Developers built
SSH (Secure Shell) so they
could log in to another computer over a network with the protections
of encryption (scrambling data) and authentication (making sure a
person or system is really what is claimed). Using SSH, a person can
execute commands and send passwords securely. Earlier protocols such
as FTP and Telnet transmitted their information in plain text,
allowing people snooping on the Internet to get the passwords and use
them to gain access to others’ accounts and data.
SSH also replaces older Unix commands such as
rlogin
, rsh
, and
rcp
(remote logon, remote shell, and remote copy).
SSH allows you to:
Additionally, SSH provides secure X connections and secure forwarding of arbitrary TCP connections.
The traditional remote command protocols are vulnerable to different kinds of attacks. Somebody who has root access to machines on the network, or physical access to the wire, can gain unauthorized access to systems in a variety of ways. It is also possible for such a person to log all the traffic to and from your system, including passwords (which SSH never sends in the clear).
The X Window System also has a number of severe vulnerabilities. With SSH, you can create secure remote X sessions that the user can access as if the session was running on his local machine. As a side effect, using remote X clients with SSH is more convenient for users.
Encryption keys, by default, are exchanged using a data encryption
format called RSA
, and data used in the key
exchange is destroyed every hour (keys are not saved anywhere). Every
host has an RSA key that is used to authenticate the host when RSA
host authentication is used. Encryption is used to protect against
IP-spoofing; public key authentication is used to protect against DNS
and routing spoofing.
SSH is a program for logging in to a remote machine and for executing commands on a remote machine.
When you first log on to a remote machine with SSH, you see something similar to the following message:
The authenticity of host 'memphis.org (memphis.org)' can't be established. RSA key fingerprint is 8c:e2:4b:4d:9b:79:cd:e9:84:36:72:32:2b:3b:7e:48. Are you sure you want to continue connecting (yes/no)?
This is perfectly normal; as long as you have no reason to think someone is trying to spoof the real system, you should press the Enter key to answer yes. Another message is displayed and you are logged in:
Warning: Permanently added 'memphis.org,memphis.org' (RSA) to the list of known hosts.
After your first logon, your session looks more like this:
willtonj@rome:~>ssh [email protected]
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = SSH port 22 access restricted to authorized users only = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = [email protected]'s password:************
Last login: Thu May 13 12:05:54 2004 from 65.123.111.109 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = [email protected] is on 222.102.131.176 grizzly:~> Connection to memphis.org closed. willtonj@rome:~>sftp [email protected]
Connecting to memphis.org... = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = SSH port 22 access restricted to authorized users only = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = [email protected]'s password: 5332: Permission denied, please try again. [email protected]'s password:*************
willtonj@rome:~>sftp [email protected]
Connecting to ...memphis.org [email protected]'s password:*************
sftp>
At this point, you have connected to the remote host and can use any Linux/FTP commands. The following commands are unique to SFTP:
cd
path
Change remote directory to path
.
lcd
path
Change local directory to path
.
chgrp
grp
path
Change group of file path
to
grp
.
chmod
mode
path
Change permissions of file path
to
mode
.
chown
own
path
Change owner of file path
to
own
.
help
Display this help text.
get remote-path [
local-path
]
Download file.
lls
[ls-
options
[
path
]]
Display local directory listing.
ln
oldpath
newpath
Symlink remote file.
lmkdir
path
Create local directory.
lpwd
Print local working directory.
ls [
path
]
Display remote directory listing.
lumask
umask
Set local umask to umask
.
mkdir
path
Create remote directory.
put
local-path
[
remote-path
]
Upload file.
pwd
Display remote working directory.
exit
, quit
Quit SFTP.
rename
oldpath
newpath
Rename remote file.
rmdir
path
Remove remote directory.
rm
path
Delete remote file.
symlink
oldpath
newpath
Symlink remote file.
version
Show SFTP version.
!
command
Execute command
in local shell.
!
Escape to local shell.
?
scp
copies files between hosts on a network. It uses SSH for data
transfer, uses the same authentication, and provides the same
security as SSH.
To copy local file filename
to f
ilename
on remote machine
memphis.org, enter:
grizzly:~>scp -p
filename
:memphis.org:filename
-p
preserves modification time, access time, and
mode from the original.
Copy filename
from remote machine
memphis.org to local file filename
:
grizzly:~>scp -p
memphis.org:filename
filename
Finally, you can use SSH with the -X
option and
generate an X session. For example, Run this command:
grizzly:~>ssh -X [email protected]
[email protected]'s password:********
cf11 grizzly:~>gnomine
and in a short time, a window appears as if it was on your system, and you are playing GNOME mines.