A "headless" setup means any host on the network can remotely connect to a
headless client via SSH or VNC. This removes the need for peripherals to operate a server.
In this walkthrough, we will be setting up a remote Kali Linux setup on ARM architecture.
(RPi 1, 2, 3, 4, 400, Zero, Zero W)
- Kali-ARM Installation
- Booting into Kali
- OpenSSH Installation and Configuration
- Wireless Network Configuration
- Auto-login Configuration
- References
Initially, we need to download a Kali Linux image that is compatible with ARM architecture.
For this step, we're going to use Etcher. Head over to this
repo and follow the guide to install and configure Etcher on your OS.
- Make sure your chosen storage (SSD/Micro SD card) is inserted.
- Start Etcher
- Select the Kali-ARM image
- Select the storage
- Flash
The default username is 'kali' and the password is 'kali'.
Remove unnecessary packages and apt cache to allow for upgrade:
sudo apt autoremove && sudo apt autoclean
Make sure you are connected to the network, then run the updates:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
Update kali's password (for obvious reasons):
passwd kali
Run the following to install OpenSSH and update the runlevels to allow SSH on boot:
sudo apt-get install openssh-server
update-rc.d -f ssh remove
update-rc.d -f ssh defaults
Change the default keys:
cd /etc/ssh
mkdir insecure_old
mv ssh_host* insecure_old
dpkg-reconfigure openssh-server
Restart the SSH service:
sudo service ssh restart
update-rc.d -f ssh enable 2 3 4 5
Verify SSH functionality:
sudo service ssh status
The output should look similar to this:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2021-08-01 19:18:18 UTC; 1 day 8h ago
If the SSH service is NOT running:
sudo service ssh start
Navigate into this directory:
cd /etc/NetworkManager/system-connections
Verify that a .nmconnection file exists, containing the connected wireless network's information.
You can copy the template.nmconnection from this repo into this directory and replace
the template and
password fields if the file does NOT exist.
Change the permissions of this file:
sudo chmod 600 yournetwork.nmconnection
Next, we're going to edit NetworkManager.conf:
sudo nano /etc/NetworkManager/NetworkManager.conf
Change the contents of the file to this (managed=true):
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=true
Next, we're going to edit /etc/network/interfaces.
Add these lines:
auto wlan0
iface wlan0 inet dhcp
To make our Kali completely headless, we need to edit /etc/lightdm/lightdm.conf:
sudo nano /etc/lightdm/lightdm.conf
Find these lines:
#autologin-user =
#autologin-user-timeout =
There will be 4 lines (2 sets of occurences) of these same lines in this file. Change all occurences to this:
autologin-user=kali
autologin-user-timeout=0
Find this line and uncomment:
#pam-autologin-service=lightdm-autologin
You can also take a look at lightdm.conf in this repo, copy and paste everything to your
own lightdm.conf file.
Done! Run ifconfig to find Kali's IP. We're going to need this to SSH into it.
You can now boot up your Pi without a monitor or keyboard and connect via SSH:
ssh kali@<ip-address>