Now that we have prepared servers and the ability to create security certificates, let's look at the possibility of installing a secure remote management service for our servers. The best solution for this purpose is SSH.
SSH (short for Secure Shell) is a network application layer protocol that allows remotely managing operating systems and the tunneling of TCP connections (for example, to transfer files). It has similar functionality as telnet or rlogin, but unlike them, it encrypts all traffic, including transmitted passwords. SSH clients and SSH servers are available for most network operating systems.
While SSH is built-in in all Linux server distributions, Windows does not have it by default and we would like to install it in order to make our lab more complicated, which is always good for attack practicing.
There are several solutions in the software market, but in our laboratory we are using freeSSHd. Like its name says, freeSSHd is a free, simple implementation of an SSH server that provides full functionality of SSH protocol.
The installation packet can be found on the website http://www.freesshd.com/?ctt=download. After downloading and installing freeSSHd, we can start freeSSHd as a normal application or as a Windows service. In the management application, we can set up the main parameters:
- Start or stop SSH server
- Select encryption cipher
- Traffic tunneling parameters
- Manage host restrictions
- Setup interface and port number which will be used
- Setup command shell that will be used
- Select encryption key that will be used (this is the most important one)
All parameters are intuitive, so we will not be consider them in detail. But we will consider user management as the most important part of it at the moment.
In the Users tab we have three buttons: New, Edit, and Remove. Click on New and the User properties window appears. Here, we should choose the authorization method. We have three options:
- NT authentications (Use functionality of the operating system)
- Password stored as SHA1 hash (Use built-in functionality of freeSSHd)
- Public key (SSH only)
Since we have a domain and we can use domain user authentication procedures, let's select NT authentication. We need to specify the domain name in the Domain textbox; in our case, it is lab.local. In the Login textbox, we should enter the username of the existing domain user. After all of this, let's set up rights which will be granted to this user by checking the appropriate fields in the User can use section (shell, file transfers, and traffic tunneling).
After the user account is created and the service is started, we can try to connect to our management service on a remote server.