How do you access a computer without physically having access to it? How can you execute commands from another computer? Secure Shell (SSH) is one of the first tools you should know for remote access control. It’s the bread and butter for security testing, digital forensics, and system administration professionals. Here’s what you should know to get started.
What is SSH?
Features of SSH
- Encryption
- Authentication with password and public/private keys
- Port forwarding through encrypted channels
- SFTC/SCP (secure file transfer via csp or sftp)
- Remote command execution and monitoring
- X11 forwarding (run graphical applications)
- Multiplexing (share one connection for multiple sessions via ControlMaster)
Authentication methods
SSH allows three types of authentication:
Passwords
Host-based
Key files and directories
As a quick reference, these are the files and directories that are relevant to SSH:
~/.ssh/id_rsa # Default private key (<a href="https://negativepid.blog/understanding-quantum-algorithms/">RSA</a>)
~/.ssh/id_rsa.pub # Corresponding public key
~/.ssh/authorized_keys # Lists allowed public keys for remote access
/etc/ssh/sshd_config # Server-side configuration
/etc/ssh/ssh_config # Client-side configuration (global)
SSH hardening tips
You can strengthen the security posture of your SSH authentication with the following tips:
- Disable root login (PermitRootLogin no)
- Use key-based authentication only (PasswordAuthentication no)
- Restrict user access (AllowUsers, DenyUsers)
- Use SSH key passphrases and agents
- Change default port 22 (for obscurity, not security)
- Enable fail2ban to mitigate brute-force attempts
- Enable logging and auditing of SSH sessions.
Common SSH Commands
# Connect to remote server
ssh user@hostname
# Connect with <a href="https://negativepid.blog/digital-worlds-and-second-chances/">identity</a> file
ssh -i ~/.ssh/id_rsa user@host
# Run a command remotely
ssh user@hostname 'uptime'
# SSH tunneling (local port forwarding)
ssh -L 8080:localhost:80 user@host
# Copy file via SSH
scp file.txt user@host:/remote/path/
# Upload public key to server (first-time setup)
ssh-copy-id user@host
How to deal with legacy keys
If you receive an error like the one below, the SSH server only offers legacy and deprecated key types (specifically ssh-rsa and ssh-dss). Still, your client does not accept them due to stricter security defaults in modern SSH clients (especially Openssh 8.8+).
Unable to negotiate with [<a href="https://negativepid.blog/how-to-regain-access-to-your-website-with-wp-cli/">IP</a>] port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
If you’re connecting to a legacy box (like a vulnerable VM for training—e.g., Metasploitable), and you trust the environment, you can override the restriction:
ssh -oHostKeyAlgorithms=+ssh-rsa user@host
# or allow both:
ssh -oHostKeyAlgorithms=+ssh-rsa,ssh-dss user@host
Alternatively, if you always connect to that server, you can implement a permanent fix:
# Edit the config file
nano ~/.ssh/config
# Add the following lines:
Host [Host IP here]
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
# For older boxes add:
HostKeyAlgorithms +ssh-rsa,ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
# Save the file and connect normally
ssh user@host
SSH common use cases
SSH can be used in several situations, but it’s beneficial in remote incident response (to access compromised systems to collect evidence or shut down services), pivoting (use compromised systems to jump into internal networks with agent forwarding), the secure management of headless devices (e.g., routers, IoT devices, Raspberry Pi), and the execution of automated scripts.
Alternatives to SSH
There are several alternatives to SSH, and their adoption against SSH will depend on the use case (secure remote file transfer, port forwarding, or remote scripting).
Some of these are Mosh (Mobile Shell), used for mobile or unstable connections, RDP/VNC for graphical remote access, Telnet (legacy protocol for remote login), and VPNs with remote desktop or command execution.
There are also remote execution frameworks, such as Ansible, SaltStack, Fabric, and Capistrano. For file syncing or scripting over raw sockets, you can use Netcat, Socat, and Stunnel. Common choices for file transfer are SFTP, SCP, and Rsync. Apache Guacamole is a popular web-based SSH client, used for jump boxes or remote management portals.
Finally, at the enterprise level, there are more modern and secure SSH replacements such as Tailscale (built on WireGuard), Teleport, and StrongDM.