Security Conscious,
High Availability Unix Hosting 		SSH From Unix
Language:
[English] [Français] [Norsk]
BBB Privacy Seal BBB Reliability Seal

This micro-howto will examine, within a decidedly condensed framework, the basic operations of SSH, a secure replacement for telnet, rsh and rlogin, under Unix platforms. SSH is primarily employed as a device to login to and execute shell commands on remote Unix systems. SSH provides multiple authentication schemes and uses strong cryptography.

Modern SSH clients should also include some variant of, scp which enables the transfer of files across the internet in a secure manner, and sftp, a secure, ftp-like client.

Our SSH server settingsOur SSH server settings

Most csoft.net servers share the same basic sshd settings:

  • SSH protocol version 1 and 2
  • Authentication methods:
    • Password
    • Pure RSA (v1)
    • Public key (v2)
  • Strict ~/.ssh owner/permission checks
  • Privilege separation
  • Keep-alive
  • Secure FTP (sftp)
  • Data compression
  • Hardware cryptographic acceleration (OpenBSD/FreeBSD servers only).
Logging into the server

Suppose that your account is hosted on lilly.csoft.net, the command below will bring up a password prompt (assuming you are using password authentication): 

  # Log into the yourname account at lilly.csoft.net.
  $ ssh -l yourname lilly.csoft.net
 
  # Alternate user@host form.
  $ ssh yourname@lilly.csoft.net
  
  # Execute a command on the server.
  $ ssh yourname@lilly.csoft.net du -hs www
Securely transfering files

Included within OpenSSH is a program which permits the secure copying of files from the local to the remote computer and, of course, conversely, the program is scp. Some elementary command syntax follows. 

  
  # Upload to
  scp file1 [...] [user@server:file2]
  
  # Download from
  scp [user@server:file1] [...] file2
  
  # Note that wildcard characters are also allowed for remote filenames,
  # but they must be quoted as appropriate.

The following command uploads a local file named glue.html into the ~/www/ directory on the server: 

  $ scp glue.html myname@lilly.csoft.net:www

Multiple files can be uploaded at once:

  $ scp *.html myname@lilly.csoft.net:www

Downloading works in a similar fashion:

  $ scp myname@lilly.csoft.net:foo.tar.gz .

If you would like a FTP client style interface, use sftp:

  $ sftp myname@lilly.csoft.net

There are also graphical clients such as gFTP.

Public key authentication

Public key authentication may be accomplished via SSH by merely appending your public key to ~/.ssh/authorized_keys on the server. 

  # Copy the public key to the server.
  $ scp ~/.ssh/id_dsa.pub myname@lilly.csoft.net:mykey.pub
  
  # Add the key to the authorized keys database.
  $ ssh myname@lilly.csoft.net cat mykey.pub >> ~/.ssh/authorized_keys

If you cannot find ~/.ssh/id_dsa.pub on your machine, you can generate one using the ssh-keygen(1) command: 

  # Create a version 2 DSA key with an empty passphrase.
  $ ssh-keygen -t dsa -N ''

Note: Under no circumstance and for excruciatingly obvious reasons should the files ~/.ssh/id_rsa and ~/.ssh/id_dsa be copied over to your account on the server or any other remote computer, as these are your private SSH keys.

Links
  • OpenSSH - Free implementation of the SSH protocol suite

This web site - © 2008 Csoft.net Hosting, Inc.
(Contact Us) (Our Privacy Policy) 		  End Software Patents!