Help Files: SSH: Quickstart SSH2

Home > Help Files > Security > SSH > Quickstart SSH2


SSH: Secure Shell

SSH is a secure replacement for the unix rlogin, rcp, rsh, and telnet utilities. It is also a convenient way to handle logging into multiple machines and forwarding X connections. DECF highly recommends that you use secure shell instead of telnet or rlogin.

There are two different authentication methods through SSH: Password and Passphrase. With Password authentication, you use your normal UNIX password to login. Passphrase authentication works on the public-private key concept. With Passphrase authentication, you create a public/private key on the client (the machine you're ssh'ing FROM) and put the public key on the server (the machine you want to ssh TO).

USING SSH with PASSPHRASE AUTHENTICATION

1) First, set up each machine you are going to use (client) with an ssh key. Note, by "each machine" we mean each seperate disk account. So, for instance, since all of the 5101 lab machines and Newton are the same disk account, you should NOT repeat it for Euler and the lab machines. At the prompt, type: 

  ssh-keygen
and after a few minutes you will be asked for a passphrase. Enter a passphrase, and two new files will be created in ~/.ssh2/ 
  id_dsa_1024_a     # this is your private key
  id_dsa_1024_a.pub # public key
This is how it's usually named. But if you already have keys, the alphabet in the filename will increment (_b, _c, _d, etc)
Repeat this for each disk account.

2) Create the file ~/.ssh2/identification and put in it: 

  IdKey   id_dsa_1024_a

3) Distribute the id_dsa_1024_a.pub among the accounts you intend to ssh to (server). For each account, create the file ~/authorization and put in it: 

  Key     id_dsa_1024_a.pub
Don't forget to copy and paste the id_dsa_1024_a.pub file you created on the clients and put it on the server.

3) Now, when you want to use ssh, just type "ssh hostname" You will be asked for the passphrase and then connected. Any X programs you run on the remote host will be displayed locally.

For more information on setting up ssh, using ssh-agent to avoid having to type in your passphrase each time, and other details, type at the prompt: 

   man ssh

 

Comments to consult@newton.berkeley.edu
© 1998-2009 UC Regents