Computer Science at Swarthmore College

Using SSH and SCP

This page has some basic ssh, scp, sftp help on it. See also How to Connect to the CS Machines for more information, including where to get ssh programs for your computer.

ssh is used to (securely) connect from one machine to another (for example, from your dorm machine to the cs machines). scp and sftp can be used to transfer files from one machine to another. All of these programs use encryption, to protect your password and any other sensitive information being transmitted across the network.

If you haven't set up DSA authentication, which is optional, ssh will simply use your regular unix password for authentication. Here is an example of someone using ssh to connect to catnip from a remote machine:

remote% ssh username@catnip.cs.swarthmore.edu
username@catnip.cs.swarthmore.edu's password: 
Last login: Mon Jul 29 16:47:43 2002 from foo.net
CATNIP%

If you don't care which lab machine you connect to, just ssh to lab.cs.swarthmore.edu

Below are examples of using scp, and sftp.

ALEPPO[knerr]$ scp knerr@merlin:sizeof.c .
knerr@merlin's password: 
sizeof.c             100% |*****************************|   901       00:00    
ALEPPO[knerr]$

ALEPPO[knerr]$ sftp merlin
Connecting to merlin...
knerr@merlin's password: 
sftp> ls
drwxr-xr-x   11 knerr    users        4096 Jul 23 15:28 .
drwxr-xr-x   38 root     root         4096 Aug 20  2001 ..
-rw-r--r--    1 knerr    users        3768 Mar 15  1999 .Xdefaults
-rw-r--r--    1 knerr    users        4802 Aug  8  2000 .cshrc
-rw-r--r--    1 knerr    users         898 Oct  5  1999 .login
-rw-------    1 knerr    users         569 Jul 23 15:36 .history
drwxr-xr-x    2 knerr    users        4096 Jun 14  2000 .ssh
-rw-r--r--    1 knerr    users         901 Nov  9  1999 sizeof.c
drwxr-xr-x    2 knerr    users        4096 Mar  8  2001 bin
-rw-------    1 knerr    users       13027 Jul 23 15:28 README
sftp> get sizeof.c
Fetching /home/home2/staff/knerr/sizeof.c to sizeof.c
sftp> bye
ALEPPO[knerr]$

If you're new to ssh, and want to try using DSA authentication (which is more secure than using your regular unix password), take a look at Getting Started with SSH. It is a really nice page, with good info on setting up RSA authentication keys. We recommend using DSA keys, instead of RSA keys, but the information is basically the same.

Here is some information on setting up ssh-agent. Using this will allow you to enter your password once, and then be able to ssh to other CS clients without having to re-enter it.

Summary:

set up DSA keys
modify .xsession to use ssh-agent
modify .xinitrc to hold all desktop init commands
log in on console
in any window, run ssh-add (type in DSA passphrase here, once)
can now ssh from this machine to other CS machines without password or passphrase

1. set up DSA keys

% ssh-keygen -t dsa
(accept defaults, and type in a good passphrase)
% cd .ssh
% cp id_dsa.pub authorized_keys2
% ssh oil
(just to see if you can log in with your DSA passphrase)


2. copy current .xsession to .xinitrc, and create a new (executable) 
   .xsession with this in it:

#!/bin/sh
#
# .xsession file
#

echo $PATH | grep "/usr/local/bin" > /dev/null 2>&1
if [ $? -ne 0  ] ; then   
  PATH="$PATH:/usr/local/bin"
  export PATH
fi

# ssh-agent stuff
if [ -d $HOME/.ssh ] && [ -d /usr/local/bin ]
then 
  EXEC="exec ssh-agent"
else 
  EXEC="exec"
fi
if [ -x $HOME/.xinitrc ]
then $EXEC $HOME/.xinitrc
else $EXEC xterm -geometry 80x24+0-60 -ls
fi

3. Try logging in on one of the client consoles.  Then in any window,
   run ssh-add and give it your DSA passphrase.

% ssh-add /home/knerr/.ssh/id_dsa
Enter passphrase: blah, blah, blah, blah, Ginger.

   After this, I can ssh from this machine to any cs client
   without having to re-enter my password or passphrase.

4. I tie the above ssh-add command to the F4 key with this in my .fvwm2rc:

Key F4 A N Exec exec /usr/bin/ssh-add /home/knerr/.ssh/id_dsa