Using SSH Under Unix

How do I use SSH on a Unix machine?

Q1. How do I use ssh? 
Use the command ssh hostname" in place of "rlogin hostname" or "telnet hostname", for example, 

"ssh compserv1" or " ssh -l your_sparky_username

Enter your password at the prompt. Your password and all further traffic is automatically encrypted by ssh. If you get back "Command not found", make sure /usr/local/bin is in your path.

Q2. Isn't there some way to use ssh without having to enter my password? 
Run the command ssh-keygen. You will see a status message as ssh generates an encryption key pair for you. 

When you see the prompt Passphrase: , enter an easy to remember string. Ssh will generate public and private keys for you and save them to ~/.ssh2. 

Now create an "identification" file in your .ssh2 directory with the following command: echo "IdKey id_dsa_1024_a" > identification 

Finally create an authorization file in your .ssh2 directory: echo "Key" > authorization

Now you will be able to use ssh between hosts in the department without having to enter your password. You will have to enter your passphrase for each connection, to further simplify your ssh connections please see Q3 below, how to use ssh-agent.

Q3. How do I use ssh-agent? 
Ssh-agent is a program that stores your authentication keys, and then handles the authentication exchange thereafter. To start it use: ssh-agent csh (or whichever shell you use) followed by: ssh-add which will load it with your default key. You will need to enter your passphrase once only (and it is not transmitted over the network in this case). Hereafter any ssh connections you make from this instance of the shell will be completely transparent to you, even to multi-hop remote machines.

Q4. How do I use scp within the department, say from my home directory to editwww?
Use scp2 with the department or from the department to any host which also runs scp2.To transfer files from your local host to a remote host:

scp2 <filename> username@hostname:fullfilename

Ex: scp2 index.html user@editwww:public_html/index.html

To transfer files from a remote host to your local host:

scp2 username@hostname:fullfilename <filename>

Q5. How do I use scp from a system with OpenSSH to a department host?
You must use scp and it must be run from the OpenSSH system.To transfer files from the OpenSSH system to a department host:

scp <filename> username@host:fullfilename

To transfer files from the department host to the OpenSSH system: (Note: this command must be run on the OpenSSH system)

scp username@host:fullfilename <filename>

Q6. Are there any problems using OpenSSH to connect to the department?

OpenSSH v2 and Commercial SSH v2
The Commercial (Fsecure) SSH v2.3 has a key retransmission feature which regularly verifies the client/server connection (the default is every 1 hour). OpenSSH doesn't support or understand this part of the protocol and a OpenSHH v2 client will be dropped by the Fsecure SSH2 server after 1 hour. Your options are:

Get the non-commercial Fsecure client. 

Connecting with a commercial Unix SSH v2 client to a Unix/Linux OpenSSH v2 server requires:

  • Either put: RekeyIntervalSeconds 0
    in your $HOME/.ssh2/ssh2_config file (where time=0 is infinity/never re-exchange keys after the login)
  • On the command line ssh [-l login_name] -o 'RekeyIntervalSeconds 0' <host> 
    NOTE: The single quotes are MANDATORY. The command line options will override ALL other config files (personal/system wide).

Sample ssh2_config file would look like this:

RekeyIntervalSeconds 0

Please see the ssh2_config manpage for more information about this and other options.

Q7. How do I remote display from sparky or the ug lab back to my desktop with ssh? 

When you make a connection using ssh it automatically sends any X connections over the encrypted channel back to your own workstation, i.e. without doing anything further any X application you launch will display on your local machine. Do not set the DISPLAY environment variable and do not use the xhost command, neither is necessary. 

By default X11 forwarding is enabled in most versions of ssh. If this is not working for you from your external host try adding the "+x"option to force X11 forwarding on. You should not be setting your display environment variable by hand or in any startup files.

If this is not working for you from any host within the department please send mail to WREQ

Q8. Are there any other common problems using SSH under Unix?

If you have an alias in your .cshrc for scp on a target (scp to) system the alias will be executed (and arguments passed to the alias for scp) when you try to secure copy. We recommend against aliases for scp or sftp in your .cshrc.