AE6382

Secure Shell

Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking codes

•Data encryption and compression

•Terminal access to remote computers

•File transfer

•Command execution on remote computers

•Support for port forwarding

AE6382

Secure Shell

•There are currently two versions of the SSH protocol. Version 1 is considered insecure and should not be used unless there is no choice.

•The version to use can be configured on both the client and server systems.

•The protocol implements

•Remote terminal

•Remote file transfer (scp and sftp)

•Remote command execution

The Protocol

AE6382

Secure Shell

•scp is the secure copy operation. It is based on the Unix cp (file copy) program but does so securely across a network.

•sftp is a file transfer loosely based on the standard ftp file transfer program. It is like ftp only in the client interface. It requires the server to specifically support this option.

The Protocol

AE6382

Secure Shell

•There are several implementations of secure shell available both commercial and free.

•A list of available versions can be located at

•http://freessh.org/

•The most common version for use on Windows is PuTTy

•Georgia Tech has a license for the commercial SecureCRT program.

•The most common version for use on Linux is OpenSSH

The Program

AE6382

Secure Shell

•PuTTy is a Windows implementation of the ssh program.

•http://www.chiark.greenend.org.uk/~sgtatham/putty/

•It consists of several programs•putty.exe – the terminal access program

•pscp.exe – the file copy program

•psftp.exe – the ftp-like file transfer program

•plink.exe – the remote command execution program

•pageant.exe – program to handle keys

•puttygen.exe – program to generate keys

Program - PuTTy

AE6382

Secure Shell

•When installing PuTTy place all executables in a directory such as c:\putty or c:\bin

•Place this directory in your path (use System control panel)

Program - PuTTy

AE6382

Secure Shell

•There is a free Windows GUI implementation for file transfer, WinSCP, at

•http://winscp.net/

•It implements both scp and sftp

•A multi-purpose program that implements the ssh/sftp protocol is FileZilla

•http://filezilla.sourceforge.net/

•It also does ftp

The Program

AE6382

Secure Shell

•The OpenSSH program is found at,

•http://www.openssh.org/

•This package implements the client, server, and key generation software

•Intended for BSD, Linux, and Linux systems

•A Windows installation based on Cygwin can be found at

•http://sshwindows.sourceforge.net/

•A Mac OS graphical file transfer version (sftp) is at,

•http://rsug.itd.umich.edu/software/fugu/

The Program

AE6382

Secure Shell

PuTTy Configuration

AE6382

Secure Shell

PuTTy Configuration

AE6382

Secure Shell

PuTTy Configuration

AE6382

Secure Shell

PuTTy Configuration

AE6382

Secure Shell

PuTTy Configuration

Upon first connection the dialog above will appear. A similar dialog will appear if the server’s key has changed. If you accept the server’s identity then press “Yes”.

AE6382

Secure Shell

PuTTy Remote Terminal

A Linux login screen.

AE6382

Secure Shell

PuTTy Remote Terminal

After login.

AE6382

Secure Shell

•pscp source destination

•Source/destination: user@host:path

•Do not use user@host for a local file

•For path use target systems file conventions

•Spaces in path require quoted names

•pscp c:\data\data1.dat gburdell@newton.asdl.ae.gatech.edu:/project/data/

•pscp gburdell@newton:presentation1.ppt presentation1.ppt

File Transfer – PuTTy scp

AE6382

Secure Shell

•psftp server

•Server: user@host:path

•psftp gburdell@newton

•cd /project/data

•put c:\data\data1.dat

•exit

File Transfer – PuTTy sftp

AE6382

Secure Shell

File Transfer – WinSCP

AE6382

Secure Shell

•plink –ssh gburdell@newton ls

•plink –ssh gburdell@newton “cat file”

Remote Command Execution – PuTTy

AE6382

Secure Shell

•An alternative to entering your password is to setup ssh’s public key authentication

•Generate a public/private key pair

•Distribute the public key to servers

•Enable public key authentication in client

Public Keys for SSH Authentication

AE6382

Secure Shell

•Use the puttygen.exe program to generate key pair

Public Keys for SSH Authentication - PuTTy

AE6382

Secure Shell

•Save your key files on local disk, use a pass phrase

•Transfer the public key to the server

•Usually the server is OpenSSH based

•Get a copy of .ssh/authorized_keys from server (scp)

•Open in WordPad

•Paste the key from puttygen into the file

•Place back on server

Public Keys for SSH Authentication - PuTTy

AE6382

Secure Shell

•When public key authentication is used by the client the software will read the private key. To do so it requests the pass-phrase. The PuTTy pageant.exe program, when run at startup, will request the pass-phrase and supply it later when needed.

Public Keys for SSH Authentication - PuTTy

AE6382

Secure Shell

•Makes it possible to make a connection where it is otherwise impossible, for example, through a firewall.

•Requires connecting to an SSH server that has access to the ultimate target system.

•Sets up a proxy-pair on the client and the ssh server to transmit data to the target.

•Only works with TCP ports.

•Creates an encrypted and authenticated tunnel.

Port Forwarding

AE6382

Secure Shell

•The –L option controls port forwarding

•-L local-loopback-addr:local-port:remote-addr:remote-port

Port Forwarding

AE6382

Secure Shell

•Connect to your WinXP computer from a remote WinXP computer.

•Requires an SSH port forwarding to penetrate firewall.

•SSH command to port forward•plink –ssh –L 9000:172.16.4.13:3389 gburdell@asdl.ae.gatech.edu cat -

•Be very careful not to connect to your own system.•plink –ssh –L 3389:172.16.4.13:3389 gburdell@asdl.ae.gatech.edu cat - NO!

•Tutorial on using remote desktop•http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

•For ASDL the external SSH gateway is asdl.ae.gatech.edu

Port Forwarding – Remote Desktop