 |
|
||||||||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
|
|||||||||||||
|
|
||||||||||||||||||||
|
|
||||||||||||||||||||
|
|
||||||||||||||||||||
SSH Under Unix
Q1. How do I use ssh?
Q2. Isn't there some way to use ssh without having to enter
my password?
Q3. How do I use ssh-agent?
Q4. How do I use scp within the department, say from my
home directory to editwww?
Q5. How do I use scp from a system with OpenSSH to a department
host?
Q6. Are there any problems using OpenSSH to connect to the
department?
Q7. How do I remote display from sparky or the ug lab back
to my desktop with ssh?
Q8. Are there any other common problems using SSH under
Unix?
Q1. How do I use ssh?
Use the command "ssh hostname"
in place of "rlogin hostname"
or "telnet hostname", for
example,
"ssh compserv1" or "ssh
sparky.ic.sunysb.edu -l your_sparky_username"
Enter your password at the prompt. Your password and all further traffic
is automatically encrypted by ssh. If you get back "Command not found",
make sure /usr/local/bin is in your path.
Q2. Isn't there some way to use ssh without having
to enter my password?
Run the command ssh-keygen.
You will see a status message as ssh generates an encryption key pair
for you. When you see the prompt
Passphrase:
enter an easy to remember string. Ssh will generate public and private
keys for you and save them to ~/.ssh2.
Now create an "identification" file in your .ssh2 directory with the following
command:
echo "IdKey id_dsa_1024_a" >
identification
Finally create an authorization file in your .ssh2 directory:
echo "Key id_dsa_1024_a.pub" >
authorization
Now you will be able to use ssh between hosts in the department without
having to enter your password. You will have to enter your passphrase
for each connection, to further simplify your ssh connections please see
Q3 below, how to use ssh-agent.
Q3. How do I use ssh-agent?
Ssh-agent is a program that stores your authentication keys, and then
handles the authentication exchange thereafter. To start it use:
ssh-agent csh (or whichever
shell you use)
followed by:
ssh-add
which will load it with your default key. You will need to enter your
passphrase once only (and it is not transmitted over the network in this
case). Hereafter any ssh connections you make from this instance of the
shell will be completely transparent to you, even to multi-hop remote
machines.
Q4. How do I use scp within the department, say
from my home directory to editwww?
Use scp2 with the department or from the department to any host which
also runs scp2.To transfer files from your local host to a remote host:
scp2 <filename> username@hostname:fullfilename
Ex: scp2 index.html user@editwww:public_html/index.html
To transfer files from a remote host to your local host:
scp2 username@hostname:fullfilename
<filename>
Q5. How do I use scp from a system with OpenSSH
to a department host?
You must use scp and it must be run from the OpenSSH system.To transfer
files from the OpenSSH system to a department host:
scp <filename> username@host:fullfilename
To transfer files from the department host to the OpenSSH system: (Note: this command must be run on the OpenSSH system)
scp username@host:fullfilename
<filename>
Q6. Are there any problems using OpenSSH to connect
to the department?
OpenSSH v2 and Commercial SSH v2
The Commercial (Fsecure) SSH v2.3 has a key retransmission feature which
regularly verifies the client/server connection (the default is every
1 hour). OpenSSH doesn't support or understand this part of the protocol
and a OpenSHH v2 client will be dropped by the Fsecure SSH2 server after
1 hour. Your options are:
Get the non-commercial Fsecure client
Connecting with a commercial Unix SSH v2 client to a Unix/Linux OpenSSH v2 server requires
- Either put: RekeyIntervalSeconds
0
in your $HOME/.ssh2/ssh2_config file (where time=0 is infinity/never re-exchange keys after the login) - On the command line ssh [-l
login_name] -o 'RekeyIntervalSeconds 0' <host>
NOTE: The single quotes are MANDATORY. The command line options will override ALL other config files (personal/system wide).
Sample ssh2_config file would look like this:
*:
RekeyIntervalSeconds 0
Please see the ssh2_config manpage at http://www.cs.sunysb.edu/documentation/index.html for more information about this and other options.
Q7. How do I remote display from sparky or the
ug lab back to my desktop with ssh?
When you make a connection using ssh it automatically sends any X connections
over the encrypted channel back to your own workstation, i.e. without
doing anything further any X application you launch will display on your
local machine. Do not set the DISPLAY environment variable and do not
use the xhost command, neither is necessary.
By default X11 forwarding is enabled in most versions of ssh. If this is not working for you from your external host try adding the "+x" option to force X11 forwarding on. You should not be setting your display environment variable by hand or in any startup files.
If this is not working for you from any host within the department please send mail to WREQ.
Q8. Are there any other common problems using SSH under Unix?
SCP
If you have an alias in your .cshrc for scp on a target (scp to) system
the alias will be executed (and arguments passed to the alias for scp)
when you try to secure copy. We recommend against aliases for scp or sftp
in your .cshrc.
