Question Nexus

Ask a question get an Answer

Secure Shell

Posted by slayton on October 5, 2008

Secure Shell – SSH

In my previous post I mentioned the existance of the shell.  This post is about Secure Shell(ssh) and what you can accomplish with ssh.  In a nutshell (pun intended) ssh allows you to open a shell securely on another machine that is running an ssh server.  All ssh authentication is done over the Open SSL protocol, meaning that your connection is completely encrypted and cannot be snooped or intercepted.

Here are the basics on how to establish a connection over ssh.  To connect to another machine simply run the following command in a terminal:

ssh user@hostmame

If user doesn’t exist on hostname ssh will still try to login, and it will fail.  You can also substitue an ip address instead of a hostname. So to ssh into a machine where you know the ip address you can type:

ssh user@127.0.0.1 with 127.0.0.1 replaced with a valid ip address and not the loopback address.

A ton of other programs are built on top of the ssh protocol, a few of these are:

  • sshfs – SSH File System, allows you to mount a remote folder like a local directory (I’m 99% sure this is what Apple uses on the MacBook Air for using a CD in another machine)
  • scp – Secure Copy – copy files from one computer to another using an ssh connection
  • remote X Allows you to forward X windows over an ssh connection. Any graphical programs launched on the remote machine will be displayed on your local machine

Secure Shell File System – SSHFS

To use sshfs you must first install it, to do that open a terminal and run:

sudo apt-get install sshfs

To mount a remote directory simply run:

sshfs remoteUser@hostname:/remote/directory  /home/localUser/mountHere

This requires that /home/localUser/mountHere is a folder that already exists on the local machine

Secure Copy – scp

To copy files from one machine to another simply run:

scp user1@machine1:/home/user1/file user2@machine2:/home/user2/file

Notice that neither machine1 or machine2 need be the machine you are actually working on. You can copy from a remote machine to a local machine, from a local machine to a remote machine or from one remote machine to another. In all three cases you’ll be asked for the required passwords.  All of the command line options you use with cp can be used with scp.

Remote X Forwarding with ssh

The X window system is foundation for all GUIs in Linux.   I’m not going to explain it in great detail as it can be slightly confusing, but putting it basically its the lowest level of software responsible for the GUI.  It interacts directly with the hardware and was designed in the days of mainframes.  This is good for us because all X Window information can be sent over a TCP/IP connection. Luckily for us nearly all internet traffic is sent over TCP/IP, meaning that you can send windows from one computer to another using a network or internet connection.

To establish a ssh connection with x forwarding run:

ssh user@hostname -XC, the -X signals to forward X traffic and the C says to compress that information.  If you are connecting to a machine on the local network you won’t need the -C but over an internet connection it certainly will speed things up.

Now you might ask why would you ever want to run a GUI remotely. Tere are a couple of reasons.

  • You don’t have a desired program installed locally
  • You want to access network restricted websites
  • You want to perform edits on a file locally vs copying the file, editing it then copying the file back

The main thing I use remote X for is for accessing network restricted webpages.  At MIT I have access to hundreds of journals that I can’t access when I’m not on campus.  If I want to access these journals from home I can’t, unless I use remote X.  To view these pages using a remote machine I:

  • Close all local instances of Firefox
  • Establish a SSH connection to a computer at MIT with x forwarding and compression
  • run firefox on the remote machine
  • browse any websites that are only accessible from MIT’s network

There are a lot of other things you can do with ssh and hopefully this article has given you an idea of what a few of these are.

Advertisements

2 Responses to “Secure Shell”

  1. Mark said

    Ok, question: does the computer I want to establish a remote connection with have to also be running linux, or could it be running Windows or OSX? Or what about a different distribution of linux?

  2. slayton said

    So any machine that is running an SSH-Server can be connected to via SSH. The machine your connecting to can be running Windows, DOS, Mac OSX, Unix, Linux, Solaris, OS2, etc… The SSH Server is a program that is running on top of the OS so the OS doesn’t matter. As long as the SSH server is running (not just installed) and the OS is accepting in bound traffic over port 22 you can connect.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: