Last Modified: Tuesday, 03-Jan-2006 13:58:20 EST
CORE SSH USER GUIDE
ON THE OUTSIDE TRYING TO GET IN
External telnet access to the CSB core is not available.
At this time access will be allowed utilizing
the Secure Shell client programs. For a brief introduction to Secure
Shell see SSH BASICS.
As of 8 December 2004, SSH version 1 connections are no longer
supported, as version 1 is not secure. Most SSH clients should be version 2
by now.
Contents
What is SSH
How
do I know if I have it
How do I get it
How do I use it
What to expect
What can happen
What is SSH or Secure Shell?
Secure Shell is a suite of programs which provide host authentication
and encrypted sessions between two computers. A brief description
of Secure Shell can be found in the SSH
Basics document on our web site.
How
do I know if the machine I am using has SSH installed?
-
Unix/Linux -- enter the command which ssh If the ssh command
is in your path this command should return its location.
-
Windows -- hopefully there will be an icon on the desktop for the SSH Client
program if not go to the Start button in the lower left corner and from
the pop up menu select Find. Select the C drive and in the dialog
box which pops up enter SSH then click the Find Now button. If it
is installed its location should appear in the window.
-
Macintosh --
- OS X: Open a terminal window and enter the command which ssh.
- Earlier MacOS: From the file menu select Find. In the pop up box enter
ssh in the space provided and click on the Find button. If it is
installed the location should appear in a box.
I don't have it so
how do I get it.
-
Unix/Linux -- Most mainstream Linux versions, as well as sufficiently
up-to-date SGIs, are distributed with SSH version 2 support.
Use the installation tools provided
by the vendor to install the programs. If SSH is not provided you
can download, compile, and install OpenSSH.
-
Windows -- Yale University provides for its community the ssh client program
for free (as of January, 2006), at
http://www.yale.edu/software.
After clicking on access the software catalog and logging in with your
NetID,
select the Windows button, then go to the complete catalog and look for SSH.
If this is for non university use the suite is available from
SSH directly.
-
Macintosh --
- OS X: just like Linux, OpenSSH is included.
- Earlier MacOS: download MacSSH,
as long as you are running OS 7.5.1 or greater! If you want a file transfer utility,
and are running OS 8.1 or greater, download
MacSFTP. Note that
although MacSSH is free, MacSFTP requires a $25 serial number purchase after 15 days.
Now that I got it how
do I use it?
-
Unix/Linux -- enter ssh sage.csb.yale.edu on the command line to start
an interactive session with another host.
-
Windows -- double click on the SSH Client program icon button.
Select Connect... from the File menu.
A dialog box will appear where you enter sage.csb.yale.edu for the hostname,
and your Core username.
-
Macintosh --
- OS X: enter ssh sage.csb.yale.edu in a terminal window.
- Earlier MacOS: double click on the MacSSH program icon, select
Open Connection... from the File menu, and fill
in sage.csb.yale.edu as the hostname in the dialog box which pops up.
What to expect (maybe).
-
The CSB Core SSH Basics page contains
a brief discussion of SSH and its authentication mechanisms along with
a section about using SSH
which contains info on using SSH on Unix/Linux machines.
-
On Windows machines a dialog box will pop up with spaces for entering
hostname and username. After clicking the connect button your machine
establishes a connection with gibbs.
If this is the first time you made a connection to gibbs a dialog box
will pop up asking you if you want to accept the gibbs' public key.
(Host public keys are used for identifying hosts instead of using IP addresses
which is a more secure method. You must decide if the host you are
connected to is indeed gibbs or another computer masquerading as
gibbs.) Your possible choices are to accept and store the key for
later identification, accept the key but not store it and to cancel the
connection because you are not confident the remote host is gibbs.
If you accept the connection another dialog box will pop up and ask for
your password; then a connection is established.
If you have gibbs' public key saved you will not see the host key acceptance
dialog box unless the keys do not match. Keys will not match if we
have done maintenancd on gibbs, requiring us to generate a new key.
They also will not match if someone masquerading as gibbs has hijacked
your network connection. If the keys do not match a box will pop
up informing you the keys do not match and asking you if you want to accept
and save the new key or cancel the connection.
In the initial window which appeared if you select Edit from
the Menu Bar and then select Settings there are numerous parameters
one can set. Under User Keys you can create you own public/private
user key pair to use for authentication. Under Host Keys you can
manage the host public keys from all the hosts you connect to.
A brief discussion of these keys can be found in the SSH
Basics document but you can ignore this part as user keys are not used
by core computers.
-
On the Macintosh when you launch the SSH program a window will appear with
a list of hosts that have been previously entered. If gibbs is not
listed you can click on the add button and provide the information needed
to add it to the table. When you click on the hostname to connect
to a host a dialog box will appear with three choices:
Accept &
Save the host public key to the public key file, Cancel the
connection or Accept Once which will accept the key but not save
it to the public key file. A brief discussion of these keys can be
found in the SSH Basics document.
If gibbs' public key is already in the key file this box will not appear
and if the key does not match the stored key a box will appear telling
you that the key has changed. Keys will not match if we have done
maintenance on gibbs, requiring us to generate a new key. They also
will not match if someone masquerading as gibbs has hijacked your network
connection. Once you select a key option a login pop up box will
appear for logging into gibbs. Once you supply your remote username
and password you are logged into gibbs and things will appear as a normal
telnet session.
What can happen.
-
Unix/Linux -- The section on connection
difficulties in the SSH Basics
document gives a good explanation of connection problems and solutions.
-
Windows -- If ssh is not supported or there is a version conflict with
the remote host a warning box appears telling you that the host can not
be contacted. This can either mean that in fact the host can not
be contacted or that it does not support SSH sessions. If you
can establish a telnet session with it then you can assume SSH is not supported.
If you wish to login using telnet remember your password is traveling across
the internet in plain text form.
-
Macintosh -- If ssh is not supported or there is a version conflict with
the remote host a warning box appears telling you that the connection is
refused. You can then resort to insecure telnet to make the connection
as SSH is not supported on the remote host. A word of warning, telnet
sends your password in clear text across the internet.
Last Modified: Tuesday, 03-Jan-2006 13:58:20 EST