Notes: Unix Lab 09

  1. ssh connections
  2. remote X connections

  1. ssh connections

    ssh, secure shell, is the preferred method for accessing a shell on a remote host over the network on your local terminal. ssh has many additional features over the obsolete commands rlogin, rsh, telnet The primary advantage of ssh is that the local and remote machines negotiate an encrypted connection before the user authentication is requested. This way all usernames and passwords are encrypted on the open network and cannot be intercepted. Once the connection is established and the user has logged in, all traffic between the local user's terminal and the shell on the remote host continues to be encrypted.
    • Typical ssh connection:
       
        
      >>
      >> ssh kangaroo
      The authenticity of host 'kangaroo (155.42.21.104)' can't be established.
      RSA key fingerprint is 8c:7a:4d:bd:f0:f4:0d:43:22:b2:4b:66:1b:26:44:ab.
      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added 'kangaroo,155.42.21.104' (RSA) to the list of known hosts.
      tuckerm@kangaroo's password:
      Last login: Tue Feb 17 15:53:32 2004 from platypus.lsc.vsc.edu
      Linux 2.4.24.
      tuckerm@kangaroo:~>
      tuckerm@kangaroo:~> exit
      logout
      Connection to kangaroo closed.
      >>
      
      The command is simply ssh followed by the hostname as the first and only argument. In the shell above, this was the first connection that this user made to this particular host, kangaroo. ssh notifies that the user that it does not recognise the encryption keys of this host and requests verification that it is okay to contine the connection. Once confirmed with "yes", the remote host prompts for the user's password. Note that by default ssh assumes that the remote username is the same as the local username.

    • If you wish to connect to a remote host with a username different from that which you are currently logged in under on the local host, you may use ssh with the "-l" option:
       
        
      >> ssh -l metadmin kangaroo
      metadmin@kangaroo's password:
      Last login: Wed Jul  2 18:54:05 2003
      Linux 2.4.24.
      metadmin@kangaroo:~$ exit
      logout
      Connection to kangaroo closed.
      >>
      

    • Another syntax for logging in under a different username:
       
        
      >> ssh metadmin@kangaroo
      metadmin@kangaroo's password:
      Last login: Wed Jul  2 18:54:05 2003
      Linux 2.4.24.
      metadmin@kangaroo:~$ exit
      logout
      Connection to kangaroo closed.
      >>
      

    • With the "-X" option ssh has the ability to manage remote X (graphical) connections as well as shell access. See the following section concerning graphical connections. The network communications of any X applications are encrypted over the network. This method does not require that the user make changes to the remote DISPLAY environment variable nor does it require modifications to the X access controls with the xhost command. Not all remote hosts will have this capability enabled on their ssh server. Also note that the options to ssh are case sensitive and using the lower case option "-x" will disable any graphical X capabilities.
       
        
      >> ssh -X metadmin@kangaroo
      metadmin@kangaroo's password:
      Last login: Tue Feb 17 16:48:54 2004 from platypus.lsc.vsc.edu
      Linux 2.4.24.
      metadmin@kangaroo:~$ which mozilla
      /usr/bin/mozilla
      metadmin@kangaroo:~$ mozilla &
      [1] 6457
      metadmin@kangaroo:~$
      metadmin@kangaroo:~$ exit
      logout
      Connection to kangaroo closed.
      >>
      

    • With the "-C" option, ssh has the ability to compress its traffic before sending across the network. This is similar to the file compression we covered in the lesson 7 (gzip, compress, bzip2) except it is done "on the fly" so that more information can be tranmitted with less network utilization. This is useful when connecting over slow networks, such as dialup internet access, or when pushing a large volume of data over the ssh connection, such as graphical applications. Not all remote hosts will support compression depending on how the ssh server is configured.
       
        
      >>
      >> ssh -C tuckerm@kangaroo
      ssh -C tuckerm@kangaroo
      tuckerm@kangaroo's password:
      Last login: Tue Feb 17 16:43:36 2004 from platypus.lsc.vsc.edu
      Linux 2.4.24.
      tuckerm@kangaroo:~> exit
      logout
      Connection to kangaroo closed.
      >>
      

    • The graphical X forwarding option can be combined with the compression option:
       
        
      >>
      >> ssh -X -C tuckerm@kangaroo
      tuckerm@kangaroo's password:
      Last login: Tue Feb 17 17:01:59 2004 from platypus.lsc.vsc.edu
      Linux 2.4.24.
      tuckerm@kangaroo:~>
      tuckerm@kangaroo:~> exit
      logout
      Connection to kangaroo closed.
      >>
      
  2. Remote X connections

    The graphical environment used with most Unix systems is called the X window system. It allows the graphics to be displayed across the network. The shell on any host knows where to display its graphics by the environment variable DISPLAY.
    • DISPLAY syntax:
       
        
      >>  
      >>  env |grep DISPLAY
      DISPLAY=localhost:0.0
      >>
      

      The value for DISPLAY is the hostname that you want the graphical display to be rendered. The display number is separated from the hostname by the colon ":". It is generally two numbers separated by a period. The first number is the display number, the second number is the "screen" number which is used when there are multiple screens on the same display. In the example above, the display is on the local machine "localhost", display number 0 and screen number 0.

    • The xhost command
      The X "server" is the software that manages the graphics on the local machine. It has its own method of ensuring that others cannot display programs on the graphics device without specific permissions. The command that manages this is xhost.

       
        
      >>
      >> xhost
      access control enabled, only authorized clients can connect
      >>
      

      The above command, without arguments, shows the current state of the access controls. In this situation, no remote hosts can display graphical programs on the current xserver.

    • Adding host access
       
        
      >>
      >> xhost + kangaroo
      kangaroo being added to access control list
      >>
      >> xhost
      access control enabled, only authorized clients can connect
      INET:kangaroo
      >>
      

      The above command adds kangaroo to the list of authorized clients that can display graphics to the local display. Entering "xhost" by itself shows the current state of the access controls with the host kangaroo given acces to the display.

    • Removing host access
       
        
      >>
      >> xhost - kangaroo
      kangaroo being removed from access control list
      >>
      >> xhost
      access control enabled, only authorized clients can connect
      >>
      
      To remove access to the local display the above command "xhost - hostname" is used. Again, the xhost command is used to show the current access controls (with no hosts being allowed access).

    • Summary - putting it all together
      To enable remote X connections you will generally need to do the following steps:
      1. Using a shell on the current machine, NOT the remote shell, use xhost +remote_hostname to allow the remote machine to use the local display. Entering xhost commands on the remote shell will not help you.
      2. Connect the the remote host using rlogin, telnet or ssh.
      3. Set the display variable in the remote shell to direct to the X display on your current machine.
      4. Test the remote X connection by starting a simple application such as xclock from the remote host's shell.
      Note: do NOT use the command "xhost +" by itself. This leaves the local display open to any remote hosts without any restriction.