SSH (Secure SHell)

Contents


What is SSH?

SSH is an acronym for Secure SHell. It is an encrypted connection technology that relies on public key encryption technologies to encrypt your connections to and from machines, including the passwords and usernames.

The ssh command is a secure replacement for rsh and rlogin while the scp command is a secure replacement for rcp. For more information on these commands please check the man pages for them on the public machines. Note that the SSH clients such as ssh and scp do not require a .rhosts file. Learn to rely on these commands for all your connections.

SSH, like many services, consists of two parts: clients and servers. The client is the program that you execute to connect to another machine. The server is the program that is constantly running and answers connection requests from another machine. You don't need the server on your machine if you only want to connect to another machine using ssh. However, if you want to connect to your machine from another, then your machine must be running the server as well.

Back to the top of page


SSH on Astronomy Computer Systems

All connections to these machines must be done through the secure shell (SSH) protocol. All of these machines (with the exception of pandora which will be upgraded soon) employ the SSH-1 protocol for connections that employs public-key encryption technology. For more information on the SSH standard click here. Please note that this encryption technology is subject to US export control restrictions.

Back to the top of page


Where can I get SSH?

Because the binaries are subject to US export restrictions we cannot give them away on a web server. You can buy them from a commercial SSI provider, find binaries from sites outside the USA, or you can obtain the source code for SSH via ftp from the Helsinki University of Technology at ftp://ftp.cs.hut.fi/pub/ssh.

Back to the top of page


How do I install SSH on my machine?

If you are interested in installing SSH on your home machine here is some info that you may find helpful for both Linux, Windows, and Macintosh platforms:

Installation of SSH clients on UNIX systems

The clients are fairly easy: Download ssh-1.2.27.tar.gz tar ball from the ftp site listed above. Also download the ssh-2.0.13.tar.gz tar ball. Note that SSH-1 and SSH-2 are not fully compatible. Therefore I reccomend installing both. Not all machines support the SSH-2 protocol yet and you still need to install SSH-1 in order for the SSH-2 clients to be backward compatible. Then untar the tar ball. Edit the makefile to indicate where you want the clients installed; usually /usr/local is agood choice. Type "make". Watch it build. Type "make install". Watch the install occur. Congratulations you are done!

Future instructions will be posted here on how to install the server which is platform dependent.

Back to the top of page

Installation of SSH clients on Windows & Macintosh systems

A free SSH client that contains and "scp" executeble is now available for Windows. This set of clients is called "Putty" and is available on the web at http://www.chiark.greenend.org.uk/~sgtatham/putty/ .

The installation of these clients is fairly easy. Download the Putty package (currently varsion beta-0.49 is available) into a temporary folder on your machine. Unpack Putty by running the downloaded executeable. Create a new directory where you will put the executable programs, such as C:\PUTTY. Copy the "putty.exe" and "pscp.exe" executables into the C:\PUTTY directory. Congratulations! You are done!

To run the Putty "ssh" executable just click on it. I reccomend putting a shortcut to it on your desktop. Type in the name of the machine you wish to connect to in the "Host Name" box, and then click on "SSH" to select the connection protocal. Then click on "Open" and a new window will pop up and prompt you for your username and password for the ssh connection. The first time you connect to each new machine you will see a prompt asking you if it is OK to add the machine to the database. You can safely say "yes" to this. If you say "no" you will get this prompt every time you connect. Otherwise, after typing your name and password you should be connected to the other machine via SSH.

To run the scp executable just start up a MS-DOS Prompt Window. "pscp" can then be executed as you would do it on a Unix machine. For example, to copy over a file named "from_file" owned by user "astro" on machine "vulcan" to a file named "to_file" on your windows machine, you can say

C:\PUTTY\PSCP.EXE astro@vulcan:from_file to_file.

