ssh
Usage
ssh
as replacement for telnet, rlogin, xrlogin
telnet
or rlogin
, just
type
ssh <hostname>
You will be prompted for your password on the remote host, and after
typing it in your login will proceed as usual. (If <hostname> is
not yet in the known hosts database, ssh
will ask for
confirmation once before proceeding and then add it to the
database for future reference.)
The advantages of ssh
here are that
telnet
and rlogin
Note: If you received an error message after trying
ssh <hostname>
, saying
Secure connection to <hostname> refused; reverting to insecure method. Using rsh. WARNING: Connection will not be encrypted.the remote host has no
ssh
daemon running. Ask the administrator of <hostname> to install it!
ssh
as replacement for rsh
.rhosts
files on all your accounts to
be able to quickly hop around from one computer to the other, remotely
execute commands and copy files with rcp
without always
being asked for a password. This is very convenient and very unsecure,
because your only authentication is the
username@hostname pair, and this is easy to fake. Actually, the
first and most basic example in hackers' guides uses a
.rhosts
file on an NFS exported disk. You basically open
all your accounts to the rest of the world when you use this
mechanism. That's why many sites have forbidden the use of
.rhosts
authentication completely.
There is an equivalent to the $HOME/.rhosts
file in
ssh
: The $HOME/.ssh/authorized_keys
. This
file contains one line for each username@hostname who shall be
allowed to log in without being prompted for a password. In addition
to username and hostname, there is a key in form of a long text
string. This is the public key of username@hostname, while the private
key is stored on the host requesting login. While this mechanism gives
security against IP spoofing, it does still not protect you against
bad NFS setups, so use it with care!
ssh-keygen
on host A. This will create a private
and a public key in $HOME/.ssh/identity
and
$HOME/.ssh/identity.pub
. When prompted for a passphrase,
just hit 'return'. Otherwise you have to type this passphrase on each
login, which is eactly what you are trying to avoid.
You need to copy the contents of $HOME/.ssh/identity.pub
on host A to the $HOME/.ssh/authorized_keys
file on host B.
You better use scp
to do this. Make sure that it
is only one line and not being split by the editor. Make the file
read-writeable by the owner only. That's it. You can have multiple
host keys for different hosts in your
$HOME/.ssh/authorized_keys
.
Now you can use ssh
and
scp
on host A to execute commands on and copy files to and
from B just as you would with rsh
and rcp
,
but without their vulnerabilities and with added encryption.
Note that while this is much better than the .rhosts
based
authentication alone, it still means that if someone gains access to your
account on A, he also has access to B. Do this only between hosts
where you really need it.
Main parts of this description were adopted from Knut Woller's web page "Basic ssh Usage for Hermes Users".
Birgit Lewendel(birgit.lewendel(at)desy.de) Last modified: