Penetration and security of openssh remote secure shell service on raspberry Pi 2

© 2018 IEEE. This research presents a penetration testing approach to help secure OpenSSH service on Raspberry Pi 2. The study discusses a technique for penetrating Debian v7.1p2, installed on Raspberry Pi 2, using Kali Linux. We exploit the vulnerability found in SSH protocol exchange keys, which causes multiple CRLF injections in Raspberry Pi 2 Model B, allowing remote authenticated users to bypass intended shell-command restrictions via well crafted X11 data forwarding. We propose an innovative security model to solve the issues of allowing remote authentication access using SSH protocol exchange keys without affecting the encrypted protocols transmissions. We conclude with recommendations on how to securely mitigate MITM attacks using our secure proposed model