The keyword in anonymity networks like Tor and I2P is “anonymity,” is it not? Unfortunately, none of these networks, by themselves, provide full anonymity.
As many users of Tor, I2P, and other networks know, it helps to take additional steps to ensure privacy. One out of many methods you can use is SSH (Secure Shell or Secure Socket Shell), which is a cryptographic network protocol that allows administrators to access a computer remotely.
Why use it? Just as users of darknet markets or email services like SIGAINT might encrypt messages with PGP, SSH helps to provide a secure channel over an unsecured network. SSH uses public-key cryptography to authenticate remote computers, and can also authenticate the user, if need be.
Nevertheless, even messages encrypted with SSH can be decrypted, so don’t go thinking that it makes you invincible.
I’m going to discuss six different SSH clients here, but as with the Linux distros I wrote about previously, which one is best may be a matter of personal preference.
NOTE: GNU/Linux systems include the OpenSSH standard by default. It is one that I’ve included here.
PuTTY is a free implementation of Telnet and SSH for Windows and UNIX systems. (As Lex in Jurassic Park would say, “It’s a UNIX system…I know this!”) It also includes the xterm terminal emulator, which is somewhat like the Bash Unix shell.
PuTTY consists of a number of mechanisms, including:
- PuTTY, the Telnet, rlogin, and SSH client
- PSCP, a secure file copy
- PSFTP, an SFTP client
- PuTTYtel, a Telnet-only client
- Plink, a command-line interface for the back-ends
- Pageant, an SSH authentication agent
- PuTTYgen, an RSA and DSA key generator
- pterm, a standalone terminal emulator
The links above provide quite a bit more detail than I can include here! If you haven’t used it before, your big question may be, “What can you do with it?” All of the protocols included with PuTTY give you the ability to run a remote session on a computer over a network. PuTTY (and other programs like it) implements the client end of the session.
While many other similar programs exist, PuTTY is one of the “classic” ones. It’s very configurable, and is also consistently being updated with security patches.
PuTTY can be used on Windows systems (oh, it’s the dreaded “W” word!), but if you only use Windows, it’s not ideal. Besides, if you’re using Windows, what are you doing on the dark web anyway? PuTTY works best for interfacing between systems of different types (e.g. Windows and UNIX OS’s).
If this is your first time using it, PuTTY may take some trial-and-error to learn. Nevertheless, it’s still considered to be one of the best SSH and remote login clients.
For those who would like to explore PuTTY in more detail, visit their homepage (linked to above). If you’d like to go into the nitty-gritty of how it works and how to use it, visit the documentation page.
OpenSSH is, in their words, “…the premier connectivity tool for remote login with the SSH protocol.” It’s the brainchild of a few developers of the OpenBSD Project. While I’m sure all developers would like to call their apps “the premier,” what makes OpenSSH so great?
Like PuTTY, OpenSSH offers a number of tools for secure remote communications:
- Its service side entails an SFTP-server, SSH agent, and SSHD.
- Remote operations with SSH, SCP, and SFTP.
- Key management using ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
Not familiar with those? The documentation in the links should get you up to speed.
In the mind of OpenSSH’s creator, Theo de Raadt, all operating systems should include support for the SSH protocol.
OpenSSH is a completely open source project. What’s the reasoning behind this? The creators believe that, through the process of code review, bugs can easily be found and rectified by anyone – as a result, the code will be more secure.
It may initially seem a little more complex than PuTTY, but with a bit of practice, it will become second nature (I promise!).
MobaXTerm is an enhanced terminal for Windows (yes, I said the “W” word again) that allows for the advanced features of a Unix-like system.
It features a number of remote network tools, like SSH, X11, FTP, and MOSH, and Unix commands (e.g. bash, ls, cat, etc.).
MobaXTerm seems relatively easy to use, though I confess that I have limited experience with it. For the curious, here’s a video demo to give a better idea of the interface: MobaXterm Xserver demo.
Not unlike PuTTy and OpenSSH, MobaXTerm gives you the ability to launch remote sessions. You have the option to generate SSH, Telnet, Rlogin, RDP, VNC, XDMCP, FTP, SFTP, or Serial sessions.
