From charlesreid1

KaliPi.jpg

This is a guide to the post-installation process, after connecting to a freshly-installed headless Kali Linux Raspberry Pi.

Info on setting up the headless Raspberry Pi with Kali Linux 2.0: Kali Raspberry Pi/Headless Walkthrough

General info about running Kali on the Pi here: Kali Raspberry Pi

More info about all-things Kali Linux: Kali

(older, outdated information is also on the wiki at the RaspberryPi/First_Steps page.)

Post-Installation Procedure

The post-installation procedure that will be covered by the guide includes:

  • update and install software
  • set startup services
  • set configuration for programs

Change Your Password

Kali installations use a default password of "toor". Change this IMMEDIATELY. Use the passwd command.

Flush Some Turds

Three big turds that come with the Kali Raspberry Pi image that should be flushed (done away with, destroyed, vaporized, wiped from the face of the pi): apache, xfce (x windows system), and network manager.

$ apt-get remove -y apache2 xfce4 xfwm4
$ apt-get remove -y network-manager network-manager-gnome
$ apt -y autoremove

Also see Kali/Annoyances

Software Update

(If you're connecting the Pi to a computer via a crossover ethernet cable, you won't have internet access and so you won't be able to do any software updates. If you connect the Pi to a router that is connected to the internet, you will (should) have an internet connection.)

Kali uses aptitude as a software manager. Update all your packages, and upgrade your distribution:

apt-get update
apt-get -y dist-upgrade
apt-get install -y build-essential

Install Pi Toolbox

apt-get install -y vim screen tmux tshark tcpdump git stunnel

Python stuff to get pip onboard:

apt-get install -y python-dev
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py

Now "which pip" should return:

# which pip
/usr/local/bin/pip

Fix SSH Keys

OpenSSH server should be installed, but if it isn't:

apt-get install openssh-server

Remove any existing startup SSH service, and set the SSH service to run at SSH's default runlevel (that is, to run on boot):

update-rc.d -f ssh remove
update-rc.d -f ssh defaults

Next you will want to replace the default SSH keys provided on the SD card image. Move the old SSH keys somewhere else:

cd /etc/ssh/
mkdir insecure_original_default_kali_keys
mv ssh_host_* insecure_original_default_kali_keys/

And finally, make new SSH keys for this machine.

dpkg-reconfigure openssh-server

Non-Root User

Disable the ability to SSH as root, reducing risk of hijacking. (You did change the default root password, didn't you?) Make a non-root user who can sudo:

useradd charles
adduser charles sudo

Print info:

id charles

Next, disable root login via SSH.

Passwordless Login

You can transfer your computer's public key to the Pi and the Pi's public key to your computer to enable SSH access without a password (unless you set a passphrase on the public key, which is recommended).

See SSH#Passwordless Login.

The step-by-step to enable remote access FROM YOUR COMPUTER ONTO THE PI.

DO THIS STEP ONCE

1. Create public SSH key on your computer ssh-keygen -t rsa

2. Print the public key for your computer to the screen so you can copy it to the clipboard: cat ~/.ssh/id_rsa.pub

3. Remotely log into the Pi via SSH

4. Edit the list of authorized keys on the Pi by editing the file vi ~/.ssh/authorized_keys

5. Paste the contents of your public key into the Pi's authorized keys file.

END DO THIS STEP ONCE

Now you can log into the Pi by setting up the SSH agent. You will need to do this step once per login:

# this command outputs environment variable definitions
ssh-agent > ~/ssh.file
 
# execute this file, sending output to /dev/null
chmod +x ~/ssh.file
~/ssh.file > /dev/null

# this will set the variables $SSH_AGENT_PID and $SSH_AUTH_SOCK
rm -f ~/ssh.file
ssh username@pi-ip-address

Or, to make it less cumbersome, create an alias to log into the Pi. Add this to your .bashrc or .bash_profile or .aliases or whatever dot files you use.

alias pi="pi"
function pi() {
  ssh-agent > ~/ssh.file
  chmod +x ~/ssh.file
  ~/ssh.file > /dev/null
#  echo $SSH_AGENT_PID
#  echo $SSH_AUTH_SOCK
  rm -f ~/ssh.file
 
  # ssh to pi
  ssh username@pi-ip-address
}