Posted by slayton on October 5, 2008
Secure Shell – SSH
In my previous post I mentioned the existance of the shell. This post is about Secure Shell(ssh) and what you can accomplish with ssh. In a nutshell (pun intended) ssh allows you to open a shell securely on another machine that is running an ssh server. All ssh authentication is done over the Open SSL protocol, meaning that your connection is completely encrypted and cannot be snooped or intercepted.
Here are the basics on how to establish a connection over ssh. To connect to another machine simply run the following command in a terminal:
If user doesn’t exist on hostname ssh will still try to login, and it will fail. You can also substitue an ip address instead of a hostname. So to ssh into a machine where you know the ip address you can type:
ssh firstname.lastname@example.org with 127.0.0.1 replaced with a valid ip address and not the loopback address.
A ton of other programs are built on top of the ssh protocol, a few of these are:
- sshfs – SSH File System, allows you to mount a remote folder like a local directory (I’m 99% sure this is what Apple uses on the MacBook Air for using a CD in another machine)
- scp - Secure Copy – copy files from one computer to another using an ssh connection
- remote X - Allows you to forward X windows over an ssh connection. Any graphical programs launched on the remote machine will be displayed on your local machine
Secure Shell File System – SSHFS
To use sshfs you must first install it, to do that open a terminal and run:
sudo apt-get install sshfs
To mount a remote directory simply run:
sshfs remoteUser@hostname:/remote/directory /home/localUser/mountHere
This requires that /home/localUser/mountHere is a folder that already exists on the local machine
Secure Copy – scp
To copy files from one machine to another simply run:
scp user1@machine1:/home/user1/file user2@machine2:/home/user2/file
Notice that neither machine1 or machine2 need be the machine you are actually working on. You can copy from a remote machine to a local machine, from a local machine to a remote machine or from one remote machine to another. In all three cases you’ll be asked for the required passwords. All of the command line options you use with cp can be used with scp.
Remote X Forwarding with ssh
The X window system is foundation for all GUIs in Linux. I’m not going to explain it in great detail as it can be slightly confusing, but putting it basically its the lowest level of software responsible for the GUI. It interacts directly with the hardware and was designed in the days of mainframes. This is good for us because all X Window information can be sent over a TCP/IP connection. Luckily for us nearly all internet traffic is sent over TCP/IP, meaning that you can send windows from one computer to another using a network or internet connection.
To establish a ssh connection with x forwarding run:
ssh user@hostname -XC, the -X signals to forward X traffic and the C says to compress that information. If you are connecting to a machine on the local network you won’t need the -C but over an internet connection it certainly will speed things up.
Now you might ask why would you ever want to run a GUI remotely. Tere are a couple of reasons.
- You don’t have a desired program installed locally
- You want to access network restricted websites
- You want to perform edits on a file locally vs copying the file, editing it then copying the file back
The main thing I use remote X for is for accessing network restricted webpages. At MIT I have access to hundreds of journals that I can’t access when I’m not on campus. If I want to access these journals from home I can’t, unless I use remote X. To view these pages using a remote machine I:
- Close all local instances of Firefox
- Establish a SSH connection to a computer at MIT with x forwarding and compression
- run firefox on the remote machine
- browse any websites that are only accessible from MIT’s network
There are a lot of other things you can do with ssh and hopefully this article has given you an idea of what a few of these are.