[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh

Subject: Re: ssh
From: Martin P Holland <nospam [at] noether.freeserve.co.uk>
Date: Jan 30 2000 08:51:40 EST

On Sun, 30 Jan 2000, Barrie Bremner wrote:

> Anyone got any idea how to go about settng it all up or what webpages
>to look at?
>
> Man pages for ssh/ssh2 make my head hurt.

Once you get used to them they are quite easy to use (pointers below). There are
some licence issues though.

ssh2 has a terrible licence. I am an academic who wanted to use it to transfer
my reasearch papers between home and work. After reading the licence several
times it was still not clear to me whether this was legal. The original ssh is
not so bad, but still cannot be used for commercial use (IIRC). Currently I am
using openssh which is a version of ssh that has a liberal licence. It doesn't
use any patented algorithms, which is where the licence issues arise from with
the other versions.

Note that all of these various versions should interoperate freely except that
for ssh2 you have to use it incompatibility mode, which means you say ssh1[-foo]
instead of ssh[-foo].

OK usage. First off install an rpm version and then it works more or less of
the box. When you get more used to it you might want to compile it to customise
things to your setup but first time go for an rpm. Note that will be global
configuration options in /etc/ssh for your server sshd and your client ssh.
Next make sure that sshd is running:

/etc/rc.d/init.d/sshd start on a RH box.

Now suppose you want to do no password logins form your local box to some
remote box. Do this (i'm assuming ssh or openssh here):

local$ ssh-keygen
Then you get to enter your pass-phrase a couple of times.
This generates your public/private keys
remote$ ssh-keygen
Similar.
Now copy from your local .ssh directory identity.pub (your public key)
and put it in the file
.ssh/authorized_keys
in your user's home directory on remote.
Note that you will have to create this file and you will have to give it
permissions 600.

Now you are all set.
local$ ssh foo_user [at] remote

will login you in and depending how the config files are setup you are ready to
run remote xapps etc etc.

Another good one is

local$scp infile foo_user [at] remote:outfile

to copy file infile to the remote host.
ssh2 has sftp which is a direct replacement for ftp but I can live without this.

One last hint. ssh installs itself by default as suid root. There seems to be
no really good reason for this (I am open to having this explained to me :-)
and I suggest disabling this. One advantage of doing this is that when you ssh
or scp somewhere your host connects to the remote host on port 22. In the suid
root case they will talk back to you on a (not predictable) privileged port but
if ssh is not suid root then they have to talk back to you on a non-privileged
port, which plays better with my firewall. (ssh2 uses non-privileged ports by
default.)

Command line ops that are useful:
-x don't use x forwarding (I need this for a sun box I ssh to)
-C compression (a big win over a modem)

(These are for openssh, ssh may have different letters for these options.)

Last hint. Play with it on localhost to get used to it before you try for a
remote machine.

atb
Martin
--
http://www.shef.ac.uk/~pm1mph

Start your own FREE mailing list at

&copy; 2000 Microsoft Corporation. All Rights Reserved

Prev by Date: Re: compiling programs
Next by Date: Re: Funny ftp...
Prev by thread: ssh
Next by thread: On-the-fly compression.
Index(es):
- Date
- Thread