DECF Help Files: Security: SSH: Advanced Home > Help Files > Security > SSH > Advanced NOTE: This file is still under construction, and not everything explained here works on the 5101 Etcheverry lab workstations yet. SSH Advanced Tips In this tips file, we will cover two ssh utiliies: ssh-agent and scp Before reading this, read the quickstart file on how to set up your ssh RSA key first: quickstart ssh-agent Ssh-agent is a tool which essentially during the course of a "session" (while you are logged in) holds your authenticated identity for you, so when you ssh to multiple remote hosts, you only have to type your password once. Ssh should only be used when the local machine you are on (e.g. one of the 5101 or 1171 lab workstations, or your home machine with F-Secure) has ssh installed. If you are using F-Secure on a Mac or PC, it should handle all of the functions of ssh-agent for you. If you are using one of the lab workstations, the easiest way to use ssh-agent is through configuration of your startup .xsession files. NOTE: at this point, it is assumed you have a working knowledge of UNIX command line utilities and editors. First, do a "cd ; mv .xsession .xsession-real". Next, create a new file called ".xsession" that looks like the following: ---------8<----BEGIN CUT HERE-------8<--------------------------------- #!/bin/sh if [ -r /usr/local/bin/ssh-agent ]; then exec /usr/local/bin/ssh-agent $HOME/.xsession-real else exec $HOME/.xsession-real fi ---------8<-----END CUT HERE------8<--------------------------------- (do NOT include the dashed lines) Next, do "chmod u+x .xsession" and then open the file ".xsession-real" in your favorite text editor, and somewhere *before* the last line (which probably looks something like "exec xterm..." or "exec fvwm95..."), insert a line that looks like this: /usr/local/bin/ssh-add < /dev/null & And that should be it! Now, when you log in, a password prompting window will pop up. Enter your ssh passphrase, and now until you logout out of that workstation, you can just type "ssh suchandsuch" and never have to type your passphrase (which is long and hard to remember to make sure it is secure, right?) again. Additionally, and machine that you ssh to you will be able to run any X11 application on and it will automatically and securely display on your local machine e.g.: phoebe% ssh euler ... Connected to Euler! euler% xlogo and the xlogo program would display on your screen at phoebe.me. NOTE: At the moment, X11 forwarding (what was just explained) is broken on euler.. it works great on newton though! scp So ssh is great and secure, but what about ftp? If you are constantly needing to move files between two machines, both of which have ssh installed, conside secure copy (scp). It works just like rcp (remote copy), but is encrypted and doesn't require you to have insecure .rhosts files. The general syntax is ([] denotes optional) scp [[user@]host[#port]:]file_to_copy_from    [[user@]host[#port]:]file_or_dir_copy_to For example, You need to move file foo.txt from decf to newton, and are seated at newton. newton% scp decf:foo.txt . Will do it. In other words, it works just like the "cp" command, but for whichever is the remote machine (in that case, decf), you add machinename: before the filename.. You can use paths too newton% scp decf:/etc/motd foo.txt would copy decf's /etc/motd file to the file foo.txt in your current directory on newton.

Comments to consult@newton.berkeley.edu © 1998-2009 UC Regents