One advantage that Moba has over its competitors is its graphical SFTP browser. If you login to a remote server in an SSH session, the browser pops up in the left sidebar, and makes it simple to drag and drop files from the remote server. Whether or not you like this sort of interface is a matter of personal preference, of course! Those who are accustomed to the Bash Unix shell might find the GUI to be unnecessary.
If MobaXTerm interests you, they have a free version with limited functionality available at their site: MobaXTerm free trial. The free version includes a full X Server with SSH support, remote desktop, and remote terminal, among other features.
The “professional edition” is available for $69 (or €49) per user. It includes all the features of the basic version, plus the ability to customize your startup message, an unlimited number of sessions, unlimited number of tunnels and macros, and other features.
Now, I’m not trying to be one of their sales reps here; many of the other remote terminal apps can be installed for free, so personally, I would go with those.
I confess that, as a cat person, the name of this one got my interest. KiTTY is a fork from version 0.63 of PuTTY, developed by the mysterious “Cyd.” Even their homepage, however, praises PuTTY as “the best telnet / SSH client in the world.”
What, then, is the difference between the two?
KiTTY builds off of the original PuTTY code and adds more features, including:
- Auto-fill password
- Automatic commands
- Running locally saved scripts on a remote session
- Icons to define each session
- Protection against accidental keyboard input
- ZModem (patch from LePutty) integration
Once again, I have limited experience with KiTTY, but because it’s based on PuTTY, I’m inclined to think that it has many positive attributes.
It seems to have a few bugs, but what software doesn’t? It occasionally crashes, and some users have reported that features like the ZModem don’t work. This may not be your experience, however!
For you developers out there who want to help improve KiTTY, their source code is available on sandbox: KiTTY. Aw, fork it.
iTerm2 is a terminal emulator for OS X; it’s the successor to the original iTerm.
While it’s more than just an SSH Client, that is one of its many features. A few other sexy characteristics it offers are:
- Split panes
- A hotkey window
- A search feature
- Paste history
…and others as well! iTerm2 seems to be a good middle ground between the user-friendly GUI of MobaXTerm, and the bare-bones approach of OpenSSH or PuTTY. Once again, it depends on what you’re used to, and what you prefer.
I would recommend this one to either a beginner with command-line interfaces, or someone who wants to have the positive attributes of both a GUI and a CLI. (I would not recommend it to anyone who wants to create a GUI interface using Visual Basic to track an IP address.)
As always, some have had various criticisms of it, but because you can customize the code to your liking, many of these errors can be fixed.
For example, you can launch user-defined scripts from the “Scripts” menu, if they’re stored under the ~/Library/Application Support/iTerm/Scripts directory. If this directory doesn’t exist, you can create it. iTerm2 checks this directory on startup, so any changes you’ve made will be applied. The scripts must be named with the extension .scpt or .app.
Speaking of which, iTerm2 is also open source; fork it on Github at gnachman/iTerm2.
Lastly, let’s take a look at mRemoteNG. It’s a fork of mRemote, a discontinued multi-tab remote connections manager, created by Felix Deimel.
As with PuTTY and KiTTY, mRemoteNG adds new features and bug fixes to the original project. It supports similar protocols to many other SSH clients as well:
- RDP (Remote Desktop/Terminal Server)
- VNC (Virtual Network Computing)
- ICA (Citrix Independent Computing Architecture)
- Raw Socket Connections
Like MobaXTerm, mRemote allows you to run SSH, RDP, etc. under one window, which already makes it simple to use. It features a menu called “Quick Connect,” through which you can access the various types of connections.
The connections can be tabbed, so it’s very straightforward to switch back and forth between them. It was a bit like connecting to the Tor network through Whonix or Tails: you have the option of either a CLI or a GUI, so it’s the best of both worlds!
Those are the basic features, but for developers, there are plenty of opportunities to contribute to the project as well. Visit mRemoteNG: Development Resources to see how you, as a developer, can give them a hand.
Which Would You Choose?
Good question. As I discussed in A Few Linux Distros for Dark Web Explorers, which one of these clients is “best” is a matter of experience and personal preference.
PuTTY and OpenSSH have been around longer than many of the others, but some of the newer releases have extra features, or are more user-friendly.
There may, however, be different bugs and/or security holes in each of these, which could ultimately make up the difference.
So get out there – and stay secure, my friends.