🔐 OverTheWire Bandit Level 0: SSH Connection Basics and Getting Started

Welcome to the first walkthrough in our OverTheWire Bandit series. If you're reading this, you're probably new to cybersecurity, Linux, or both. That's perfectly fine—Level 0 is designed for complete beginners.

Level 0 isn't really a challenge. It's more like a tutorial that teaches you the most fundamental skill you'll need for every other level: how to connect to a remote server using SSH.

By the end of this post, you'll understand:

What SSH is and why it matters
How to connect to OverTheWire servers
How to manage passwords efficiently
Essential terminal tips for beginners
Security best practices

Let's get started.

🎯 The Objective

Level 0 teaches you how to connect to a host using SSH (Secure Shell). SSH is how you'll access every OverTheWire machine, and it's a skill you'll use constantly in cybersecurity work.

What you'll learn:

Basic SSH connection syntax
How to handle passwords securely
Terminal navigation basics
Workflow tips for working through multiple levels

What you won't find: This level doesn't have a hidden flag or puzzle to solve. It's pure setup and learning.

🔍 What Is SSH?

SSH stands for Secure Shell. It's a protocol that lets you securely connect to remote computers over a network. Think of it like a secure tunnel between your computer and a server.

Why SSH matters:

Security — All communication is encrypted
Remote access — You can control servers from anywhere
Essential skill — Every penetration tester and sysadmin uses SSH daily

When you SSH into a server, you're essentially opening a command-line interface on that remote machine. Everything you type runs on the remote server, not your local computer.

🚀 Connecting to OverTheWire Bandit

Step 1: Open a Terminal

First, you need a terminal (command prompt). Here's how to get one:

Windows: Use PowerShell or install Windows Terminal. You can also use WSL (Windows Subsystem for Linux) or Git Bash.
macOS: Open Terminal (Applications → Utilities → Terminal)
Linux: Open your terminal emulator (usually Ctrl+Alt+T)

Step 2: Understand the SSH Command

The basic SSH command structure looks like this:

ssh username@hostname -p port

Let's break that down:

ssh — The command to start an SSH connection
username — The account you want to log in as
@hostname — The server you're connecting to
-p port — The port number (SSH uses port 22 by default, but OverTheWire uses 2220)

Step 3: Connect to Bandit Level 0

For OverTheWire Bandit Level 0, use this command:

ssh bandit0@bandit.labs.overthewire.org -p 2220

What this does:

Connects to bandit.labs.overthewire.org
Uses port 2220 (not the default port 22)
Logs in as user bandit0

When you run this command, you'll be prompted for a password. The password for bandit0 is bandit0 (yes, it's the same as the username).

Type the password and press Enter. Note: When you type the password, nothing will appear on screen—this is normal for security reasons. Just type it and press Enter.

💡 Password Management: A Better Way

Typing passwords manually gets old fast, especially when you're working through 34 levels. Here's a more efficient approach:

Store Passwords in Files

Create a file for each level's password. This makes it easy to reuse passwords and keeps your workflow smooth.

On Linux/macOS:

echo "bandit0" > bandit0

On Windows (PowerShell):

"bandit0" | Out-File -FilePath bandit0 -NoNewline

This creates a file called bandit0 containing the password. You can do the same for each level as you progress.

Using sshpass for Automation

sshpass is a tool that lets you pass passwords to SSH non-interactively. This saves you from typing passwords every time.

Install sshpass:

Linux: sudo apt-get install sshpass (Debian/Ubuntu) or sudo yum install sshpass (RHEL/CentOS)
macOS: brew install sshpass
Windows: Install via WSL or use PowerShell alternatives

Using sshpass:

sshpass -p `cat bandit0` ssh bandit0@bandit.labs.overthewire.org -p 2220

What this does:

sshpass -p — Tells sshpass to use a password
`cat bandit0` — Reads the password from the bandit0 file (backticks execute the command and use its output)
The rest is your normal SSH command

Pro tip: Use the regular SSH command first to set up initial settings (like accepting the host key), then switch to sshpass for speed.

📋 What Happens When You Connect

Once you successfully connect to Level 0, you'll see a welcome message with important information:

Etiquette and rules — Read these carefully
Tips and tricks — Helpful hints for the rest of the game
Working directories — You can use /tmp/<your-name> for temporary files
Cleanup reminders — Always clean up after yourself

Important: Read the welcome message. It contains valuable information that will help you throughout the game.

