SSH @ TCB - Frequently Asked Questions
What is SSH? Why is it important?
SSH is a utility for connecting to a machine securely over a network, encrypting all traffic between those machines. It was designed as a safer alternative to telnet and rsh.
SSH is better for one major reason - it encrypts the traffic as it travels the network, and (especially)protects your user/password pair from being stolen by outsiders. Standard protocols, even though they don't display your password on the screen, do send the password out in clear text; anybody that can overhear that password can then log into your account. Secure protocols such as SSH prevent this by making the overheard data useless, and by ensuring that only the two connecting machines can make sense of what has been typed.
Can I use SSH on insert machine type here?
Yes. Utilities should already be installed on every machine we've got; if you want to download a client for home, try one of these:
- Any GUI web browser: http://login.ks.uiuc.edu/
- Windows
- TeraTerm + SSH patches (mirrored here, or just grab this ZIP file, decompress it with WinZip, and follow the instructions in the enclosed readme.txt file).
- PuTTY
- MacOS 9 - NiftyTelnet SSH
- Unix/MacOS X - OpenSSH
(probably already installed; just type
ssh
).
How do I use SSH?
On Unix systems it's simple. Just replace your normal commands with the following:
- telnet -
ssh machinename
- rsh -
ssh machinename command
- rcp -
scp username@machinename:srcfile username@machinename:destfile
On Windows and Mac systems, it's usually a matter of just running an SSH client rather than a telnet client. Given that these SSH clients are often easier to use than the programs they replace, this is a minor burden.
What is SCP?
SCP is a program similar to SSH that is designed to replace rcp - it encrypts the files as they go, as well as the authentication process. It is less well supported than SSH, but only because it isn't used as often. With any luck, it will eventually be a good replacement for FTP as well.
The host identification has changed! What do I do?
All this means is that the machine has been re-installed since you
first connected to this machine. It pretty much means the same thing as
Host key not found from the list of known hosts. Are you sure you
want to continue connecting (yes/no)?
.
The solution to this is to remove the appropriate line from your known_hosts file, and let it be regenerated. From a Unix system, you can do this with any standard text editor; just find the offending line, delete it, and retry. Windows/Mac systems generally don't have this problem.
How do you work without passwords?
ssh-agent
is a program for Unix that you start on boot,
which can keep track of your keys for you. Once you set it up, you can
type your password once and not have to worry about it again for the
length of that session, as long as you're ssh'ing from machine to machine.
This site
has basic instructions on how to do this with most Unix systems.
Do note, however, that you should a) use passphrases for all of your SSH keys and b) watch over your SSH keys files very carefully! If somebody steals your identity files, then you should take that entry out of your authorized_keys files immediately.