It was brought to my attention that some of my classmates did not know much about using SSH. This post should serve as a guide to getting set up with a basic SSH environment to use. I will not be covering things about the shell, since that is way out of the scope of a short article. If you would like information on Bash and the shell, you should check out Machtelt Garrels's excellent intro guide.
Overview
SSH stands for Secure SHell. It is a protocol that allows a user to access the shell of remote computer over an encrypted gateway. It was created to replace Telnet and other insecure shell protocols, the former of which actually transfers passwords in plaintext for everyone on the network to see. Obviously, we don't want our data to be looked at by just anyone! However, there are a lot of cool uses for SSH besides just accessing your Linux server's command line.
Installing SSH: Client and Server Programs
SSH has both a client program and a server program. The server will need to be installed on the remote machine, the one you wish to access. The client will need to be installed on your local machine. Follow the directions for your OS below.
Linux
I am going to assume here that you are on a Debian-based system.
Fortunately, Linux offers us convenient packages for both the client and the server. All you need to do is run the following code in a terminal:
sudo apt-get install openssh-client
sudo apt-get install openssh-server
It is likely that your computer already came with SSH installed.
OS X
OS X comes with ssh pre-installed. You can run it from the Terminal application.
Applications > Utilities > Terminal
Windows
Windows is a little bit harder to install on since SSH was originally a UNIX tool.
Client
Fortunately for us, Simon Tatham wrote a really easy to use SSH program for windows called PuTTY.
- You will need to download PuTTY from its download page. Make sure you get the windows installer, not the binaries.
- Run the installer and open the program.
- That's it! You now have a working SSH client on your machine.
Server
There are a lot of ssh server implementations available for windows. The problem here is that windows does not use a shell, at least in the UNIX meaning of shell. Therefore, ssh server programs for windows can either emulate UNIX shell programs, or they can give you access to a windows command line.
Since I do not have any experience with installing an SSH server on Windows, I am going to defer to another blog on the matter. You can find instructions for setting up an SSH server under Cygwin (a UNIX environment for Windows) over at Lifehacker's Geek to Live column.
Using SSH
Now we get to the fun parts: how to use SSH for fun and profit.
Basic Setup
The basic usage of ssh is:
ssh user@server
This will get you logged in to the specified server as the specified user after you type in your password. If you do not specify a user, it will default to the name of the current local user.
SSH Keys
When working with SSH, I recommend using private key authentication when possible. There are a couple of advantages to this method:
- You will only need to type your password once in a given session (or once ever depending on how you have your SSH Agent set up).
- It provides a second form of authentication-- Someone would have to get both your private key and your passphrase in order to impersonate you.
- It prevents others from learning your password for a server in the case that they impersonate the server.
Key authentication works by generating a pair of keys, a public key and a private key. You keep the private key and give the public key out to any server you want to access. When you try to authenticate, you generate a signature with your private key. The server with your public key can then use your public key to verify that the signature was created with your private key. Without your private key, your signature cannot be forged. Signatures also cannot be reused, so if someone gets a hold of your signature, they cannot impersonate you.
NOTE: Setting up key authentication on Windows is a lot different from Linux or OS X, so I will again be referring you to someone else that has explained it well. See this guide from the University of Alberta.
Generating Keys
On Linux and OS X, you will need to run the following command:
ssh-keygen -t rsa
You will be asked where to save the key, but just accept the default unless you have some reason not to. Most other SSH commands expect that your key will be in the default location. When asked to enter a passphrase, please do so. It will make your key insecure if you do not since anyone who gets the file can then impersonate you. Note that the passphrase needs to be longer than 4 characters.
This will generate a key pair using rsa cryptography and place it in your home folder: ~/.ssh. Note that the folder is hidden (it has a . at the beginning of its name), so on OS X, you can only access it from the command line.
Giving Out Your Public Key
This is a task that is done so often that a utility was created for it.
ssh-copy-id user@server.com
This will ask you to enter your password. Once you have done so, you will be able to log in using your shiny new key.
OS X Users: You will need to install ssh-copy-id since it does not come with Snow Leopard. You can do so with the following commands:
curl https://raw.github.com/beautifulcode/ssh-copy-id-for-OSX/master/ssh-copy-id.sh -o /usr/local/bin/ssh-copy-id
chmod +x /usr/local/bin/ssh-copy-id
Setting up Aliases
I don't know about you, but I do not like typing long server names and trying to remember all my user names with each server that I have access to. Because of this, I set up aliases for all of the connections that I use regularly. You can do so by editing or adding ~/.ssh/config following the example below:
Host serv
User cleaver
HostName server.example.com
In this example, typing ssh serv will act as if I had typed ssh cleaver@server.example.com.
Conclusion
SSH is a very useful tool in any programmer or sys admin's toolkit. In an upcoming post, I will share some of the cool ways that you can use SSH beyond the basics. Have a favorite SSH setup? Share it in the comments below.