Department of Computing | Imperial College |
Using SSH |
SSH (Secure SHell protocol) provides secure encrypted communications between two untrusted hosts over an insecure network.
We have had experience of, or recommendations for, the following:
Typical usage:
scp yourusername@texel13.doc.ic.ac.uk:filename .
The information below is just a summary of Kimmo Suominen's Getting Started document. Also see the manual page for ssh-keygen.
Type ssh-keygen to create an authentication key for yourself. Always, always, type in a good pass-phrase when prompted for one. It can be multiple words (i.e. spaces are just fine within the phrase), so you could choose a sentence that you can remember. Changing some of the words by misspelling them or by changing some of the letters into digits is highly recommended to increase the strength of your pass phrase. You can change your pass phrase by using ssh-keygen -p at any time.
Then type cp ~/.ssh/identity.pub ~/.ssh/authorized_keys to make an authorised keys file including your new key. You can later add more keys to this file using a text editor, eg for home machines, or other machines outside the department.
Make sure the permissions in your .ssh directory are as follows:
drwxr--r-x 3 1024 Jul 22 17:05 ./ -rw-r--r-- 1 597 Jan 22 2002 authorized_keys -rw------- 1 736 Jan 22 2002 id_dsa -rw-r--r-- 1 597 Jan 22 2002 id_dsa.pub -rw-r--r-- 1 157991 Sep 12 16:48 known_hosts -rw------- 1 512 Jun 27 2002 random_seed
ssh will not work if permissions are set in a way that could compromise security. Use ssh -v host to get diagnostic information if there are problems.
You can use slogin or ssh to log into another machine. To run an xterm you can type:
ssh -f shell1 'xterm'The -f option says run as a background process. You will be prompted for your passphrase.
If you have two accounts that you wish to copy files between, you can use either scp or rsync -e ssh, both of which use ssh to make the connections. See the man pages for more information.
If you want to avoid retyping your passphrase if you log in a lot, type ssh-agent $SHELL and then ssh-add which will prompt you for your passphrase. This will then allow any process spawned from this shell to use ssh without passwords. This lasts until you exit from the shell or type ssh-add -D to delete the identities. See the man pages for more information.
© CSG / 2002 |