SSH — Secure Shell

Using ssh and scp

Let’s say you are user ann on host A — for example, dierdorf@dell. You would like to run a command on a different Linux host B as user bob (possibly yourself again — dierdorf@prismnet.com) and see the results on your screen. Perhaps you want to copy a file from one machine/user to another. Once upon a time, the telnet and ftp utilities were used for these purposes, but their use has been deprecated (and sometimes even forbidden) because they are insecure. In today’s security-conscious world, the openssh package provides the tools you need.

Ssh [secure shell] runs a command on another computer, while scp [secure copy] transfers files. Both have “secure” in their name because all communication between the machines — commands, passwords, results, files — is encrypted.

Using Another Computer without Entering a Password

Normally, ssh and scp will ask you for bob’s password every time they are invoked. To bypass this step with Linux (either because you think it’s a nuisance or because you need to have it in a script which runs unattended), you need to set up automatic authentication as follows. This example assumes ann@A wants to avoid passwords when executing as bob@B.

  1. Logon to host A as user ann. From a command line, generate a pair of authentication keys. Do not enter a passphrase.
    ann@A:~> ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ann/.ssh/id_rsa): 
    Created directory '/home/ann/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ann/.ssh/id_rsa.
    Your public key has been saved in /home/ann/.ssh/id_rsa.pub.
    The key fingerprint is:
    3a:4f:0c:79:3a:9f:88:7c:3b:4d:e9:5f:31:ac:97:e2 ann@A
    

    This created (if necessary) directory ~/.ssh and the key files id_rsa and id_rsa.pub.

  2. Now use ssh to create a directory ~/.ssh as user bob on B. (If the directory already exists, the -p option ensures there is no error.)
    ann@A:~> ssh bob@B mkdir -p .ssh
    bob@B's password: 
    
  3. Finally append ann's new public key to bob’s ~/.ssh/authorized_keys file and enter bob's password one last time. (This will create bob’s ~/.ssh/authorized_keys file if it doesn’t exist.)
    ann@A:~> cat .ssh/id_rsa.pub | ssh bob@B 'cat >> .ssh/authorized_keys'
    bob@B's password: 
    
  4. From now on you can logon to B as bob from A as ann (or run a single program) without a password:
    ann@A:~> ssh bob@B
    bob@B:~>...
    
    bob@B:~>exit
    ann@A:~>
    
  5. Once you’ve proved it works, logon to B, change to directory .ssh and make all the files private to you:
    ann@A:~> ssh bob@B
    bob@B:~> cd .ssh
    bob@B:~/.ssh> chmod 700 *
    
  6. Repeat all this in the other direction if you want password-less login from B to A.

Last modified: Tue May 31 17:05:30 CDT 2011