ssh
connectionsssh
, secure shell, is the preferred method for accessing a
shell on a remote host over the network on your local terminal.
ssh
has many additional features over the obsolete commands rlogin, rsh, telnet
The primary advantage of ssh is that the local
and remote machines negotiate an encrypted connection before the
user authentication is requested. This way all usernames and
passwords are encrypted on the open network and cannot be
intercepted. Once the connection is established and the user has
logged in, all traffic between the local user's terminal and the
shell on the remote host continues to be encrypted.
|
||||
>> >> ssh kangaroo The authenticity of host 'kangaroo (155.42.21.104)' can't be established. RSA key fingerprint is 8c:7a:4d:bd:f0:f4:0d:43:22:b2:4b:66:1b:26:44:ab. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'kangaroo,155.42.21.104' (RSA) to the list of known hosts. tuckerm@kangaroo's password: Last login: Tue Feb 17 15:53:32 2004 from platypus.lsc.vsc.edu Linux 2.4.24. tuckerm@kangaroo:~> tuckerm@kangaroo:~> exit logout Connection to kangaroo closed. >> |
ssh
followed by the hostname as
the first and
only argument. In the shell above, this was the first connection
that this user made to this particular host, kangaroo.
ssh
notifies that the user that it does not recognise
the encryption keys of this host and requests verification that it
is okay to contine the connection. Once confirmed with
"yes", the remote host prompts for the user's password.
Note that by default ssh assumes that the remote username is the
same as the local username.
|
||||
>> ssh -l metadmin kangaroo metadmin@kangaroo's password: Last login: Wed Jul 2 18:54:05 2003 Linux 2.4.24. metadmin@kangaroo:~$ exit logout Connection to kangaroo closed. >> |
|
||||
>> ssh metadmin@kangaroo metadmin@kangaroo's password: Last login: Wed Jul 2 18:54:05 2003 Linux 2.4.24. metadmin@kangaroo:~$ exit logout Connection to kangaroo closed. >> |
ssh
has the ability
to manage remote X (graphical)
connections as well as shell access. See the following section concerning graphical connections. The network communications of
any X applications are encrypted over the network. This method does
not require that the user make changes to the remote DISPLAY
environment variable nor does it require modifications to the X
access controls with the xhost
command. Not all remote
hosts will have this capability enabled on their ssh server. Also
note that the options to ssh are case sensitive and using the lower
case option "-x" will disable any graphical X
capabilities.
|
||||
>> ssh -X metadmin@kangaroo metadmin@kangaroo's password: Last login: Tue Feb 17 16:48:54 2004 from platypus.lsc.vsc.edu Linux 2.4.24. metadmin@kangaroo:~$ which mozilla /usr/bin/mozilla metadmin@kangaroo:~$ mozilla & [1] 6457 metadmin@kangaroo:~$ metadmin@kangaroo:~$ exit logout Connection to kangaroo closed. >> |
ssh
has the ability
to compress its traffic before
sending across the network. This is similar to the file compression
we covered in the lesson 7 (gzip, compress, bzip2
)
except it is done "on the fly" so that more information can
be tranmitted with less network utilization. This is useful when
connecting over slow networks, such as dialup internet access, or
when pushing a large volume of data over the ssh
connection, such as graphical applications. Not all remote hosts
will support compression depending on how the ssh server is configured.
|
||||
>> >> ssh -C tuckerm@kangaroo ssh -C tuckerm@kangaroo tuckerm@kangaroo's password: Last login: Tue Feb 17 16:43:36 2004 from platypus.lsc.vsc.edu Linux 2.4.24. tuckerm@kangaroo:~> exit logout Connection to kangaroo closed. >> |
|
||||
>> >> ssh -X -C tuckerm@kangaroo tuckerm@kangaroo's password: Last login: Tue Feb 17 17:01:59 2004 from platypus.lsc.vsc.edu Linux 2.4.24. tuckerm@kangaroo:~> tuckerm@kangaroo:~> exit logout Connection to kangaroo closed. >> |
|
||||
>> >> env |grep DISPLAY DISPLAY=localhost:0.0 >> |
xhost
commandxhost
.
|
||||
>> >> xhost access control enabled, only authorized clients can connect >> |
|
||||
>> >> xhost + kangaroo kangaroo being added to access control list >> >> xhost access control enabled, only authorized clients can connect INET:kangaroo >> |
|
||||
>> >> xhost - kangaroo kangaroo being removed from access control list >> >> xhost access control enabled, only authorized clients can connect >> |
xhost +remote_hostname
to allow
the remote machine to use the local
display. Entering xhost commands on the remote shell will not
help you.xclock
from the remote host's shell.xhost +
"
by itself. This leaves the local display open to any remote hosts
without any restriction.