Kali Linux at Hetzner Cloud
When conducting an external penetration test, it can be advantageous to host your Kali machine in a location separate from your primary office. For instance, during my testing, I frequently utilize a virtual machine (VM) at Hetzner Cloud due to its reliable speed and cost-effective hourly pricing.
While it is certainly possible to mount a Kali Linux ISO, reboot the server, and perform a clean installation of Kali, this approach often requires extensive configuration. It also involves multiple reboots, partitioning, and potential issues with IPv6 address configuration.
While this approach works for occasional use, it’s not ideal for every instance, and it can be difficult to automate. As a result, I conducted some experiments to streamline the process by converting a Debian server (one that provisions quickly on Hetzner) into a Kali Linux machine.
Adding a normal user
After the deployment, I always start with the creation of a normal user and add my public SSH key to its authorized_keys file so I don’t have to login with root every time.
adduser <username>
usermod -aG sudo <username>Adding the Kali apt repositories
apt update
apt install wget gnupg dirmngr
wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
# And/or from the keyserver
gpg --keyserver hkp://keyserver.ubuntu.com --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -
apt update
apt -y upgrade
apt -y dist-upgrade
apt -y autoremove --purge
# Now install some Kali packages
apt -y install kali-linux-headless
# apt -y install kali-linux-everythingI used the kali-linux-headless for now, but as you can see below, there are more options.
After installation, reboot your machine and you will have a nice Kali box at your disposal.
Remote desktop support
Sometimes a graphical interface on your Kali box can be helpful. No worries XRDP got that covered. The initial installation and configuration is quite easy.
The installation can also be found here:
apt update
apt dist-upgrade
apt install -y kali-desktop-xfce xrdp xorgxrdp
# Change the default RDP port
sed -i 's/port=3389/port=3390/g' /etc/xrdp/xrdp.ini
# Enable XRDP service
sudo systemctl enable xrdp --now
#Start and check the XRDP service
systemctl start xrdp
systemctl status xrdpAfter starting or restarting the XRDP service, we should this status at the service.
From now on it’s possible to connect to your Kali Linux machine with the Remote Destop Connection app on your Windows computer. And because it’s just like RDP, other RDP clients should also work fine with this.
Some extra things
Take a snapshot
Create a snapshot at the Hetzner console when you have a “perfect” Kali setup. With this snapshot it’s very easy to create a now machine that is exactly the same. Be aware that the cost of the diskspace of this snapshot will be added to your invoice,
Don’t forget to refresh the SSH host keys after creating a new machine from a snapshot with the following commands:
rm -v /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
systemctl restart sshAfter refreshing the keys, you should get a warning when you connect to this machine again to warn you that the key are different.
Disable root logins with SSH
Make sure you disable root to login with ssh directly.
Use a firewall
Setup a firewall at Hetzner, allow only access that you need. Don’t forget to disable it for some tasks that don’t like a firewall and want you to hack naked.
Install the kali-tweaks tool
Tweaking and hardening with kali-tweaks tool.
sudo apt install kali-tweaks
Set a correct hostname
Set the hostname correctly with hostnamectl and the /etc/hosts file.
sudo hostnamectl set-hostname your-hostnameReboot the server after changing this.