Hacking SSH

Hacking SSH

Gou wanted to learn how to hack into another machine using SSH. To do this, he bought a Raspberry Pi on Adafruit and when he got the package, he plugged it in using the USB C port. He also needed some other materials to get going so he made a checklist:

  • Raspberry Pi 4
    • Newest/fastest is Raspberry Pi 4 Model B
  • Power supply
    • At least 3 amps for RPI 4 or 2.5 amps for RPI 3, 2, and 1
    • RPI 4 has a USB-C port to connect
    • RPI 3, 2, and 1 have a micro-USB port to connect

  • USB keyboard and mouse
  • TV or monitor
    • RPI 4 has two micro HDMI ports. RPI 3, 2, and 1 have an HDMI port
    • HDMI to HDMI cable, HDMI to micro HDMI, or adapters depending on the port on your screen and Pi

He was ready to begin so he started making his own tutorial. 

 

Gou’s SSH Tutorial

Part 1: Flashing and Installing Raspbian OS

  • Go to https://www.raspberrypi.org/software/ and install Raspberry Pi Imager for your OS
  • After it is done installing, open up the imager
  • Click on “Choose OS” and select “Raspberry Pi OS (32-bit)”  (top option)

  • Insert your microSD card into the appropriate slot in your computer (depends on computer)
    • Might need a reader/adapter if your computer does not have a slot

  • Click on “Choose Storage” and scroll until you find the microSD you want to install the OS onto
  • Click on “Write” and wait until the Imager is done flashing the OS onto the card

  • Once it is done, remove the microSD card from the reader and insert it into the Raspberry Pi at the appropriate slot
    • If your SD card is inside and adapter, slide it out to put it into the Pi
  • Plug in your keyboard, mouse, and monitor, and then plug the Pi into the power supply
    • For a RPI 4, the screen should be plugged into the first port labeled HDMI0
  • Once the Pi is plugged in, you should see a red LED light up and the OS desktop should appear on your screen
  • The first time you set up your Raspberry Pi there will be a setup application that opens where you are able to select your country, language, time zone, password, and network

Disable "Welcome to Raspberry Pi" setup wizard at system start - Raspberry  Pi Forums

  • You will need to reboot once the setup is complete

 

Part 2: Configuring SSH on RPI and connecting from computer

  • On your Raspberry Pi screen, click the RPI logo on the top-left corner, click Preferences, and then click Raspberry Pi Configuration
  • Click Interfaces and make sure SSH is set to Enable

  • Find and copy down the IP address of your Pi
    • You can either hover over the Wi-Fi logo or open the terminal on your Pi and type ifconfig eth0

  • For Mac:
    • On your Mac, open up the terminal and type “ssh [profile]@[RPI IP address]”
      • By default the profile name of your RPI is set to “pi”
      • For example if your IP address was 01.234.56.789 and you did not set a profile name, you would type ssh pi@01.234.56.789
      • Type in the password of your Pi and hit Enter
        • By default it is “raspberry"
      • For Windows:

        • Give the session any name you want and click Open
        • On the command line that opens, type your Pi’s profile name after “login as:”
          • Set to “pi” by default
          • Then type in the password
            • Set to “raspberry” by default

          You have now connected to your Pi’s SSH server from your laptop.

           

          Part 3: Authenticating public key to connect without a password

          You can access your Pi from another computer without needing to login with a password every time you connect by adding your computer’s public key as a known host to your Pi’s ssh server.

          • If you are on Windows, do these 4 steps first to install the OpenSSH Client:
            • Open settings and click on Apps
            • Go to the Apps & Features tab and click on Optional Features

                • Search “OpenSSH Client” to see if it shows up and is already installed
                • If it isn’t, then click on Add Feature, search for “OpenSSH Client”, and click install

                • Re-open your terminal/command prompt, type ssh-keygen, and hit enter
                • Hit enter again
                  • This saves the generated rsa key pair to the default/recommended location
                  • If it says a key pair already exists you can overwrite it by typing y
                  • When the “Enter passphrase” prompt appears, hit enter to leave the passphrase empty so you do not need to unlock it every time you want to use it
                  • Hit enter again to confirm the empty passphrase
                  • You should see a randomart image of your private key, do not share this with anyone.

                    • You can also see what your public key looks like by typing cat ~/.ssh/id_rsa.pub
                      • Now type “ssh-copy-id [profile]@[RPI IP address]” (similar to how you connected before) and hit enter to copy your computer's public key to the list of authorized keys in your Raspberry Pi
                        • For example ssh-copy-id pi@01.234.56.789
                        • Type in your pi’s password and hit enter
                          • Set to “raspberry” by default
                          • You should see a message saying 1 key was added if everything was entered correctly

                            You can now test that it worked by entering “ssh [profile]@[RPI IP address]” like you did in Part 1 but now you will not need to login with a password.