Configuring network services and secure communications

The first step in being able to use Kali is to ensure that it has connectivity to either a wired or wireless network to support updates and customization.

You may need to obtain an IP address by DHCP (Dynamic Host Configuration Protocol), or assign one statically. First, confirm your IP address using the ifconfig command from a terminal window, as shown in the following screenshot:

In this particular case, the VM has been assigned an IP address of 192.168.204.132. If an IP address was not obtained, an address can be assigned by DHCP using the command dhclient eth0 (or other available interfaces, which will depend on the specific configuration of the system being used).

If a static IP address is used, additional information may be required. For example, you can assign a static IP of 192.168.204.128 as follows:

 host IP address: 192.168.204.128
 subnet mask: 255.255.255.0
 default gateway: 192.168.204.1
 DNS server: 192.168.204.10

Enter a terminal window and enter the following command:

root@kali:~# ifonconfig eth0 192.168.204.128/24
root@kali:~# route add default gw 192.168.204.1
root@kali:~# echo nameserver 192.168.204.10 > /etc/resolv.conf

Changes made to IP settings are nonpersistent, and will be lost when Kali is rebooted. To make the changes permanent, you will need to edit the /etc/network/interfaces file, as shown in the following screenshot:

By default, Kali does not start with the DHCP service enabled. Doing so announces the new IP address on the network, and this may alert administrators about the presence of the tester. For some test cases, this may not be an issue, and it may be advantageous to have certain services start automatically during boot up. This can be achieved by entering the following commands:

root@kali~# update-rc.d networking defaults
root@kali~# /etc/init.d/networking restart

Kali installs with network services that can be started or stopped as required, including DHCP, HTTP, SSH, TFTP, and the VNC server. These services are usually invoked from the command line, however, some are accessible from the Kali menu.

Securing communications with Secure Shell

To minimize detection by a target network during testing, Kali does not enable any externally-listening network services. Some services, such as Secure Shell (SSH), are already installed. However, they must be enabled prior to use.

Kali comes preconfigured with default SSH keys. Before starting the SSH service, it's a good idea to disable the default keys and generate a unique keyset for use.

Move the default SSH keys to a backup folder, and then generate a new SSH keyset using the following command:

dpkg-reconfigure openssh-server

The process of moving the original keys and generating the new keyset is shown in the following screenshot.

To verify that the newly generated keys are unique, calculate their md5sum hash values, and compare with the original keys as shown in the following screenshot.

To start the SSH service using the menu, select Applications | Kali Linux | System Services | SSHD | SSHD Start.

To start SSH from the command line, use the command line shown in the following screenshot:

To verify that SSH is running, perform a netstat query, as shown in the following screenshot:

The SSH daemon is listening on port 22 in the previous example. To stop SSH, use the following command:

/etc/init.d/ssh stop