Systems Status

Announce RSS Feed RSS

Blog RSS Feed RSS

Help Topics

Deschutes Facilities

Campus Facilities

User Account Info

Roundcube Mail

Contact Systems

ipv6 ready

What is ssh?

ssh (Secure Shell) is a system to securely connect to remote machines. In addition to remote logins, you can transfer files between hosts, and tunnel network ports through this encrypted channel.

How does ssh work?

Ssh uses a public key system for authentication and encryption. Public key encryption systems consist of two mathematically related keys, a public and a private key. Anything encrypted by the public key can only be decrypted by the corresponding private key; the same holds for things encrypted by the private key and decrypted by the public key. Once a user accepts a public key from a host or user, then the corresponding private key can be verified by checking that it can decrypt a test message. This allows a user to setup which hosts/users it trusts by knowing their public keys.

Since your private key can be used to allow password-less access to another host, the ssh commands allow you to protect it with a passphrase. A passphrase is 10-20 character string that encrypts your private key, and should not be the same as your password.

What do I need to do to start using ssh?

CIS Managed MacOS-X/Unix

You can use ssh by just typing `ssh hostname` to make an ssh connection to hostname. This will encrypt the connection between your current host and your destination host. But, this ignores the benefits of personal keys. Personal keys allow you to connect to another host without typing your password. Or, to execute a specific application on a remote host.

Check the contents of your ~/.ssh directory. If it contains any files named id_rsa.pub, then you already have setup a personal ssh key. You can use this key for remote logins by adding the public version (the .pub file) to the authorized_keys file on your destination host. On our local hosts (which share filesystems) this can be done with the following commands:

cat id_rsa.pub >> authorized_keys
chmod 644 authorized_keys

If you don't have any keys defined, then you can create them with the following command:

ssh-keygen -t rsa  -N '' -f id_rsa

[On ix, we have a script called ssh-setup which will run ssh-keygen, and install the public key into the authorized_keys file.]

You can also do this from your home machine or any other computer or account you have. This would allow you to connect from a trusted home machine to your CS account, without typing your password. Just be sure to never transfer your private key (identity) from the account where you created it.

You can transfer files via an authenticated/encrypted connection by using scp, or sftp instead of rcp and ftp. Other applications, such as rsync and svn also support ssh-based connections.

Windows

TeraTerm ssh.com putty

Ssh Tunneling

This is a bit more complicated, but once setup, you can use your favorite services such as ftp, smtp, http, etc over an encrypted ssh connection.

The free versions of ssh (TeraTerm, Nifty Telnet) along with openssh can do secure port forwarding. They can listen on the client (remote machine) for known ports (such as 21 for ftp, 25 for smtp) and forward the info to the server machine through the ssh port (23)


from Stanford University

Let's suppose we want to setup an stunnel for ftp between a PC and ix.cs.uoregon.edu, a solaris machine. Once you have TeraTerm setup so you can ssh to ix, choose SSH Forwarding from the Setup menu and click on Add. Select Forward local port and choose ftp (port 21) for the local port, and then put ix.cs.uoregon.edu and ftp (port 21) as the forwarded to host and port. After clicking OK you should see a line similar to the following:

Local 21 (ftp) to remote "ix.cs.uoregon.edu" port 21 (ftp)

Now with your favorite ftp client you can ftp to localhost (your PC), using your login name and password for your ix account. The local ftp port is forwarded over your ssh connection to the ftp port on ix. Your login name and password and all the files you ftp will be encrypted over the ssh connection. You can do this for other services/ports as well. But remember that the ssh encryption is only between your PC and ix and that you must have TeraTerm running and the ssh connection with port forwarding established before you make the ftp connection.

If you are on a Unix box and you can become root, you can use the following ssh command:

ssh -L 21:ix.cs.uoregon.edu:21 -l yourloginname ix.cs.uoregon.edu

And then ftp localhost, and enter your loginname and password for ix.

Edited: October 17, 2016, at 10:05 AM
Copyright © 2017, University of Oregon, All rights reserved
Privacy Policy