1,885
edits
Changes
SSH
,no edit summary
[[Category:SPO600]][[Category:SBR600]][[Category:DPI908]][[Category:Linux]]
SSH is the ''Secure Shell'', a powerful encrypted communication tool. This page contains some basic information about the use of SSH.
= SSH Software =
|Windows||Putty||Free and open source SSH client.
|}
= Using SSH for a Text-Based Connection =
|-
| -i ''identityfile''||Specifies the private key file to be used (default: all private keys in ~/.ssh)||ssh -i ~/.ssh/id_dsa ''user''@''host''
|-
| -p ''portnumber''||Connect to the TCP/IP port ''portnumber'' rather than the default SSH port 22.
|}
== Examples ==
* Like above, with compression: <code>ssh -C kim@winter</code>
* Run <code>df -h</code> on the remote system, and display the graphics on the local computer: <code>ssh -XC kim@winter firefox</code>
= Using SSH for a Graphical Application (X11 Tunnelling) =
To enable this, add the <code>-X</code> or <code>-Y</code> options to your command line. The difference between -X and -Y is that (ideally) the -X option will prevent certain advanced types of access which are not required by most graphical programs and which may present a security vulnerability, such as taking a screenshot of your desktop.
== Example ==
The arguments have the same meaning, but are executed one the opposite hosts, so the tunnel listens on the server and communicates to the destination through the client system.
== Examples ==
SSH provides two mechanisms for file transfer: ''scp'' and ''sftp''.
== scp - Secure Copy ==
The ''scp'' command functions like the normal Unix/Linux copy (cp) command, but accepts a hostname (and optional user ID) prepended to a filename for copying to/from remote systems:
scp [-P ''port''] [''user''@]''host'':''sourcefilename'' [''user''@]''host'':''destinationfilename'' The options are the same as for the ssh command, except that to specify a port number, use <code>-P</code (capital) instead of <code>-p</code> (lowercase).
=== Examples ===
* Copy the file <code>/etc/hosts</code> from this computer to the <code>/tmp</code> directory on the computer ''ireland'': <code>scp /etc/hosts ireland:/tmp</code>
* Copy the file <code>test.tar</code> from the home directory of the user ''chris'' on the computer ''ireland'' to the current directory: <code>scp chris@ireland:~/test.tar .</code>
== sftp - Secure FTP ==
At which point you can use any standard FTP command.
=== Example ===
* Open a secure FTP connection to the account ''john.doe'' on the server ''matrix.senecac.on.ca'': <code>sftp john.doe@matrix.senecac.on.ca</code>
== Graphical File Management over SSH ==
Although SSH can be used with passwords, a sysadmin may need to initiate hundreds of SSH connections a day, and typing passwords that often is tedious. SSH therefore permits authentication using public and private keys.
== Background: Public Key Cryptography ==
See [[Public Key Cryptography]] for an overview of how this technology works.
== Using Public Keys with SSH ==
=== Creating a Public/Private Key Pair ===
#** <code>~/.ssh/id_rsa.pub</code> - your public key
{{Admon/tip|Key Type and Length|ssh-keygen can generate two types of keys: rsa and dsa. Either type serves the same purpose, and can be generated with varying key lengths. The longer the key, the more difficult it is to break the key by guessing it (trying successive values until the right key is found) - each bit added to the key doubles the number of possible key values. Key lengths of 1024-4096 bits are considered reasonably secure; as computers become faster, key lengths should be increased.}}
=== Sending the Public Key to a Remote System Administrator ===
{{Admon/important|SPO60 Student Keys|For [[SPO600]] students, please follow [[SPO600 Servers|these instructions]] to send your keys to your professor.}}
=== Setting up Public Key Authentication on Two Machines ===
# Append the public key to the file <code>~/authorized_keys</code>
#* Set the permission on <code>~/authorized_keys</code> to 0600
== Disconnecting from and Reconnecting to a Login Session ==
