Probably SSH is not as clean and fast as other useful tools like netcat, but it has some features which are very useful, and when you'll need them, here's how to behave with that huge amount of computers all over your house.
Probably, you already know what SSH means, but for those who don't:
SSH stands for Secure Shell and is the smarter and safer version of telnet.
Secure means that this network protocol makes use of cryptography, so that SSH servers and clients communicate trough a secure channel.
SSH is mostly used in an Unix context, however running it on Windows can be very useful.
Obviously, SSH is powerful when you have physical access to the computer when talking about offensive, but always very reliable when talking about defense, so let's say it's an important piece of knowledge in security awareness field.
For example, you may want to use SSH to have an authentication process instead of netcat (that's not going to happen any time soon, right?) or, since SSH clients are very smart and useful, easily transfer files and browse them as you mounted the server on your desktop.
I also noticed that Alex Long here on Null Byte gave a lot of interesting uses of SSH, so, go check those how-tos if you want more.
Unix-like OSes usually make use of SSH by default.
The connection works like this:
-A SSH server is started on machine 1
-A SSH client is started on machine 2
-The client tries to connect
-The server asks to authenticate
-Client provides username and password
-The connection is established and the client has root (or limited) access to the server
-The client is greated with a System Shell on the server
Generally the basic syntax to connect to a SSH server is
ssh user@ipaddress port
Where port is 22 by default, in most cases.
Generally the password is the user or admin password.
Let's give a closer look.
As today, most linux distributions have SSH installed by default.
In the example, we are using (well, that's kinda obvious) Kali Linux distribution.
To start the server you need to run the following command:
service /etc/init.d/ssh start
service ssh start
service ssh stop to stop the server
service ssh restart to restart the server
(or the aforementioned path instead of ssh)
To login to a SSH server:
ssh user@ipaddress eventualport
An example of each command is given in the picture below:
in the picture I connected to a Macbook which username was "user"
Eventually, the first time you connect Linux will ask you if you want to continue connecting. This is not random, be sure that you know what are you doing.
As you can see, the result is the terminal line, where we can run any Mac Unix Terminal command directly on he server, just like we were sitting in front of it.
Suppose you don't have SSH (the server part, Unix has terminal client by default). How to install it?
As you can see in the picture above, the SSH server is an OpenBSD distribution, which SSH service is called OpenSSH. You can download it from here:http://www.openssh.com
or use apt-get.
apt-get install openssh-server
and you need the client too:
apt-get install openssh-client
If you are running a Kali Linux Live OS the password for a Live Boot is "toor", else you have to use the sudo password.
Here's how it looks like to login in Linux SSH from a Mac terminal:
in the picture, the username on Linux distribution I had is "root"
On Mac, the setup part is much much simpler, go to
and enable remote login.
Logging in and from Mac pictures are shown in the above section.
As you may have understood, SSh is not built in windows by default, nor will be any time soon, but we have plenty of ways to install SSH servers and clients on Windows. You will probably recognize "Putty", as shown in some previous how-tos.
NOTE: I personally tried those two methods, and I'll tell below where I succeeded and where I failed. However, it does not mean that this is safe. I'm not saying that this is not, but I quite like disclaimers, you never know.
Back on Track (ehm ehm, was this the joke?), I recommend those two ways to setup a SSH server on Windows: FreeSSHd and OpenSSH port, but I'm only posting the first one as it is the only one that worked for me and the port seems very confusing and annoying to setup. If you have Cygwin you can run the ssh server with no problems.
FreeSSHd has a GUI, but it aims to be quite hidden.
Download it at:http://www.freesshd.com/?ctt=download (as always, be sure that nobody is eavesdropping on you and that the site is still being legit!).
Once you downloaded the freesshd.exe (installer), run it and go trough all the installation process.This is what you'll get:
At first, you don't have that little icon at the bottom right of the taskbar.
Once you run FressSSHd (here I have it on the desktop, but calling it by a batch script would be very cool), the little icon in the taskbar appears (again, you can hide that, to be even more stealth). If you click that, the GUI will show, something that looks like this:
Go in the "authentication" tab and make sure you check:
Password authentication: required
Public key authentication: disabled
After doing this, go to "Users" and click on Add:
In the "Login" field write the username we'll use to connect to the server.
In the Authorization menu choose "Password stored as SHA1 hash".
In the "Password" field write the password we'll use to connect later to the server.
Make sure you check all the three checkbox, but again: always make sure nobody is eavesdropping or MITMing on you!
Then login like shown multiple times above.
To shutdown the server, simply right click on the little icon and "unmount".
Here comes the client part.
Download Putty from here (I think you got the disclaimer part):http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
according to your windows version.
Once downloaded you can run the exe straight forward, this is the GUI:
I can say that this looks very nice and has tons of features, you'll enjoy it.
We are going to use SSH (Connection Type check box), but as you can see, it has more types.
Enter the ip address of the server in "Host Name" field, then click Open.
Enter the username and password:
logging in the same Mac as before, where username is "user"
There you go!
This saved the life of my iPhone many times.
If you have a jailbroken iDevice, you MUST have SSH access to it.
Generally OpenSSH is installed by Cydia when running it for the first time, but not always.
You can download OpenSSH by Cydia searching "Openssh", install the one from Telesphoreo Repo. Once installed, respring and it will always be running in background. Again, make sure you are completely safe, I don't have responsibility for what could happen if you install OpenSSH. You can login like this:
ssh root@ipaddress with default password "alpine".
And you can login in SSH servers with the "Mobile terminal application", which provides the ssh command.
If you are rooted, for this purpose you can use "SSH Server" and "JuiceSSH" respectively as server and client.
If you still want to know more, there are some programs which actually let you browse the files on the SSH server, practically "mounting" them, making downloading and uploading very easy.
Some examples are WinScp (Windows), CyberDuck (Mac), Nautilus (Linux) and, when speaking about iDevices, iFunbox (Mac but no SSH client, Windows, you can manage to let it work on Linux too).
I can't spend too many words on this, these programs are many but they work the same as seen before with Putty more or less, it's just a matter of GUI and even easier operations.
If you really need to know more about one of those programs, tell me in the comments and I'll edit the post, but now you should have enough knowledge about the topic to make things work properly.
So, you can obviously do this in Wan too, you just have to open the port 22 (by default) or the one you chose on your router (if you need specific help, feel free to ask).
EDIT: As CyberHitchHiker suggested, you should always change the port ,when possible, to something above 1000.
Today, experts may have noticed, I only talked about authentication trough password, which I think is enough, although there's another way to authenticate, with public keys, so if you want to know more just ask in the comments.
I strongly recommend you to always change default passwords (e.g. "alpine", which is a terrible error not to change) and always choose a very strong password if you are thinking to open you server to the wan. Follow OTW's recent demonstrations about how easy password cracking is, and also his advices on how to protect yourself from these attacks.
I'm very sorry for any eventual mistake I made in terms of grammar or concepts, please tell me if you found any, thanks.
Also, tell me if it'd be useful to have a cross platform GNU compiler how-to, I'll be pleasured to write it down.
Thanks for reading!
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.