Using a Raspberry Pi as a remote access device for sysadmin or pentesting purposes is a fairly popular concept. Kali 2020.4 made some significant changes to the distro that seems to break a great deal of the content on the web about setting up a reverse shell. After recently upgrading my Kali box, my remote access crapped itself. I keep pretty meticulous notes on how to setup my Pi/Kali/Lightsail environment. And the newest version of Kali made it all moot. After many hours of pulling my hair out, I reconstituted all functionality with the following steps. This assumes starting from a clean install of Kali 2020.4.

1. Setup autologin at boot

#>nano /etc/lightdm/lightdm.conf

Add the following….

[SeatDefaults]
autologin-user=kali
autologin-user-timeout=0
user-session=ubuntu

2. Install AutoSSH

#>sudo apt install autossh

3. Generate SSH Keys

On the Ras Pi

#> mkdir ~/.ssh
#> cd ~/.ssh
#> ssh-keygen -t rsa

4. Add Key to C2 Server

Copy the contents id_rsa.pub and add to your remote C2 server (Lightsail in my case). The contents should be added to the authorized_keys file found in /home/ubuntu/.ssh

On the Ras Pi  (Optional, Just a Test)

#> ssh <your-account>@<your-c2-ip-address>

If that works, then try this:

#> autossh -M 11166 -i ~/.ssh/id_rsa -R 6667:localhost:22 <your-account>@<your-c2-ip-address>

Then on your C2 server  (Optional, Just a Test)

#> ssh -l kali -p 6667 localhost

5. Setup AutoSSH

On the Ras Pi, create a file called autossh_connect.sh and put a bash script in it.

#> nano ~/autossh_connect.sh

Then add these two lines:

#!/bin/zsh
autossh -M 11166 -N -f -o “PubkeyAuthentication=yes” -o “PasswordAuthentication=no” -i ~/.ssh/id_rsa -R 6667:localhost:22 <your-account>@<your-c2-ip-address> &

Then make it executable

#> chmod +x ~/autossh_connect.sh

6. Set the script to autorun via crontab

#> crontab -e

Add these lines to crontab:

@reboot sleep 5 && ~/autossh_connect.sh > tunnel.log 2>&1
*/1 * * * * ~/autossh_connect.sh > tunnel.log 2>&1

7. Reboot

Reboot the Raspberry Pi and the C2 server.

8. Login to the C2 Server

Once logged in to your C2 server issue the following:

#> ssh -l kali -p 6667 localhost

Viola! You should be able to login to your Raspberry Pi anywhere in the world now!