Now that we understand the architecture and hardening of SSH, we need the tools to implement and audit it. While `ssh` in the terminal is the standard, a professional security engineer uses a suite of tools to verify that their hardening is actually working.
OpenSSH is the default implementation for almost all Linux/Unix systems. It's not just a client; it's a full suite including `ssh-keygen` (for keys), `ssh-copy-id` (for deployment), and `sshd` (the daemon). Mastery of the `~/.ssh/config` file is the difference between a manual admin and an efficient one.
๐ก Use the `~/.ssh/config` file to define aliases. Instead of `ssh -i ~/.ssh/id_rsa -p 2222 admin@10.0.0.5`, you can simply type `ssh prod-db`.
# Example ~/.ssh/config
Host prod-web
HostName 192.168.1.50
User admin
Port 2222
IdentityFile ~/.ssh/id_ed25519
ProxyJump jump-hostFor Windows users, PuTTY was the long-time king. It provides a GUI for managing sessions and keys (`.ppk` format). WinSCP is the standard for those who prefer a 'Drag and Drop' SFTP interface over the command line. However, most of these have been superseded by the native OpenSSH client now built into Windows 10/11.
โ ๏ธ Be cautious when importing private keys into third-party GUI tools. Ensure the tool stores the key in a secure, encrypted format and not in a plain-text temporary file.
| Tool | Primary Use | Format | Platform |
|---|---|---|---|
| OpenSSH | Everything | OpenSSH Key | Cross-platform |
| PuTTY | Session Mgmt | PPK | Windows |
| WinSCP | SFTP/GUI | OpenSSH/PPK | Windows |
| Termius | Multi-device Sync | Cloud/Local | Cross-platform |
How do you know if your `sshd_config` is actually secure? You use `ssh-audit`. This tool connects to the server and analyzes the Kex, Ciphers, and MACs. It flags everything that is 'Weak', 'Deprecated', or 'Vulnerable' based on current security standards.
Many 'free' SSH clients from unknown sources contain malware or key-loggers. Always use official, open-source, or widely trusted software.
Verify exercises to earn โ 160 XP and unlock next lab level.