Introduction As you are no doubt aware, reading this article, SSH is a common ,command line only, remote access protocol to virtually all non-windows devices. SSH is commonly used to administer or interact with servers, routers, embedded devices, and sometimes mobile phones. SSH is the protocol (RFC 4251), The de-facto implementation is OpenSSH, the OpenBSD project. Windows devices can run SSH, but Windows admins typically use RDP to administer machines because Windows Administration has historically required a GUI [1]. SSH Supports many modes of access including public key cryptography, one time passwords, and simple username/password authentication. Usename password authentication is vulnerable to brute force. A wide variety of tools support brute forcing ssh. Here, I will review three commonly used tools. Metasploit, Nmap and THC Hydra. Metasploit Metasploit is a commonly used commercial penetration testing platform that includes a broad spectrum of attacks and is incred