SSH (Secure Shell) is a tool used to securely login to remote computers from anywhere with an internet connection. All Computer Science students and staff have SSH access to a variety of computers operated by the School of Computer Science, including:
If you are using a machine running Linux, OS X, or some other UNIX varient, then you should already have SSH installed. To confirm that it is installed, open a terminal and enter:
SSH is installed if you see some output like:
If you do not see output, you will have to install SSH yourself.
apt-get install openssh-client)
Windows does not include an SSH client by default, users should install the open-source program called PuTTY.
On Linux/OS X SSH is very easy to use; to connect to our server named
mimi, simply run the command:
You will then be prompted to enter your password. If your credentials are accepted, then you're done; you are now logged in to
mimi and can use the bash shell normally.
Windows users should open PuTTY, then enter
email@example.com as the host name. A terminal will open up where you can enter your password then use the bash shell normally.
To terminate the SSH session, use the command
Connection to mimi.cs.mcgill.ca closed.
A more convenient and secure way to login to a remote computer is to use SSH keys instead of a password.
SSH keys are based on public key cryptography. The basic protocal is as follows:
First, on your local machine, create an ssh key pair:
ssh-keygen -t rsa -C "firstname.lastname@example.org"
It is recommended to use the default settings and use a strong passphrase. The passphrase is used to encrypt the key itself in case it is lost or stolen. There is no way to recover your key if you forget your passphrase.
The keys live in the
ls -l ~/.ssh
-rw-r--r-- 1 demo demo 807 Sep 9 22:15 authorized_keys
-rw------- 1 demo demo 1679 Sep 9 23:13 id_rsa
-rw-r--r-- 1 demo demo 396 Sep 9 23:13 id_rsa.pub
Note that the
id_rsa (private key) file is only readable and writable by the owner. It needs these strict permissions to keep it safe. SSH will reject keys that do not have these permissions. The
id_rsa.pub is the public key that you can share.
authorized_keys is a file used to keep track of the public keys that are able to access this computer.
You can now transfer your public key to the remote server
Which will start an SSH session, once you enter your password, your public key will be transfered to the server. From now on, you won't have to enter your password when loging in over SSH.
When using insecure networks the following will allow you to browse privately
ssh -D 9999 linux.cs.mcgill.ca -l cs_username (or email@example.com)
Remember to point your browser to use the proxy on port 9999
To be able to log in to one of the cs.mcgill.ca lab machines from an MS Windows machine at home and then run applications like Eclipse, xemacs, etc...
Go here and follow the instructions for downloading and installing an X server (Cygwin/X).
To be able to use graphics over ssh while using OpenSSH on a UNIX environment, simply use a command like this:
ssh -X -Y -C host.cs.mcgill.ca
This will tell OpenSSH to use X forwarding so you can run graphical applications remotely.
When you connect to a server for the first time, SSH will prompt you to confirm that you would like to connect to the machine.
Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)?
If you anwser "yes" then it will add the new server to the list of know hosts. This list contains servers that SSH accepts as secure. In the future, SSH will find the server on the list and will not ask you to continue.
Host 'firstname.lastname@example.org' added to the list of known hosts.
Last login: Fri Jan 7 14:23:00 2000 from console
Linux mimi.cs.mcgill.ca 2.2.16 #4 Fri Jun 9 14:06:43 EDT 2000 i686 unknown
ssh email@example.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host key has just been changed. Please contact your system administrator. Add correct host key in /user/abatko/.ssh/known_hosts to get rid of this message. Agent forwarding is disabled to avoid attacks by corrupted servers. X11 forwarding is disabled to avoid attacks by corrupted servers. Are you sure you want to continue connecting (yes/no)?
This means that the identity (or key fingerprint) of the server has changed. Most likely the machine was upgraded...
If you are confident that you are not the subject of a man-in-the-middle attack. Follow the directions in the error statement to remove the old key (inside
~/.ssh/known_hosts) of the machine that you are trying to contact. Remember that the keys are stored in a file within your home directory.
Scp allows you to copy files between coputers.
To copy the file
mimi to the directory you are in on your local computer:
scp firstname.lastname@example.org:foo.txt ./
To copy the file foo.txt in the directory you are in on your local computer to your home folder on mimi:
scp foo.txt email@example.com:
Arguments of note: