OpenSSH is an important tool that keeps the communication and transfer of information between machines secure. Not only does it provide a secure alternative to common tools like Telnet, FTP, and RCP, it can also act as a transport protocol for other services like Subversion, X Windows System, and rsync. This article shows you how to get the best out of the main tools provided by OpenSSH.
Was it a slow news day or something so you decided to run an article about SSH!
For crying out loud, can we have an article about how to use a web browser next, or maybe a HOWTO on breathing?
As an IBMer, I can confirm that everyone except for IBM has already gotten the memo about SSH. Before I started at IBM I thought SSH was nearly universal on UNIX-like machines. However, I was wrong. At IBM, only machines with zealous admins support SSH. The rest only support telnet, and that’s what everybody uses. People look at me weird when I tell them I SSH into machines whenever possible. “Why don’t you use telnet?,” they say.
Unfortunately, I think that *was* status quo for alot of commercial UNIX vendors/users. Hopefully it “was” considering recent telnet issues with Solaris.
Nothing ever wrong with a “HowTo” reminding commercial UNIX users about some great open source *nix utilities they may not be familiar with to make life easier (and/or safer).
I would argue that using passwordless key is not exactly the best policy, IMHO. Maybe in a closed environment, but still. I would rather suggest using ssh-agent in such cases.
Honest question: What exactly is ssh-agent doing? I’m using SSH on a few machines, all set up with pubkeys, never came to look at ssh-agent.
It caches the key and lets you use it without entering it’s passphrase anymore (among other things). The downside is that you have to enter the passphrase at least once, so it is not suitable for a situation when the system has to run and reboot totally unattended.
I run my window-manager as a child-process of ssh-agent. At startup, the window-manager runs “ssh-add”, which invokes an X11 program (ssh-askpass) prompting me for my private key’s password. From then on, I can log in to remote hosts using that key, without entering my password anymore (the ssh client programs get the unencrypted key from the ssh-agent via $SSH_AUTH_SOCK). When quitting my window-manager, the ssh-agent also quits and the unencrypted private key is no longer available.
This is a strong combination of ssh-key’s security & convenience.
I’m trying to learn more about the deeper functionality of SSH, and can’t seem to find a whole lot about it other than the stuff this article presents.
For a great tutorial covering the workings of ssh-agent, try Daniel Robbins’ IBM articles on keychain.
http://www-128.ibm.com/developerworks/library/l-keyc.html
This is the technology I’m looking for, wish someone would write a user-friendly article about it. Anyone seen one out there?
What this provides is a vitual network card on the local machine that’s hooked through SSH to another machine. Instead of the complex SSH tunnelling commands, you should be able to access the remote machine with common commands and port numbers. I think that’s what it does, anyway.
http://gentoo-wiki.com/HOWTO_VPN_over_SSH_and_tun
Think I found it, hope it helps someone else out there:
http://www.perturb.org/display/entry/770/
Edited 2007-02-19 11:45
I use OpenVPN, http://openvpn.net, in parallel with and independent of OpenSSH. It’s excellent. I mount disks with NFS across it and access the company-network-only website through it.
I agree with Simo on this. It must have been a slow news day. For a site about OS news you would think it would not be filled with articles about applications and web browsers. I can guarantee that the next version of IE/Opera/Firefox that hits the waves will have its own article here!