What Is SSH?
SSH (Secure Shell) is a program to log into another computer over a network, to execute commands on a remote computer, and to move files from one computer to another, in a secure manner.
Why Use SSH?
Regular telnet connections transmit your password over the net in "plaintext" -- your password is not encrypted or protected in any way. It is possible for others to eavesdrop on the network and capture your username and password. With your username and password, they can then easily use your account, reading or changing your files, electronic mail, etc.
With SSH, your password never is transmitted without strong encryption.
Similar functionality is available with Kerberos, however it is more difficult to install and configure on private computers. Kerberos has been installed on all CSL workstations.
How Do I Use SSH On CSL Workstations?
On UNIX systems
On Windows 2000 systems
- SSH has been installed on CSL Unix workstations in
/s/std/bin/ssh. When you wish to connect to a remote computer that supports ssh, type
ssh remote-host where
remote-host is the hostname of the other computer.
- SSH Secure Shell is installed on supported CSL Windows 2000 workstations, and is found in the Start menu under SSH. This package also provides a graphical file transfer mode.
How Do I Use SSH Off-Site?
Please see Using SSH
for instructions on installing and using ssh from computers outside the CS department.
How Can I Securely Transfer Files To And From CS Department Computers?
This is handled in another HOWTO document; see How To Transfer Files From A Remote System
for details on transferring files.
Why Doesn't SSH RSA Authentication Work?
RSA Authentication is method for SSH to automatically authenticate the client, without the user typing a password.
RSA authentication does not work out of the box with CSL computers because it is necessary to authenticate to the AFS filesystem. The login process handles AFS authentication, using the password you provide. Without a password, it is not possible to authenticate to AFS.
Some users have reported degrees of luck getting around this using the instructions found at http://openafs-wiki.stanford.edu/AFSLore/SSHKeyAuthentication/
, but the CSL has not verified this and doesn't officially support it.