Remote Access to Raspberry Pi running Kali 2020.4 via AWS Lightsail

Using a Raspberry Pi as a remote access device for sysadmin or pentesting purposes is a fairly popular concept. Kali 2020.4 made some significant changes to the distro that seems to break a great deal of the content on the web about setting up a reverse shell. After recently upgrading my Kali box, my remote access crapped itself. I keep pretty meticulous notes on how to setup my Pi/Kali/Lightsail environment. And the newest version of Kali made it all moot. After many hours of pulling my hair out, I reconstituted all functionality with the following steps. This assumes starting from a clean install of Kali 2020.4.

1. Setup autologin at boot

#>nano /etc/lightdm/lightdm.conf

Add the following….

[SeatDefaults]
autologin-user=kali
autologin-user-timeout=0
user-session=ubuntu

2. Install AutoSSH

#>sudo apt install autossh

3. Generate SSH Keys

On the Ras Pi

#> mkdir ~/.ssh
#> cd ~/.ssh
#> ssh-keygen -t rsa

4. Add Key to C2 Server

Copy the contents id_rsa.pub and add to your remote C2 server (Lightsail in my case). The contents should be added to the authorized_keys file found in /home/ubuntu/.ssh

On the Ras Pi (Optional, Just a Test)

#> ssh <your-account>@<your-c2-ip-address>

If that works, then try this:

#> autossh -M 11166 -i ~/.ssh/id_rsa -R 6667:localhost:22 <your-account>@<your-c2-ip-address>

Then on your C2 server (Optional, Just a Test)

#> ssh -l kali -p 6667 localhost

5. Setup AutoSSH

On the Ras Pi, create a file called autossh_connect.sh and put a bash script in it.

#> nano ~/autossh_connect.sh

Then add these two lines:

#!/bin/zsh
autossh -M 11166 -N -f -o “PubkeyAuthentication=yes” -o “PasswordAuthentication=no” -i ~/.ssh/id_rsa -R 6667:localhost:22 <your-account>@<your-c2-ip-address> &

Then make it executable

#> chmod +x ~/autossh_connect.sh

6. Set the script to autorun via crontab

#> crontab -e

Add these lines to crontab:

@reboot sleep 5 && ~/autossh_connect.sh > tunnel.log 2>&1
*/1 * * * * ~/autossh_connect.sh > tunnel.log 2>&1

7. Reboot

Reboot the Raspberry Pi and the C2 server.

8. Login to the C2 Server

Once logged in to your C2 server issue the following:

#> ssh -l kali -p 6667 localhost

Viola! You should be able to login to your Raspberry Pi anywhere in the world now!

Gears of Resistance

The Bits, Bolts and Volts of Engineering, Art, and Business

Remote Access to Raspberry Pi running Kali 2020.4 via AWS Lightsail

1. Setup autologin at boot

2. Install AutoSSH

3. Generate SSH Keys

4. Add Key to C2 Server

5. Setup AutoSSH

6. Set the script to autorun via crontab

7. Reboot

8. Login to the C2 Server

1. Setup autologin at boot

2. Install AutoSSH

3. Generate SSH Keys

4. Add Key to C2 Server

5. Setup AutoSSH

6. Set the script to autorun via crontab

7. Reboot

8. Login to the C2 Server

Share this: