I am in the process of taking the Practical Junior Penetration Tester (PJPT) course from TCM Security and immediately started experiencing problems as I was following the course material. One such issue actually prevented me from utilizing SSH to its full capacity.
As of Kali Linux 2022.1, it’s possible to configure your local SSH service in “wide-compatibility mode” in order for it to be able to connect to as many SSH servers as possible. You’ll almost certainly need to enable this option if you plan on doing any testing or scanning of older or vulnerable SSH servers.
Here are a couple examples of errors that I was experiencing in THC-Hydra that enabling wide-compatibility mode was able to resolve.
[ERROR] could not connect to ssh://172.16.0.25:22 - kex error : no match for method kex algos: server [diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1], client [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256]
[ERROR] could not connect to ssh://172.16.0.25:22 - ssh_set_client_kex: Out of memory
kali-tweaks
to launch the Kali Tweaks GUI.Hardening
from the Main Menu.SSH client
option, and Apply
When this option is enabled a new SSH configuration is created at /etc/ssh/ssh_config.d/kali-wide-compat.conf
. The contents of my kali-wide-compat.conf
file look like this as of 2024-09-01
.
# The configuration below enables legacy ciphers and algorithms,
# to allow interacting with old servers that still use those.
#
# If the setting(s) in this file are not desirable, do NOT
# modify this file. Instead, start 'kali-tweaks' in a
# terminal and change the setting from there.
Host *
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com
MACs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-dss-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com
Once this option is enabled you’ll need to restart the Linux SSH service using the following command.
sudo service ssh restart
or
sudo systemctl restart ssh
After SSH has finished restarting you should be able to connect to “outdated” SSH ciphers without any issues.
Happy penetration testing!
Written by: Justin
Tagged as: kali, kali-tweaks, wide-compatibility mode, crypto, linux, penetrating testing, hydra.
©Copyright roguesecurity.ca 2024. All Rights Reserved.
Post comments (0)