SSH is the secure shell. It is a program that takes the place of telnet, rlogin, rsh, and rcp. The big difference between ssh and these other programs is the fact that ssh encrypts the passwords and data that flow through the network. What this does is provide security for you the users from evil people that might run packet sniffers on our network. SSH is easy to use and we hope that everyone takes advantage of this program. We have stopped using telnet and rlogin programs since they are insecure.
Openssh is the version of ssh on most unix, OSX, and linux machines.
There are several version of SSH for the NT and Windows machines. At the center (and for much of UW) we use Secure CRT. Our PC admins can install it for you for computers here in the Center and we have floppy disk with Secure CRT so that you can install it on your home PC.
FYI: Key to reading the text below:
This is what every user has to know how to do. In order to log into a machine in the ssec.wisc.edu domain, type:
ssh hostname <-l username>
The -l username is optional. It is used if you want to log in as a different user from your current one. After you run ssh, it will ask you for your password. In order to log into the computer without giving a password, read the section, Logging in Without a Password, below.
For more advanced users that use rsh and rcp to run commands remotely, you should use ssh and scp from now on. These commmands are very similar in syntax as rsh and rcp. To run a command to a remote machine, type:
scp is run similar to rcp
With scp, you also receive additional output about what files were transferred over. Below is an example of the output from the above command.
wc | 1 KB | 1.2 kB/s | ETA: 00:00:00 | 100%
This option will probably be familiar who currently use a .rhosts file to allow them to log onto machines without entering a password. If you would like to log in without using a password with ssh, there are a couple of ways to do it.
Example - ssh with no password from machine "FROM" to machine "TO"
Using ssh-agent is a way to have a secure passphrase yet be able to log into a machine without entering a password or passphrase every time. Normally, when you have a passphrase, you need to enter it every time you enter a command to the remote machine. To bypass that so that you can run ssh or scp commands remotely from a script, you need to have ssh-agent running. Just type ssh-agent at the prompt, and then add the environmental variables that get returned by the command. This will store your passphrase in memory. Then run the ssh-add. All commands that want to run wthout your password need to be a child process of that shell that started the ssh-agent.
spruce(silver): ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-root/ssh-64423-agent; export SSH_AUTH_SOCK;
SSH_AGENT_PID=64346; export SSH_AGENT_PID;
echo Agent pid 64346;
spruce(silver):SSH_AUTH_SOCK=/tmp/ssh-root/ssh-64423-agent; export SSH_AUTH_SOCK;
spruce(silver):SSH_AGENT_PID=64346; export SSH_AGENT_PID;
spruce(silver):ssh-add
If you ever want to stop the ssh-agent from running, run ssh-agent -k.