Questions and Answers About SSH
Q: |
Why should I care? I don't have anything of interest.
|
A: |
The user is the single most important part in maintaining a
healthy and secure network because you, through your actions,
effectively determine the security of the _entire_ network.
Or as the old saying goes, "a chain is only as strong as its
weakest link".
Your actions help to prevent: data loss, loss or degradation
of departmental computing resources (e.g, machines having to be
re-installed or being held by subpoena), or potentially exposing
Duke Statistics and/or Duke University to legal action by damaged parties or
the FBI (in extreme cases).
|
Q: |
Are we the only ones out there doing this?
|
A: |
No. There has been a realization by computer professionals at many
of the major US universities that only through encryption can we hope
to keep our networks available. For more information on this, see the
home page of the
Universal SSH
Project.
|
Q: |
If ssh is so great, do I still need a good password?
|
A: |
Yes. Please read the discussion on what constitutes a
good password.
|
Q: |
How do I change my Duke Statistics password?
|
A: |
Using the Unix command
yppasswd .
|
Q: |
Where do I get ssh?
|
A: |
- Unix machines:
- I strongly recommend using OpenSSH
- Favorable licensing (BSD)
- Supports both SSH-1 and SSH-2 (starting with version 2.1.0) protocols
in a single binary
- It is installed as part of the base OS for FreeBSD
- For more info, check out the OpenSSH
FAQ.
- Source code for the commercial or Finland ssh is available for
download from numerous sites, see the canonical
site or
metalab.
It does carry rather onerous license restrictions which led to the formation
of the OpenSSH project.
- SSH is available on all of the Duke Statistics and ACPUB Unix machines
(and all well-administered/supported machines on campus). If
the machine you are using does not have ssh, you should consider
the machine abandoned and not safe to use.
- Win32 machines (Win95, WinNT, Win98):
- TTSSH (free)
- Supports SSH-1 protocol
- Consists of a very good terminal emulator program
teraterm
plus an
ssh client.
- Since the installation can be confusing, I have compiled a list of
installation tips.
- TTSSH supports SSH port forwarding, which can useful for creating
ssh tunnels (e.g. for ftp).
- Putty
(free)
- Supports SSH-1 protocol
- The two useful binaries are:
putty.exe, a stand-alone telnet/ssh client, and
pscp.exe, a command-line only (use from DOS Prompt) scp client.
- Telneat (free)
- Supports both SSH-1 and SSH-2 (in version 3.21) protocols
- SSH32 (free)
- Supports SSH-1 protocol
- SSH32
is a standalone ssh client with lessor terminal handling capabilities than
ttssh albeit more easy to install.
- It requires cryt32.dll, available as part of a cryptography
library,
be installed in the same directory as ssh32.exe.
- The following set of
installation directions,
recommend using a different version of crypt32.dll; however, I was unable
to make it work (this verison of requires that OBJC be installed on your
system) and, therefore, cannot recommend using it.
- SecureShell(tm) (commercial)
- SSH-2 protocol only
- Windows client is free for educational use
- You will have to agree to their
license
- SecureCRT
which is also available for $20.00 through OIT
site license
(for Duke faculty, staff and students only).
-
F-Secure
for Windows by Datafellows (commercial)
- Macintosh:
- NiftyTelnet (free)
-
F-Secure
for Macintosh (commercial)
- See the SSH FAQ for a complete
listing
of SSH clients.
|
Q: |
Where can I get more information on SSH?
|
A: |
I recommend
SSH FAQ
page and for general information try the home of
ssh.
|
Q: |
How do I use ssh to transfer files?
|
A: |
- If you are using Unix, there are two options:
- Use
scp or "secure copy"
- Take advantage of the ability of ssh to do
port forwarding
to set up a "tunneled" ftp session.
- If you are using ttssh for Windows, there are two options:
- Setup port forwarding
for the ftp protocol and use your favorite Windows ftp client.
This requires:
- ttssh version 1.4 or greater (verify using About ttsh under Help menu)
- ftp client capable of passive transfers
- Use the zmodem protocol under the file transfer (untested).
- If you are using
NiftyTelnet
for Macintosh, it includes the scp functionality.
|
Q: |
How do I connect if my username is different on the remote system?
|
A: |
Use additional command-line arguements (flags) for both
ssh and scp. For more detail,
refer to the man pages:
ssh(1) and
scp(1).
|
Q: |
What if I am off in the "boonies" without ssh?
|
A: |
The useful parts of ttssh (for Win32 platforms) will fit on
a 1.44MB floppy.
The clients for Macintosh, Win32 and Unix are freely available for
download all over the planet.
|