SSH? Whats it used for.

[firebyrd10]

Ok I've seen many posts and stuff on SSH, and I want to know what its used for. I figured it encrypts but does it encrypt every thing, like VNC or just data it sends. Also is it a Terminal, does it only send commands to the other computer or can it send data also? I'm at a lose here. Can someone please FULLY explain this? Also where would I go to connect to a computer that had SSH server running (asuming I figured it out)


Many Thanks

[arkaine23]

SSH lets you connect securely to another computer running sshd. Once connected you can poass commands acrposs the network or internet as if you were on the other computer. scp is a variation on ssh used for transferring files.

SSH is how I can sit at home and administrate a small corporate linux network.

[firebyrd10]

So SSH is like a secure telenet or Command line vnc . Is there a GUI SSH out there (wait that would be just a regular vnc + security now wouldn't it.)

and you can transfer files over the network through it useing scp
I'm guessing this

Code:

dd if=/dev/hda | ssh user@remotehost /bin/dd of=/tmp/mypc_hda.img

is useing scp type commands?

do you need a special server to transfer files?

Thank you, this has been bugging me for ever.

[aay]

Well I wouldn't use dd to transfer files through ssh. Personally I don't care much for scp. If I want to transfer files over ssh I either use fish in konq or more comonly make a shell link using mc.

If you want to try out ssh just make sure it's started on the server box like this:

Code:

/etc/init.s/sshd start

As root of course.

If you want to transfer files you can either learn scp, or try using fish in konqueror. After you open konq, just type the following in the address bar

Code:

fish://user@ipaddress

.

Again, you can do the same thing by creating a ssh link in midnight commander (mc), hilighting the file you want to copy, and pressing F5 to copy the file to the other directory.

Hope this helps.

Adam

[johnb]

I would say that being able to ssh into another box remotely and control it. Wether you are sitting next to it or 1/2 way around the world, needs mention. If you have 2 machines and cds you can play with this yourself.

Open a root shell and set a new password:

Code:

passwd

Set a static ip address.

Code:

netcardconfig

No DHCP

Accept defaults. This machine is now know as 192.168.0.1
Set-up the the other machine the same except its ip address will be 192.168.0.10
Typing from machine 192.168.0.1

Code:

ssh 192.168.0.10

you will be asked if you want to continue, type yes
type in the password for machine 192.168.0.10
If all has gone well you are now working on machine 192.168.0.10 even though you are still sitting in front of machine 192.168.0.1. Machine 192.168.0.10 can be in the basement and just an ethernet cable to access it. It dose this all encrypted. Check the man page. You can get secure access to your computer (if it has internet access) from any where in the world.

johnb

[gowator]

ssh is a network protcol, designed to replace older 'insecure' protcols which passed plain text authentication.

What this means in practice is since a shell also passes lots of other stuff that you can make a connection with ssh and then use whatever you want over a secure connection.

Technically johnb's access isn't available to the world becuase its a non routable RFC IP address. To access this from anywhere you would need to use the external address, not the internal one....

However, say you are connected internally from .1 to .10
If you type anything you are typing it ON that computer.

lets say your on .10 and ssh'd into .1
If you export the display variable for X from the ssh session
export DISPLAY=102.168.0.10:0.0
then start an X application it will start on your screen becuase it will run on YOUR X server.

even better, if you use gdm as a login manager (technically you can do it with any but gdm is the easiest setup) you can actually start a whole X sesssion on the remote computer but display it on your screen.

You can do the same with telent or the insecure protcols too.

At home on an internal netwrok there is little advantage using ssh over telnet or rsh becuase the requests cannot be passed outside the internal network. However it is good practice to get used to using it by default!

[johnb]

thanks for the correction
johnb

[rickenbacherus]

The company I work for allows http, ftp, cvs, and ssh through the firewall. All of my home boxes (2 desktops & Linux router) run sshd. I can and do use my own network all day from work. Just try putting a windows pc that is unpatched, missing virus definitions or is running some default windows services (rpc) *cough* and your box will be banned from the network. Connect to home with your Linux box through ssh and security couldn't care less.

At work I have a Linux box and a windows box. On windows use Putty or Cygwin to ssh into your Linux boxen.

There is AFAIK no free ssh server for wimpdows.

There is a GUI for ssh:

Code:

apt-get install secpanel

Generate ssh hostkeys:

Code:

    ssh-keygen -b 1024 -t rsa1 -f /etc/ssh/ssh_host_key -N ""
    ssh-keygen -b 1024 -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
    ssh-keygen -b 1024 -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""

Make sshd start on boot:

Code:

update-rc.d ssh defaults

Nifty:

Code:

alias home="ssh -l <username on remote box> 12.345.67.89"

(you can add that to /etc/profile to make it stick across reboot)

[gowator]

thanks for the correction
johnb

It wasn't really a correction. Your explanation was fine its just if someone tried it from an external address it wouldn't work.

If you had tried explaining it in terms of internal/external it would have been a lot less clear. I thought about it, then thought better of it!

[firebyrd10]

wow I wasn't expecting all these replies. Thank you for clearing this up.