As on a Unix machine, you will be prompted for the password for user "astro". At present, the pscp client can only be run in a MS-DOS command line mode. Hopefully future revisions of this software will include a GUI for pscp. You can also add C:\PUTTY to your path in the C:\AUTOEXEC.BAT file so that you can just type pscp instead of c:\putty\pscp.exe.

There are a number of other free and commercial SSH clients available for Windows and Macintosh machines. Links to these clients can be found from the RHIC SSH clients page. The instructions for the installation of these clients are usually contained with the distribution file. Read the instructions thouroughly before you attempt to install these to your Windows platform. Please note that most of the free packages only support the "ssh" client and not the "scp" client. There is one command line package that supports "scp". More information about this package, including a link to a site where a binary version can be downloaded, can be found is available by clicking on this link

Back to the top of page


How do I use SSH?

Here are some examples of using SSH:

Example: Logging in with SSH

Suppose that you are logged in as user "phyics" on sbastd and that you want to log in as user "astro" on vulcan using SSH. In order to do this you would simply type:

ssh -l astro vulcan

You will be prompted for your password which will be sent encrypted to vulcan. In fact, your entire session on vulcan will be encrypted!

If you are already logged in as "astro" on sbastd then there is no need to specify the user; SSH will assume the same username. You can simply omit the "-l astro" and type:

ssh vulcan

Again, you will be prompted for your password on vulcan which may not be the same as the password that you have set on sbastd. For more info on the ssh command check out the man page.

Back to the top of page

Example: Copying with SSH

Using scp is just as simple as using rcp. Suppose that you want to copy the file "foo.bar" from user "astro"'s account on vulcan to "data.dat" in your account on sbastd. This is easy:

scp astro@vulcan:foo.bar data.dat

As with the ssh command you will be prompted for a password. Simply type it in and watch the trabsfer occur. scp will display a status line indicating how much of the copy has been completed. This is a nice feature if you are copying large files and you want to keep an eye on the progress of the copy.

As with ssh if you are already logged into sbastd as "astro" you can omit "astro@" from this command:

scp vulcan:foo.bar data.dat

Now lets look at the reverse operation: If you want to copy "foo.bar" from your machine to a file named "newdata.dat" in the astro account on vulcan then use:

scp foo.bar astro@vulcan:newdata.dat

If you are logged into sbastd as "astro" you can shorten this to:

scp foo.bar vulcan:newdata.dat

OK, so what about pathnames on the machine that you are copying to? The pathname can either be relative to the users home directory as in the examples above or it can be absolute. Let's look at a couple of examples:

Suppose, as in the previous example, that you are logged into sbastd as "astro" and that you wanted to copy "foo.bar" into user astro's account on vulcan. But let's further suppose that you want the file to end up in "astro"'s subdirectory "astrodat" which resides in their home directory. Here is how to do it:

scp foo.bar vulcan:astrodat/newdata.dat

But instead, lets suppose that you wanted the file to end up in the directory "/scratch_b1/astro_old" which is either owned by astro or in which "astr" has write permission. No problem:

scp foo.bar vulcan:/scratch_b1/astro_old/newdata.dat

As you can see, this is almost identical to the way that you would employ the cp command to copy files. Other than the prompt for a password this looks entirely the same as rcp and it's secure! Check out the man page for scp for more info.

Back to the top of page

Example: Remote Execution with SSH

Another useful aspect of the ssh command is it's ability to remotely execute a command on another machine running SSH. A simple example illustrates how: Suppose that you are at home in the wee hours of the morning and a sudden urge overcomes you to see if your grad student is working away on the machine vulcan. You would like to be able to "finger" vulcan to see who is logged on. Here's how to do it (assuming that you have the ssh client installed on your machine at home):

ssh -l your_username vulcan finger

And now suppose you want to see what processes they are running. You would like to execute a "ps ax" command. Try this:

ssh -l your_username vulcan 'ps ax'

Basically, ssh can be used to execute any command that you would normally have access to on vulcan.

For more info on the remote execution aspect of ssh check out the ssh man page.

Back to the top of page