WHY should I use SSH -------------------- Ssh uses a pair of public and private keys to identify a specific account. That is the account is specified! Not the machine it is on, nor a specific account name, but the actual account with an "id" private key matching its corrispending public keys! IE: the actual account! It also automatically encrypts all the network traffic between the machines, to prevent network snoopers (even easier for hackers to do). And will set up an encrypted X windows link between the machines. Also, if you try to execute a remote command on a machine it does NOT have authorization to use without a password, it will ask you the password for that machine. SSH and X windows ----------------- On many machines X winodw forwarding is turned off by default. This especially includes PC SSH client programs, like "TerraTerm", or "Putty". All ICT UNIX machines have X11 forwarding turned on by default. Under Unix you can turn it on in a number of ways. * You can add the line "FowardX11=yes" in either your personal ssh config file. "$HOME/.ssh/config" or in the system wide configuration "/etc/ssh/ssh_config" (ask your system administrator). * Alternatively the -X command line option can be added when executing ssh. Refer to the SSH manpage for further information on configuration options. Setup SSH for use without a password ------------------------------------ First you need to give the account FROM which you want login, some identification. On the machine FROM which you use ssh, run the command ssh-keygen -t dsa And just press return after EVERY question. ASIDE: DSA is a public type and method, there are others, like RSA, or a very very old version called RSA1 (version 1 of ssh protocol). DSA is usually enough. This command will generate two files in a ".ssh" sub-directory of your home. These are the two keys forming a private/public key pair. ".ssh/id_dsa" and ".ssh/id_dsa.pub". Now append the public key from the file ".ssh/id_dsa.pub" generated by ssh-keygen into the file ".ssh/authorized_keys" on the machine you would like to login to without a password. This can be done with... ssh dest_host "echo `cat $HOME/.ssh/id_dsa.pub` >> .ssh/authorized_keys" You will need to type in a password for this command to login to the remote 'dest_host', but once done, a password will no longer be required, to go from the machine you generated the public keys on to the dest_host you copied the public part of the key to. In the linux Labs as the home directories are shared across all the machines you can do this with the much simplier command... cp .ssh/id_dsa.pub .ssh/authorized_keys What are these files? --------------------- In the ".ssh" sub-directory of your home... id_dsa Identifies this specific account on the machine you found it. IE: its private key -- this should NEVER be copied or made readable by anyone except you. It should just exist. id_dsa.pub The public identification of this account. Append this to the ".ssh/authorized_keys" file of the destination machine you wish to login to without a password. (See above). authorized_keys A list of which accounts (IE the accounts public key) are allowed to login to this machine without a password. You may have to create this file. It can contain multiple public keys, to give multiple accounts password-less access to this account. known_hosts A list of the "host keys" (the machines own public key) identifing a machine with its machine name. This is much more secure than just the machine "network name" or which DNS which hackers could "fake". The file may or may not exist, and could be empty as the system programmers may have set up a 'system' version of this list. In OpenSSH verison 2 you can also use the files "authorized_keys2" "known_hosts2" as a extra source of this information, on top of those provided by the files above. Permissions ----------- Ssh being a 'secure shell' is very particular about file permissions. It insists that permission are correct. If they are not correct it will not work. At a minimum, your home directory cannot have group or world write permissions, turned on. Also the ".ssh" sub-directory and contents much on have permissions for you the owner, and that you actually ARE the owner. Other How to Use SSH Guides --------------------------- A very complete guide can be found on the web at http://kimmo.suominen.com/docs/ssh/ For details and differences between OpenSSH and the Comercial SSH see http://www.ict.griffith.edu.au/~anthony/info/apps/ssh.hints Using ssh and Xwindows from a PC (via putty (prefered) or terraterm) http://www.ict.griffith.edu.au/~anthony/info/apps/ssh_putty.hints http://www.ict.griffith.edu.au/~anthony/info/apps/ssh_terraterm.hints Key Authentication with OpenSSH http://networking.earthweb.com/netsecur/article/0,,12084_992091,00.html