5.3 Secure Shell (SSH)

If you need to connect to Unix or Linux servers, you may be familiar with utilities such as Telnet and FTP. Telnet lets you connect to a command prompt on a machine over the network. The FTP utility transfers files between your machine and a remote server.

If you are using either Telnet or FTP to connect to a sensitive server, but you aren't using a VPN, you're exposing your password to anyone who can access the network you're connected to (perhaps you're on a public network at a wireless hotspot?), the network where the remote server resides, and any network in between.

Anonymous FTP, in which you use your email address as a password, is not a concern. This is because, as the name implies, all remote users are treated as anonymous guests, and, if the remote FTP server is configured properly, are accorded no privileges that could be abused.

If the remote server supports it, you can use the SSH protocol to work with a remote machine's command prompt (replacing Telnet) or securely transfer files using scp or sftp (replacing rcp(1) and FTP).

Mac OS X includes an SSH client and server based on OpenSSH (http://www.openssh.org/). The SSH server can be enabled by checking the Remote Login option in System Preferences Sharing.

You can run the SSH client by typing the command ssh user@hostname in the Terminal application, which is located in /Applications/Utilities, as shown here:

Doris-Computer:~ dori$ ssh dori@as220.org
dori@as220.org's password:  ********
Linux gumzilla 2.2.20 #1 Sat Apr 20 11:45:28 EST 2002 i686 unknown

Copyright (C) 1993-1999 Software in the Public Interest, and others

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Wed Sep 10 16:05:55 2003 from m018f36d0.tmodns.net
dori@gumzilla:~$ cd src
dori@gumzilla:~/src$ ls -l
total 48
drwxr-xr-x    2 dori  dori      4096 Jun  3 03:06 MyDocuments
-rwxr-xr-x    1 dori  dori     15645 Mar 23 15:57 blosxom_2_0_rc2.cgi
-rw-r--r--    1 dori  dori      5572 Apr 25 19:30 blosxom_2_0_rc2.zip
-rwxr-xr-x    1 dori  dori       960 May 14 09:28 newblog
drwxr-xr-x    4 dori  dori      4096 Mar 23 23:29 writeback
-rw-r--r--    1 dori  dori      9199 Mar 24 16:05 writeback.zip
dori@gumzilla:~/src$ logout
Connection to as220.org closed.

You can use scp (secure copy) and sftp (secure FTP) as well. To copy a file with scp, use scp filename user@hostname: path, as in scp secret_document.doc dori@as220.org:MyDocuments/.

To use sftp, specify the user@hostname, and log in with your password. You can then use ftp commands such as put (to upload a file to the server) and get (to download a file from the server):

Doris-Computer:~ dori$ sftp dori@as220.org
Connecting to as220.org...
dori@as220.org's password:  ********
sftp> cd MyDocuments
sftp> put secret_document.doc
secret_document.doc                           100%    0     0.0KB/s   --:-- ETA
sftp> get super_secret.doc
super_secret.doc                              100%    8     0.0KB/s   00:02    
sftp> quit
Doris-Computer:~ dori$

For more information, consult the ssh manpage (run the command man ssh in Terminal).