The Secure Shell (SSH) lets you connect to a system from another system via TCP/IP and obtain a shell prompt, from which you can issue commands and view output in a secure fashion. SSH works similarly to Telnet, but differs in that conversations between SSH and its clients are sent in encrypted form so hackers cannot easily discover private information, including user account names and passwords.
The installation procedure automatically installs an SSH client and server and associates the sshd service with runlevels 3-5. You can start, stop, and restart the sshd service and changes its associations with runlevels by using the Service Configuration Tool. The service must be running in order to respond to clients.
To verify that the SSH server is properly running, you can access it via a client on the local system by issuing the following command:
$ ssh localhost
The client will attempt to log you on to the local system using your current user account and will prompt you for your password. If you supply the correct password, you should see a shell prompt, indicating that the client and server are functioning correctly. Type exit and press Enter to exit SSH.
To log on to a remote system, simply specify the hostname or IP address of the remote system in place of localhost. If you want to log in to a user account other than one named identically to the account you're using on the local system, issue the command:
$ ssh userid@host
where host is the hostname or IP address of the remote host and userid is the name of the user account you want to use. For example:
$ ssh email@example.com
You can use the SSH client's scp command to transfer files to or from a remote system running an SSH server. To transfer a file to a remote system, issue a command such as this one:
$ scp file userid@host:destination
where file is the path of the file to be transferred, host is the hostname or IP address of the remote host, destination is the directory to which the file should be transferred, and userid is your user account on the remote system. If given as a relative path, the destination path is understood as being relative to the home directory of the specified user. For example:
$ scp rhbook_rev.txt firstname.lastname@example.org: files
To transfer files to your home directory on the remote system, omit the path argument; however, retain the colon or the command will be misinterpreted.
You can specify multiple files to be transferred if you like. You can use shell metacharacters to specify a set of files to be transferred. You can also specify the -r flag, which specifies that scp should recursively copy a directory. For example, the following command copies an entire directory to the remote system:
$ scp -r Desktop email@example.com: files
To transfer files from a remote system, issue a command based on this pattern:
$ scp userid@host:file path
where host is the hostname or IP address of the remote system, file is the path of the file to be transferred, path is the destination path of the file, and userid is your user account on the remote system. For example:
$ scp firstname.lastname@example.org:/out/ch12.doc files
This command would log in the user billmccarty to author.ora.com/out, retrieve the ch12.doc file, and place it in his files directory.
SSH also provides the sftp command, which lets you transfer files in much the same way the ftp command does. The command has the following form:
$ sftp user@host
The command will prompt for the password associated with the specified user account. For example, to transfer files to and from the host author.ora.com, you could issue the following command:
$ sftp email@example.com
After establishing a connection to the specified host, the sftp command presents a prompt that lets you enter commands similar to those supported by the ftp command. Use the help command to learn more about the supported commands.
To log on to your Linux system from a remote system via SSH, you must install an SSH client on the remote system. A suitable client for Windows is Simon Tatham's PuTTY, available at http://www.chiark.greenend.org.uk/~sgtatham/putty. Simply download PuTTY to any convenient directory (the windows directory is a good choice). The program doesn't have a setup script; you can run it by selecting Start Run and typing putty; if the directory in which PuTTY resides is not on the execution path, you must type the drive, path, and filename. Alternatively, you can create a shortcut that spares you the trouble. Figure 12-6 shows PuTTY's main screen.
To use PuTTY to connect to a host, specify the following information:
The hostname or IP address of the SSH server.
You should select SSH. This causes PuTTY to automatically select port 22, the default SSH port. If the SSH server listens on a different port, specify the nonstandard port by using the Port text box.
Click Open to make the connection to the specified host.
The left pane of PuTTY's screen provides access to several configuration options, such as:
Selection, copy, and paste options
Like most Telnet or FTP clients, PuTTY lets you save configurations so you can quickly connect to often-used hosts. Use the Load, Save, and Delete buttons to manage your list of hosts and associated configurations.
Another useful Windows SSH tool is WinSCP, which provides a user interface resembling that of a graphical FTP client. Figure 12-7 shows a WinSCP session. To learn more about WinSCP or obtain the program, visit http://winscp.vse.cz/eng/.
SSH lets you establish a network connection that you can use as a Virtual Private Network (VPN), so called because traffic flowing over the connection is encrypted and therefore secure from eavesdroppers. This facility is known as protocol tunneling because the data that flows via the connection need not use the standard TCP/IP protocol; for example, the data might be encoded using Novell's IPX protocol.
Configuring and troubleshooting a VPN is not a task for a Linux newbie. However, if your Linux skills are growing and you desire a challenge, see The Official Red Hat Linux Security Guide, available at http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/. Also see Virtual Private Networks, by Charlie Scott, Paul Wolfe, and Mike Erwin (O'Reilly & Associates, Inc.).