SSH Tips

For some reason, a lot of people still continue to use telnet, and other clear-text unix tools, like rcp and ftp.

This page contains some basic and not-so-basic information about how you replace these tools with ssh.

It also contains details on how you can use ssh to forward your X server info, and tunnel through firewalls.

Basic SSH

ssh and the tools that go with it are far superior the "old" tools that are usually used.

ssh - replaces telnet and rsh
scp - can replace ftp and rcp
sftp - replaces ftp

All of these tools handle all communication in a secure fashion. All of your commands and data are encrypted. And they will all tunnel everything through your firewall if you like.

ssh can do much more than simply replace telnet, however. When you combine ssh with an X-Server, you can start up an entire X-Session gui on a Unix/Linux box, and forward the desktop back to your current machine. You can do this from one *nix box to another, or even from a *nix box to a windows box, if you install an X-Server on your windows box (like cygwin). You can also set it up so that you can log in from one machine to another using ssh, and not have to type your password every time. And it is still secure. Very cool.

 

X session forwarding (desktop forwarding) between unix / linux machines

To have ssh forward your gui session back over ssh simply append a "-X" to your ssh command.

ssh -X somehost

Thats ALL you have to do. No DISPLAY variables, and its secure.

 

Making ssh connections between machines without passwords

To be able to log in without typing a password, follow these steps:

Example with two machines, A and B. I want to be able to go from A to B without a password.

On the machine A, you need to generate a set of keys.

ssh-keygen -t rsa

Go ahead and accept the default locations, and do not enter a passphrase when it asks for one (leave it blank)

This created these two files in the .ssh folder in your home directory - id_rsa and id_rsa.pub

Now, log into machine B.

Inside the .ssh folder (create if it doesn't exist) create a file named 'authorized_keys' (If it already exists, leave it - we will append to the end of it)

chmod authorized_keys to 644 (or less)

Gotcha - make sure that the .ssh folder has permissions of 644 or less as well, otherwise it won't work...

Now, add the contents of your id_rsa.pub that you created into the authorized_keys file.

Here is an easy way to do it (using scp)

scp MACHINE-A:.ssh/id_rsa.pub temp
This copies the .ssh/id_rsa.pub in my home directory on machine A into a file on machine B called temp.
The authenticity of host '172.22.19.15 (172.22.19.15)' can't be established.
RSA key fingerprint is 1f:b5:1b:a7:02:e7:20:0b:0c:65:0a:59:3c:21:4a:70.
Are you sure you want to continue connecting (yes/no)? yes
This is normal ssh behavior, the first time you connect to another machine
Warning: Permanently added '172.22.19.15' (RSA) to the list of known hosts.
armbrust@172.22.19.15's password:
id_rsa.pub 100% |******************************| 240 00:00
rsnode0==> ~/.ssh>cat temp >> authorized_keys
This added my public key into my authorized keys file

rsnode0==>~/.ssh>rm temp

And thats it. Now, all I have to do to connect from machine A to B is type 'ssh B' and it will not prompt for a password.

Note: In older versions of ssh, if you used an rsa key, the names of some of your files will have a 2 appended on the end of them. So to make this work, rename authorized_keys to authorized_keys2. You can find out for sure if you need to do this by checking the man pages of ssh.

 

Using cygwin as an X server on windows

You could use cygwin on your windows machine to enable you to remote a linux or unix desktop back to your windows machine. However, XMing is a much easier way to do it.