This micro-howto will examine, within a decidedly condensed framework, the basic operations of SSH, a secure replacement for telnet, rsh and rlogin, under Unix platforms. SSH is commonly employed to login to and execute shell commands on remote Unix systems. SSH provides multiple authentication schemes and uses strong cryptography.

Most SSH clients also include some variant of scp(1) and/or sftp(1), which enables the transfer of files across the Internet in a secure manner.

Logging into the server

Suppose that your account is hosted on myServer.csoft.net, log in using:

  $ ssh myUsername@myServer.csoft.net

You can also execute a single command on the server:

  # Return the size of the remote ~/www directory is:
  $ ssh myUsername@myServer du -hs ~/www

If the username on your local workstation happens to be the same as your username on the server, you don't need to pass myUsername at all:

  $ ssh myServer.csoft.net

You can also indicate which usernames to use by default for a particular host with a User statement in your local ~/.ssh/config file:

  Host myServer.csoft.net
      User myCsoftUsername
Securely transfering files

Included within OpenSSH is the scp(1) utility, which allows files and directories to be securely transferred to and from the server.

  # Upload
  scp file myUser@myServer
  scp files/* myUser@myServer
  scp file myUser@myServer:renamedFile
  scp -r dir myUser@myServer

  # Download
  scp myUser@myServer:file .
  scp myUser@myServer:files/* .
  scp myUser@myServer:file renamedFile
  scp -r myUser@myServer:dir renamedDir

OpenSSH also provides a classic FTP client interface withsftp(1):

  $ sftp myServer
Public key authentication

Public key authentication may be accomplished via SSH by merely appending your public key to ~/.ssh/authorized_keys on the server.

  # Copy the public key to the server.
  $ scp ~/.ssh/id_ed25519.pub myServer:myWorkstation.pub
  
  # Add the key to the authorized keys database.
  $ ssh myServer cat mykey.pub >> ~/.ssh/authorized_keys

If you don't have any ssh keys in ~/.ssh/id_*.pub, you can generate new ones with ssh-keygen(1):

  $ ssh-keygen -t ed25519
  $ ssh-keygen -t ecdsa

Make sure to select a good passphrase. The ssh-agent(1) program can be used to achieve password-less authentication (ssh-agent attaches to your login session, runs in the background and remembers the passphrases to your keys).

  $ eval `ssh-agent`
  $ ssh-add
Links
  • OpenSSH - Free implementation of the SSH protocol suite