Swarthmore College Department of Computer Science

using ssh and scp

This page provides some basic ssh, scp, sftp help. See our remote access page for more information, including where to get ssh programs for your computer.

ssh is used to securely connect from one machine to another -- for example, from your dorm machine to the cs machines. scp and sftp can be used to transfer files from one machine to another. All of these programs use encryption, to protect your password and any other sensitive information being transmitted across the network.

If you haven't already set up RSA authentication, which is optional (see below), ssh will simply use your regular unix password for authentication. Here is an example of someone using ssh to connect to catnip from a remote machine:

remote$ ssh username@catnip.cs.swarthmore.edu
username@catnip's password: **********
Last login: Mon Jul 29 16:47:43 2002 from foo.net
CATNIP$

If you don't care which lab machine you connect to, just ssh to lab.cs.swarthmore.edu

Here are examples of using scp, and sftp to copy a file from the sccs machines to a cs machine (aleppo):

ALEPPO[jk]$ scp jk@sccs:sizeof.c .
jk@sccs's password: 
sizeof.c        100% |*******************|   901  00:02    
ALEPPO[jk]$ 

ALEPPO[jk]$ sftp sccs
Connecting to sccs...
jk@sccs's password: 
sftp> ls
drwxr-xr-x 11 jk  users   4096 Jul 23 15:28 .
drwxr-xr-x 38 root   root    4096 Aug 20  2001 ..
-rw-r--r--  1 jk  users   3768 Mar 15  1999 .Xdefaults
-rw-r--r--  1 jk  users   4802 Aug  8  2000 .cshrc
-rw-r--r--  1 jk  users    898 Oct  5  1999 .login
-rw-------  1 jk  users    569 Jul 23 15:36 .history
drwxr-xr-x  2 jk  users   4096 Jun 14  2000 .ssh
-rw-r--r--  1 jk  users    901 Nov  9  1999 sizeof.c
drwxr-xr-x  2 jk  users   4096 Mar  8  2001 bin
-rw-------  1 jk  users  13027 Jul 23 15:28 README
sftp> get sizeof.c
Fetching /home/jk/sizeof.c to sizeof.c
sftp> bye
ALEPPO[jk]$ 

rsa and dsa authentication

If you're new to ssh, and want to try using RSA authentication (which is more secure than using your regular unix password), take a look at Getting Started with SSH. It is a really nice page, with good info on setting up RSA authentication keys.

using ssh-agent

Here is some information on setting up ssh-agent. Using this will allow you to enter your password once, and then be able to ssh to other CS clients without having to re-enter it.

Summary:

  • set up RSA keys
  • modify .xsession to use ssh-agent
  • modify .xinitrc to hold all desktop init commands
  • log in on console
  • in any window, run ssh-add (type in RSA passphrase here, once)
  • can now ssh from this machine to other CS machines without password or passphrase
  1. set up your RSA key using ssh-keygen:
    $ ssh-keygen -t rsa
    (accept defaults and type in a good passphrase)
    $ cd .ssh
    $ cp id_rsa.pub authorized_keys
    
    At this point you should be able to test it by sshing to another lab machine. If it asks for and accepts your passphrase, it is working.
    $ ssh oil
    Enter passphrase for key '/home/uname/.ssh/id_rsa': 
    oil$ 
    
    If this works, logout (exit) from oil and do the next steps.

  2. copy your current .xsession to a new file named .xinitrc. Then create a new (executable) .xsession that runs ssh-agent each time you log in on a console (and run an X session). To make this step easier, you can just copy our ssh-agent.xsession file:
    $ cd
    $ cp .xsession .xinitrc
    $ cp /usr/swat/lib/dotfiles/ssh-agent.xsession  .xsession
    
  3. Now try logging in at the console of one of the lab machines. Then, in a terminal window, run ssh-add and type in your new RSA passphrase, like this:
    $ ssh-add 
    Enter passphrase: blah, blah, blah, blah, Ginger.
    
    After this, you should be able to ssh from this machine to any cs lab machine (ex: ssh lemon) without having to re-enter your password or passphrase.
    $ ssh lemon
    lemon$ 
    

using ssh-agent during remote login

If you're remotely logged in (i.e., not at the lab machine console), you can still use ssh-agent. Just have ssh-agent spawn a bash shell, then run ssh-add, then you should be able to ssh without a password or passphrase:

$ ssh-agent bash
$ ssh-add
Enter passphrase for /home/username/.ssh/id_rsa: 
$ ssh lemon
lemon$