3d233 /etc/ssh/backup-keys/ssh_host_ed25519_key 0a467903277e7a44dfbd9bcd377c9b8f /etc/ssh/backup-keys/ssh_host_ed25519_key.pub 2253eb897e5e2cae4e1d4c26aee3d4b4 /etc/ssh/backup-keys/ssh_host_rsa_key b9d4b5a1e4cc4e5904735515948aa1cd /etc/ssh/backup-keys/ssh_host_rsa_key.pub