Mar 18, 2012

Linux Tutorial -Using the Secure Shell

Using the Secure Shell  Source:

Secure shell, specially the OpenSSH implementation of secure shell, is an important and valuable tool. This holds true largely because of the security it provides us for common tasks, but also because OpenSSH is so portable, enabling it to function on most modern operating systems. OpenSSH was originally forked from OSSH and developed for the OpenBSD operating system. Since its début in 1999, OpenSSH has been ported to Linux, to other BSD projects and to proprietary operating systems. Chances are if you're reading this from an open source operating system you have an OpenSSH component installed.

What's so important about OpenSSH? It used to be most network services sent their data in plain-text, completely open for anyone to read. While this was fast and convenient (and easy to debug) it wasn't secure. Logging into a remote machine meant sending usernames and passwords over the lines without hiding them in any way and transferring files in the open made it fairly easy to intercept them. OpenSSH encrypts its traffic, preventing people from listening in and gathering your login credentials or copies of any files you're sending over the network.

All of this may sound a bit abstract so I'd like to share a handful of examples of how OpenSSH can be used to communicate with a remote machine. In the following examples I'll be communicating with a remote server named "harold". For these examples to work the remote machine, harold, must be running the OpenSSH server and be able to accept connections on port 22.

Perhaps the most common usage of OpenSSH is logging into a remote machine to run command-line programs. System administrators often perform updates, check logs and change configurations this way. To do this we run

     ssh harold

The above example is secure shell invoked in its most simple form. Should we be connecting to a server where our username is different than our username on the local machine we can use the "-l" option. For example, if we wish to login to the remote machine as the user "susan" we would run

     ssh -l susan harold

In both cases presented above we will be prompted for a password and then given a terminal prompt on harold. When we are finished working on the remote server we can run "exit" to return to working on our local machine.

Another common usage of OpenSSH is the transfer of files between computers. There are two ways to do this. The first is to set up an interactive connection to the remote machine using the sftp command. A sftp session works much the same way as plain FTP, providing an interactive experience, but sftp encrypts the traffic between the machines, including our password. To start a secure file transfer session we use

     sftp harold

Alternatively, if we have a different username on the remote host, we can use

     sftp susan@harold

When using sftp we terminate the secure session using the "quit" command. If you're not familiar with using command line file transfer programs, there are graphical clients, such as gFTP or Filezilla, that make the process more intuitive. Another way to transfer files is with the secure copy command, scp. The scp command works much the same way as the "cp" command line program, but with the ability to work over a network. In the following example we copy a file, test_file.txt, to our home directory on harold.

     scp test_file.txt harold:test_file.txt

As with ssh and sftp we can send data to the remote machine as another user:

     scp test_file.txt susan@harold:test_file.txt

In other instances we may wish to copy files to a remote directory besides our home. In those cases we can specify the directory we want to use after the server name. This example copies our text file to our Work directory on the remote computer:

     scp test_file.txt harold:/home/jesse/Work/

The scp command works the other way too, allowing us to copy remote files to our local machine. In this example we copy a text file from harold and save it in our current working directory.

     scp harold:test_file.txt local_copy.txt

Sometimes administrators find themselves wanting to perform the same commands on multiple remote machines. There is a handy tool called ClusterSSH which will connect to several remote servers and send commands we type once to each machine. Bill Childers has a good tutorial on setting up and using ClusterSSH. I recommend reading it if you find yourself managing multiple machines.

No comments:

Post a Comment