Secure communications with OpenSSH

This month we take a look at a suite of tools for secure remote administration and file transfers over a network, OpenSSH. When it comes to tasks such as remote administration, the need for security and encrypted communications become obvious.

Included on this month's cover CD are the latest versions of OpenSSL and OpenSSH. The former is a library that provides the encryption features used by OpenSSH and, thus, must be installed before OpenSSH. Once installed, OpenSSH provides three main tools, each of which will be covered in this article:

- ssh, a replacement for rlogin and telnet;

- scp, a replacement for rcp; and

- sftp, a replacement for ftp.All of these tools use strong encryption and other security features to prevent network attacks such as eavesdropping and connection hijacking.

SSH

The most commonly used program in the OpenSSH suite is ssh, which allows you to access another computer through a shell prompt. The encryption provided by ssh protects against an outsider stealing the password used to access the system, among other things. ssh is now the de facto standard for remote administration because of such features.

Accessing a system using ssh is easy, provided that system has an ssh server running (this is included in the OpenSSH package). You will need a username and password on the system to access it. To use ssh to access a remote system, type in a shell:

$ ssh username@server

If this is the first time you are connecting to the server, you will be prompted with:

Host key not found from the list of known hosts.

Are you sure you want to continue connecting (yes/no)?

Typing "yes" should then present you with a password prompt. If authentication is successful, you should be able to use the system as if you were sitting at it locally.

SCP

I find this tool more useful every day. It allows you to copy files across a network remotely, without the need to use a reasonably complicated client such as FTP. As this is part of the OpenSSH suite, all of the data transmitted during the copy is encrypted to prevent people eavesdropping on the transfer. The basic syntax for scp is:

$ scp source_file user@destination:/directory/to/copy/toA number of useful options can be used with the scp command to make copying a large number of files easier. Recursive copying can copy whole directories, and compression can speed up transfers on a slow link such as a modem. To try these features, just add the options "-R" and "-C" to the scp as shown:

$ scp -RC source_directory user@destination:/directory/to/copy/toSFTP This command line file transfer program uses a set of commands similar to those of common FTP programs. Once again, all communications using sftp are encrypted. sftp is particularly useful for manipulating a number of files on a host system. The functionalities of sftp and scp often overlap, so which you decide to use is mostly up to personal preference. Using sftp follows the familiar command syntax:

$ sftp user@destination

PASSWORDLESS SSH

If you've been trying out each of the tools covered in this article, you'll be aware by now that each time you use a command you need to enter your password. While this is a good, if not essential, security feature, there are times when it is perfectly safe to allow ssh to connect between computers without requiring a password. An example of this situation would be two networked computers isolated from a potentially dangerous network such as the Internet, such as a laptop and a desktop.

Setting up passwordless ssh is very easy. You need to tell the computer you want to access without a password and who you are so it can still authenticate you. To do this, generate a public/private key pair by typing in a shell:

$ ssh-keygen

This will create the two keys and save them in '~/.ssh/'. The private key will be called 'identity' while the public key will be called 'identity.pub'. To enable passwordless ssh, copy the public key to the server you want to access. To do this, log into the server and edit the file '~/.ssh/authorized_keys', add the entire contents of the recently created 'identity.pub' file and save the changes. Now you should be able to access the server without a password.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

PC World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?