🛠️ Essential Terminal Basics

Since you're new to Linux, here are some basic commands you'll need:

pwd — Print working directory (shows where you are)
ls — List files in current directory
ls -la — List all files including hidden ones (the -la flags show details)
cd — Change directory
cd ~ — Go to your home directory
cd .. — Go up one directory level

File Commands

cat filename — Display file contents
less filename — View file with pagination (press q to quit)
head filename — Show first 10 lines
tail filename — Show last 10 lines

Getting Help

man command — Show manual page for a command (e.g., man ssh)
command --help — Show help for a command (e.g., ssh --help)

Pro tip: If you're ever stuck, Google is your friend. Search for "linux command [what you want to do]" and you'll usually find the answer.

🔒 Security Considerations

Even though you're learning, it's important to understand security best practices:

Password Storage

What we're doing here (storing passwords in plain text files) is ONLY acceptable because:

These are practice passwords for a learning environment
The passwords are already public (they're part of the game)
You're not storing real credentials

In real-world scenarios:

Never store passwords in plain text files
Use password managers (like Bitwarden, 1Password, or KeePass)
Use SSH keys instead of passwords when possible
Follow your organization's credential management policies

SSH Keys vs. Passwords

In professional environments, SSH keys are preferred over passwords because:

They're more secure (no password to guess or steal)
They're more convenient (no typing passwords)
They can be easily revoked if compromised

For OverTheWire, passwords are fine since it's a learning environment. But know that SSH keys exist and are the industry standard.

🎓 Understanding the Workflow

Here's how the OverTheWire Bandit game works:

Connect to Level 0 — Learn SSH basics (you're here!)
Find the password — Each level has a password hidden somewhere
Use that password — Log into the next level
Repeat — Each level teaches new concepts

Example workflow:

Level 0 password: bandit0 (you use this to connect to Level 0)
Find Level 1 password while connected to Level 0
Use Level 1 password to connect to Level 1
Find Level 2 password while connected to Level 1
And so on...

💻 Platform-Specific Notes

Windows Users

If you're on Windows, you have a few options:

PowerShell — Works, but some commands differ
WSL (Windows Subsystem for Linux) — Recommended if you want a Linux-like experience
Git Bash — Good alternative that includes many Linux commands
Virtual Machine — Run Linux in a VM (VirtualBox or VMware)

For sshpass on Windows:

Install via WSL, or
Use PowerShell alternatives, or
Just type passwords manually (it's slower but works)

macOS Users

macOS is Unix-based, so most Linux commands work the same. You might need to install some tools via Homebrew (brew install).

Linux Users

You're all set! Everything should work out of the box.

🚨 Common Issues and Solutions

"Permission denied (publickey)"

Problem: SSH is trying to use key authentication instead of password.

Solution: Make sure you're using the -p 2220 flag and that password authentication is enabled. Try: ssh -o PreferredAuthentications=password bandit0@bandit.labs.overthewire.org -p 2220

"Host key verification failed"

Problem: The server's host key has changed or you've connected before.

Solution: Remove the old key: ssh-keygen -R [bandit.labs.overthewire.org]:2220

"Connection refused" or "Connection timed out"

Problem: Can't reach the server.

Solution:

Check your internet connection
Make sure you're using port 2220 (not 22)
Try again—OverTheWire servers can be busy

Password Not Working

Problem: Typed the password but it's not accepted.

Solution:

Make sure you're typing bandit0 exactly (case-sensitive)
Check that you're connecting to the right level
Try copying and pasting the password if you're unsure

🎯 What's Next?

Once you've successfully connected to Level 0, you're ready for Level 1—your first real challenge!

Level 1 will teach you:

How to list files (ls)
How to read file contents (cat)
Finding passwords hidden in files

But first, make sure you:

✅ Successfully connected to Level 0
✅ Read the welcome message
✅ Understand how SSH works
✅ Know how to store passwords efficiently

📚 Key Takeaways

Before moving to Level 1, make sure you understand:

SSH basics — How to connect to remote servers securely
Password management — Storing passwords in files for efficiency
Terminal navigation — Basic commands like ls, cd, cat
Workflow — How the Bandit game progresses level by level

Remember: Level 0 is about learning the fundamentals. Don't rush through it. Understanding SSH and terminal basics will make every other level easier.

🔗 Additional Resources

SSH Manual Page — Complete SSH documentation
OverTheWire Bandit Page — Official game page
Linux Command Line Basics — Ubuntu's beginner guide
SSH Key Setup Guide — Learn about SSH keys (for future reference)

Questions about SSH or Level 0? Reach out directly:

Email: m1k3@msquarellc.net
Phone: (559) 670-3159
Schedule: Book a free consultation

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice

OverTheWire Bandit Level 0: SSH Connection Basics and Getting Started