Skip to content

Standard Training: SSH - Secure Shell Login

cryptographic network protocol for, e.g., remote command-line login

Basic Features

Remote Login

ssh: remote login

  • login to remote host using current username (i.e., $USER envirnment variable in Unix-like systems): 

    ssh host

  • login to remote host using specific username (e.g., foo): 

    ssh foo@host
ssh-keygen+ssh-copy-id: password-less login (public-private key pairs)

Be careful not to overwrite your existing ssh keys

  • First check for existing keys 
    ls ~/.ssh
cat ~/.ssh/id_rsa.pub # get unmodified content of the public key (for copying)
# on another machine paste public key in ~/.ssh/authorized_keys for keyless login
  • generate a ssh key pair using RSA cryptosystem 
    ssh-keygen  # continue pressing the enter key to use default settings
ls ~/.ssh   # check the new key pairs

Security Note

  • ~/.ssh/id_rsa: keep it secret (do not share)
  • ~/.ssh/id_rsa.pub share it for remote authentification (see below)
  • install public key to remote server host (please replace host with where you are copying your public key): 
    ssh-copy-id host     # run this on your local computer (not on the remote host)
Underneath the hood (more traditional approach) 
cat ~/.ssh/id_rsa.pub # get unmodified content of the public key (for copying)
# on another machine paste public key in ~/.ssh/authorized_keys for keyless login

Remote File Copy

scp: remote copy over ssh
  • scp works similar to cp and copies file foo from user1@host1 to user2@host2 as bar: 
    scp user1@host1:/path/to/foo user2@host2:/path/to/bar
  • When host and user are not specified they are treated as your localhost and $USER; if a path is not given, the path is assumed to be in the $HOME folder. As an example, to copy a file output from $HOME on cruntch4 back to current directory of the local machine can be done via: 
    scp <euid>@cruntch4.chem.unt.edu:output .
  • To copy, multiple files in one-shot, one can first make a tarball via tar and do scp: 
    tar -cf folder.tar folder/
mv folder.tar ~
scp <euid>@cruntch4.chem.unt.edu:folder.tar .
  • Other remote copying options are: sftp or sshfs. One may also use a GUI to help; see this thread for some options

More Advanced Features (Optional)

~/.ssh/config: custom ssh configurations

To login to hosts with longer name or with a different user id, one can add custom configurations in ~/.ssh/config

  • simplify ssh login to from ssh EUID@cruntch4.chem.unt.edu to ssh cruntch4, one can add the following lines in ~/.ssh/config (replace EUID with your EUID): 
    Host     cruntch4
User     EUID
HostName cruntch4.chem.unt.edu
enable graphical user interface (slow) 
ssh -Y host
ssh (VPN) tunnel

  • build the tunnel with the host and connect to a local port (5000 in this case) 

    ssh -D 5000 -N host     # 5000 is an arbitrary port

  • set up browser proxy to redirect traffic, e.g., when using Firefox change Connection settings to: img

FAQ about SSH

Can I use the same SSH for multiple servers?

Yes, it is generally safe and convenient to do so. Related discussions can be found in this thread and this thread

Reading List