About Secure Shell

   

• We're now going to work with the SP more, so we need to develop better ways of connecting to it.
• Use slogin instead of telnet. It is a lot safer and more functional too.
• How to configure ssh and slogin for connection to the SP:

  1.

  Create a directory .ssh in your $HOME both on the SP and on the Ships machines. That directory must be readable and executable to you only.

  2.

  Issue the command

  $ ssh-keygen
  

  This command will generate your keys for you and will store the result on three files in the .ssh directory:

  identity

  This file contains your own private key. It is not an ASCI file, try cat -v to see what's inside.

  identity.pub

  This file contains your public key. It is an ASCI file and you will use it to add yourself to a file called ~/.ssh/authorized_keys on the SP.

  random_seed

  This is an auxiliary file used by ssh. This file is not an ASCI file.

  3.

  You should now repeat these steps on the SP. Having done that:

  (a)

  transfer the file identity.pub from the Ships cluster to the SP.

  (b)

  append it to ~/.ssh/authorized_keys, e.g.,

  $ cat identity.pub >> ~/.ssh/authorized_keys
  

  4.

  You can now repeat this operation in the opposite direction, i.e., add the contents of identity.pub from the SP to ~/.ssh/authorized_keys on the Ships Cluster.

  5.

  All these files should be readable to you only.

• How to connect to the SP and other systems which you have configured for slogin from the Ships cluster:

  1.

  On the Ships cluster issue the command:

  $ ssh-agent bash
  

  or

  $ ssh-agent tcsh
  

  depending on your personal preference. This will spawn a shell, which will run under the ssh-agent.

  2.

  In that shell issue the command:

  $ ssh-add
  

  You will be asked to type your pass phrase, which you have defined earlier when calling ssh-keygen. This pass phrase can be very long. A nice thing about using ssh-agent is that you only have to type it once.

  3.

  After you have given your pass phrase to ssh-agent thusly, issue the command:

  $ xterm -bg white -ls -sb -sl 300 -n sp20 -T sp20 -e slogin sp20 &
  

  If everything has been set up correctly, you should now get a shell in that xterm that runs on node sp20 of the SP. You will not be asked for a password. Your ssh-agent takes care of that.

• The ssh daemon running on the SP will set up appropriate socket connections, entries in the .Xauthority file, and will define your DISPLAY environmental variable, so that it will point to an appropriate socket. All communication that goes through that socket is encrypted!
  • For example, while in the shell that's been spawned for you by sshd on the SP issue the commands:

    $ xclock &
    $ xterm -bg white -ls -sb -sl 300 -n xterm@sp20 -T xterm@sp20 &
    

    You will see a clock and an xterm appear on your display. The communication between your machine in the laboratory and the SP that is redirected to both windows is encrypted, and cannot be captured easily by network sniffing.
• There is usually a limit imposed on the length of   UNIX passwords, 8 characters normally. You can have a longer password, but most systems will ignore all characters above 8. Ssh lets you have pass phrases as long as you like!
• Although setting up ssh takes a little work, once it's done the system is considerably easier to use than telnet or even rsh. To begin with the DISPLAY environmental variable and the corresponding entries in .Xauthority are set up automatically.