mainboard

SSH Intro

In the following text we will frequently use SSH and Secure Shell as synonyms. A complete SSH distribution also contains SCP (secure copy) and SFTP (secure ftp).

Commandline version

This applies basically to the Unix version of SSH. The SCP part also applies to some SCP variants for windows, which need to be run from the MS DOS Prompt (Command.com).

Basic usage

In oder to login into another computer just enter ssh name-of-the-remote-computer. You will see something like this:

user@computer:~> ssh ssh.physik.fu-berlin.de
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? yes
Host 'ssh.physik.fu-berlin.de' added to the list of known hosts.
user@ssh.physik.fu-berlin.de's password:

Digital UNIX VX.XX  (Rev. xxxx)
Welcome to ssh!

And then you are normally logged in. If you try to log in another time you won't see the second, third and fourth line since this data is now saved.

If you you have another username on the remote computer use the -l username option such as in: ssh -l myuser remote-computer.

You can also run programs remotely without loging in by running ssh remote-computer command-to-run options-to-the-latter. Example:

user@computer:~> ssh ssh.physik.fu-berlin.de cat /etc/motd
user@ssh.physik.fu-berlin.de's password:
Digital UNIX VX.XX  (Rev. xxxx)
Welcome to ssh!

user@computer:~> 

If you use SSH on another Unix computer (or more precisely with X11 running) you can run also any graphical program. Try for instance xclock. Since a lot of data is transfered in this case you need a powerful connection.

OpenSSH disables per default the X-forwarding so you need either to use the -X switch or add this to your .ssh/ssh_config file: ForwardX11 yes.

When you try to access one server you may see something like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: HOST IDENTIFICATION HAS CHANGED!         @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in $HOME/.ssh/known_hosts to get rid of this message.
Agent forwarding is disabled to avoid attacks by corrupted servers.
X11 forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)? 

This is usually caused by a new installation of the SSH software and you shouldn't worry too much. It may though be a man-in-the-middle attack. To get rid of this message edit .ssh/known_hosts and delete the line starting with the hostname causing this errors.

Using scp (secure copy)

Using sftp (secure ftp)

The currently installed OpenSSH and SSH version of the cluster doesn't ship with a sftp client. But you can use hsftp which looks like ftp but uses ssh and scp in the background.

Only our some FreeBSD computers do presently support SFTP as server. Use for instance jerry.physik.fu-berlin.de

The usage of sftp is more or less equivent to the command line ftp

Automate the login process: SSH-Agent

See TKI 2000-07

Windows' programs: PuTTY

To be done

SCP

The scp is not a graphical program but runs in the command line. Start it (Command.com, DOS Prompt) and start reading in the previous chapter about SCP in the commandline.

Windows' programs: SSH from SSH.com

To come.