Setting up X11 Forwarding for a Remote Kali Box
If you need to open a GUI application on a remote Kali Linux box, using X11 from an SSH client can be a convenient way to do this, though it comes with some caveats. First, it can be slow. Second, you will only be able to open the GUI for individual applications, and will not have a full desktop. In addition, if you lose your SSH connection, then poof -- your GUI application disappears into an oblivion, without saving your work. Still, there are cases where X11 tunneled over SSH will be appropriate, depending on your requirements for specific tasks. Also, there are some plus sides to using X11. For instance, the clipboard integration is better than often seen with VNC clients.
In order to set up X11 forwarding in this way, you will need to enable root SSH login (with a key), so you'll need to consider the security ramifications of that. If you're already using a sudo user (like ec2-user) for SSH, in my opinion there's not really going to be that much additional risk presented by using a root user, but only you can fully evaluate the ramifications for your environment. Below are the steps for setting things up so that you can SSH from a Linux SSH client and run remote GUI applications locally via X11 forwarding. This can also be done with PuTTY from a Windows client but you'll have to google that one. Whether you're using a Linux or Windows SSH client though, you'll still need the server to be setup, which is shown in the steps below.
One more thing: The methodology I'll show for copying the SSH key (ssh-copy-id), will involve temporarily enable root login with a password, which has potential security ramifications. If you don't prefer this method, there are alternatives (google it). Oh, and as always, be careful when playing with your sshd_config on a remote box, because you may lose access!
Steps:
There are a lot of things you can do with this and it's pretty interesting. Feel free to add ideas in the comments.
In order to set up X11 forwarding in this way, you will need to enable root SSH login (with a key), so you'll need to consider the security ramifications of that. If you're already using a sudo user (like ec2-user) for SSH, in my opinion there's not really going to be that much additional risk presented by using a root user, but only you can fully evaluate the ramifications for your environment. Below are the steps for setting things up so that you can SSH from a Linux SSH client and run remote GUI applications locally via X11 forwarding. This can also be done with PuTTY from a Windows client but you'll have to google that one. Whether you're using a Linux or Windows SSH client though, you'll still need the server to be setup, which is shown in the steps below.
One more thing: The methodology I'll show for copying the SSH key (ssh-copy-id), will involve temporarily enable root login with a password, which has potential security ramifications. If you don't prefer this method, there are alternatives (google it). Oh, and as always, be careful when playing with your sshd_config on a remote box, because you may lose access!
Steps:
- Connect to the SSH server and become root, if you aren't already: sudo su -
- Set a strong root password with: passwd
- nano /etc/ssh/sshd_config
- Temporarily set the following: PasswordAuthentication yes
- And also set this temporarily: PermitRootLogin yes
- service ssh restart
- Run this from the SSH client box: ssh-keygen -f <output-filename>
- And this from the SSH client box: ssh-copy-id -i ~/.ssh/<filename-from-step-7> root@<ip-address>
- And also this from the SSH client box: ssh -i <filename-from-step-7> root@<ip-address>
- If everything worked, configure following in sshd_config: PasswordAuthentication no
- And also this in sshd_config: PermitRootLogin without-password
- service ssh restart
- Now disconnect and test one more time, this time with -X for X11 forwarding: ssh -X -i <filename-from-step-7> root@<ip-address>
- Run a remote GUI application as a test: gedit &
- You can run Burp Suite Community Edition with: burpsuite &
- And the Pro version with: java -jar /opt/BurpSuitePro/burpsuite_pro-linux.jar &
- You can also make curl talk to Burp: curl --proxy http://127.0.0.1:8080 http://icanhazip.com
- Or open Firefox: firefox --no-remote &
There are a lot of things you can do with this and it's pretty interesting. Feel free to add ideas in the comments.
Comments
Post a Comment