The Secure Shell, or SSH, provides a way of running command line and graphical applications, and transferring files, over an encrypted connection. SSH uses up to 2,048-bit encryption with a variety of cryptographic schemes to make sure that if a cracker intercepts your connection, all they can see is useless gibberish. It is both a protocol and a suite of small command-line applications that can be used for various functions. SSH replaces the old Telnet application and can be used for secure remote administration of machines across the Internet. However, it has more features. SSH increases the ease of running applications remotely by setting up X permissions automatically. If you can log into a machine, it allows you to run a graphical application on it, unlike Telnet, which requires users to type lots of geeky xhost and xauth commands. SSH also has inbuilt compression, which allows your graphic applications to run much faster over the network.SCP (Secure Copy) and SFTP (Secure FTP) allow the transfer of files over the remote link, either via SSH’s own command-line utilities or graphical tools like Gnome’s GFTP.
Like Telnet, SSH is cross-platform. You can find SSH servers and clients for Linux, Unix, all flavors of Windows, BeOS, PalmOS, Java, and embedded OSes used in routers. Setting up an SSH server is simple. The popular OpenSSH version of the service is usually distributed in three separate packages: ‘openssh’, ‘OpenSSH-clients’, and ‘OpenSSH-server’. Also, all of the packages require OpenSSL to be installed first. It’s best to install all three packages on your machine, and you should use a command-line packaging tool to do so — the packages usually contain some interactive post-install scripts which ask for user input and won’t show up when you’re using a GUI installer. Once installed you can start SSH by running the service sshd. Using SSH is also simple. To log into a remote machine with your currently logged in username, just type: ssh [host]. Or, if the username of the other machine is different from the account you’re using, you can type ssh [user]@[host]. To enable compression to speed up remote connections, particularly over a modem, add the ‘-C’ switch. The first time the SSH client connects to a new server, it asks if the server should be added to a list of known hosts.
Say Yes, this allows you to check whether the host key has changed during your future logins. If it has, SSH will warn you with a message along the lines of ‘SOMEONE MAY BE DOING SOMETHING NASTY!’. This means that the key returned by the remote SSH machine was different from the one it had previously returned. There are a number of reasons why this could happen: it may indeed mean someone has been fiddling with the remote SSH server (or is impersonating the remote machine), but it’s also possible that the remote machine has had SSH reinstalled for some reason. If you know the latter situation is the case, continue with the connection. Otherwise, you might wish to investigate… OpenSSH has a number of handy utilities, including SCP, a secure copying tool for moving files along the encrypted connection. You can use SCP independently of SSH (as long as there is an SSH server at one end of the connection). The syntax is easy — in order to copy a local file to a remote machine: scp [local file to copy] [username]@[remote machine]:[destination folder] For example, to copy pocketbook.doc from the current directory on your local machine to your home directory at example.com: scp ./pocketbook.doc [email protected]: ./ To copy a file /data/work/ on the remote machine to the current directory on the local machine: scp [email protected]:/data/work/pocketbook.doc ./ There are a few nifty switches you can use as well, most notably -r for recursive copying, and -C to provide compression.