AE6382Secure ShellAE6382Secure Shell• Usually referred to as ssh• The name is used for both the program and the protocol• ssh is an extremely versatile network program• data encryption and compression• terminal access to remote host• file transfer• command execution on remote host• port forwarding• For some more detailed examples see •http://wiki.ae.gatech.edu/•http://faq.asdl.ae.gatech.edu/AE6382Secure Shell• There are currently two versions of the SSH protocol. Always use version 2 unless you have no choice.• The version to use can be configured on both the client and server systems.• The protocol implements• remote terminal• remote file transfer (scp and sftp)• remote command executionThe ProtocolAE6382Secure Shell• scp is the secure copy operation. It is based on the Unix cp (file copy) program but does so securely and over a network.• sftp is a file transfer program loosely based on the standard ftp file transfer program.• uses an ftp-like client interface• cannot connect to an ftp serverThe ProtocolAE6382Secure Shell• There are several implementations of secure shell available bothcommercial and free• A list of available versions can be found at•http://freessh.org/The ProgramAE6382Secure Shell• Microsoft Windows• PuTTY• Georgia Tech has a license for the commercial SecureCRT program• Linux/Unix/MacOS• OpenSSH is usually pre-installed• PuTTy is available• knowledge how to compile and install from source is helpfulThe ProgramAE6382Secure Shell• PuTTy is an implementation of the ssh program.•http://www.chiark.greenend.org.uk/~sgtatham/putty/• It consists of these component programs• putty.exe – the terminal access program• pscp.exe – the file copy program• psftp.exe – the ftp-like file transfer program• plink.exe – the remote command execution program• pageant.exe – program to handle key pass-phrases• puttygen.exe – program to generate keysPuTTyAE6382Secure Shell• Windows installation• download all the executables from the web site directly to a folder such as c:\putty or c:\bin, avoid using “Program Files”, there is no elaborate install process• place this directory in your path (see following slide)• open System control panel entry• modify path in the System Variables section (this will allow every user to use it on that computer)• append path, eg, c:\putty to end of list, separate each entry with “;”Installing Windows PuTTyAE6382Secure ShellSetting Windows path for PuTTyAE6382Secure ShellSetting Windows path for PuTTyAE6382Secure Shell• WinSCP is a graphical frontend for performing ssh file file transfers• http://winscp.net/• it implements both scp and sftp, sftp• configure it to use sftp whenever possible• FileZilla is a multi-purpose graphical interface that implements both the ssh/sftp and ftp• http://filezilla.sourceforge.net/Windows GUI Frontends for PuTTyAE6382Secure ShellWinSCP WindowAE6382Secure Shell• The OpenSSH program implements the ssh protocol for Linux, Unix, MacOS, and Windows•http://www.openssh.org/• this package implements the client, server, and key generation software• is pre-installed on most Linux and MacOS systems• Windows installation requires the Cygwin environment• only free ssh server for Windows, http://sshwindows.sourceforge.net/• fugu is a Mac OS graphical interface for sftp, http://rsug.itd.umich.edu/software/fugu/OpenSSHAE6382Secure Shell• PuTTy has numerous configuration options• Session creation• Terminal characteristics• Connection parameters• SSH protocol parameters• In most cases the defaults are sufficient, however special applications of PuTTyrequire knowledge of other settings• The PuTTy documentation at the PuTTy web site is authoritative• The following slides provide a survey of common settingsPuTTy ConfigurationAE6382Secure Shell• When PuTTy is started the window at the right is opened• The Saved Sessions window shows the list of configurations that you have already saved• Press Load to load a saved session into the panel, from there it can be modified• Press Save to save the settings in the registry• The values in Default Settings apply to all new sessionsPuTTy ConfigurationAE6382Secure Shell• Session• Host Name is the true DNS name of the computer to which to connect• Save Sessions shows the name under which to save the session, this is frequently the samePuTTy ConfigurationAE6382Secure Shell• Connection• The null packets setting is used to periodically send empty packets from the client to the server• Some networks will drop TCP connections that have not had any traffic for a period of time• The setting will require some experimentationPuTTy ConfigurationAE6382Secure Shell• Connection / Data• Auto-login username is used to pre-set the username to login with• Environment variables will pre-set values for a Unix environment upon successfully logging inPuTTy ConfigurationAE6382Secure Shell• Connection / Proxy• This panel is used to configure proxy-mediated connections• Most users will never need this• There is one use, the ssh-bounce (later in slide set)PuTTy ConfigurationAE6382Secure Shell• Connection / SSH• This panel and its sub-panels control the SSH options available• Remote command specifies a command to be executed on the remote computerPuTTy ConfigurationAE6382Secure Shell• Connection / SSH item• Protocol options• no shell – setting this will prevent a shell being opened on the server, this is used primarily for tunneling configurations• compression – setting this will compress traffic sent thru the link, this will decrease traffic at the expense of increased CPU usage• version 2 – always use version two (preferably 2 only) unless forced to use version 1 because of an old serverPuTTy ConfigurationAE6382Secure Shell• Connection / SSH / Auth• The configuration shown is normal• PuTTy will attempt to authenticate using key files first, then ask for a password, it expects pageant to be running to be able to use the key files• Agent forwarding makes it possible for downstream ssh connections to refer back to the pageant program to process key authenticationPuTTy ConfigurationAE6382Secure Shell• Connection / SSH / X11• This is useful when connecting to a Unix/Linux system• The Windows system where PuTTy is running must also have an XServerrunning• Not commonly used by Windows clientsPuTTy