ssh (secure shell) is used to connect to remote hosts using a secure (encrypted) connection. It is the preferred method for remotely working on Unix machines.
To connect to a remote host, simply type:
ssh hostname
This will attempt to log in using your current user name. To use a different user name for the connection change the command to:
ssh username@hostname
If this is the first time you've connected to the remote host you will see a message similar to this:
The authenticity of host 'hostname' can't be established. DSA key fingerprint is a2:4e:85:08:2c:15:e8:f3:e7:c7:88:8b:23:87:ce:46. Are you sure you want to continue connecting (yes/no)?
This is because the ssh program keeps a record of each new host you connect to, this can then be used to check the authenticity of the machine on future connections. Simply enter yes at this prompt to continue connecting. You should then see the password prompt:
Warning: Permanently added 'hostname' to the list of known hosts. username@hostnames's password:
Enter the correct password and you will be presented with a prompt on the remote system.
With ssh you can 'forward' X11 displays from the remote machine to the one you are working on using the '-X' option. For example, to run the 'xclock' X11 application remotely on finan:
ssh -X username@finan (Enter password when prompted) aidan% xclock
The remote application should then open a new window on your local machine.
Most of the error messages from ssh are self-explanatory, however on occasion you may see this message when connecting to a remote host:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the DSA host key has just been changed.
This means that the remote host looks different to how it did when you first connected to it. This is usually just something benign such as a software upgrade on the remote host, but it could also mean your connection is being interferred with. If you are sure that you want to continue you must remove the local copy of the host key.
This process differs for the two main versions of SSH: OpenSSH (and Sun SSH) or SSH.com's non-commercial client. The default SSH client on both time sharing systems is OpenSSH. This is also the default on Linux and Mac OS X systems.
To find out which version you are using type:
ssh -V
The result of ssh -V for OpenSSH will resemble one
of the following, although the version numbers may differ:
OpenSSH_4.4p1, OpenSSL 0.9.8c 05 Sep 2006 Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
Edit the <homedir>/.ssh/known_hosts file. Find the line that starts with the hostname of the remote host you were trying to connect to and delete it. Save the file and then try reconnecting to the host.
If the known_hosts file contains lines that do not begin
with recognisable hostnames, then your SSH client is "hashing" them as a
security measure. The warning message that you received will include a
line number which corresponds to the host in question: delete this line.
The result of ssh -V for the SSH.com client
will resemble the following, although the version and
machine specification (the bit at the end) may differ:
ssh: SSH Secure Shell 3.1.0 (non-commercial version) on sparc-sun-solaris2.7
The default SSH client on aidan was the SSH.com client until late 2006.
To clear the local copy of the host key, remove the file called <homedir>/.ssh2/key_22_hostname.pub (where 'hostname' corresponds with the hostname of the host you were trying to connect to) and then try reconnecting to the host.