SSH

ssh stands for Secure SHell. It allows you to remotely access other computers securely and use them as if you were right in front of them. It also allows for the transferring of files. Commonly, it is installed by default.

If you are still confused after reading this guide, feel free to e-mail me to ask me questions.

Remote access

In its simplest form, you can access a computer by doing: 

ssh remotemachine

This will attempt to connect to the machine and most likely prompt you for the password to log in. It assumes that the username is the same as your username on the computer you are connecting to it with. If it isn't you can specify the username: 

ssh user@remotemachine

remotemachine can be an IP address such as 1.2.3.4, or a domainname such as kernel.org. If it is your own machine, and you only have a global IP address, you can register for a free domainname. Personally, I use DynDNS. If it is a local IP address instead of a global one, you can just put the DNS mapping on your router. If you are behind a NAT, you will also need to forward port 22 to that machine.

ssh, by default, connects you and runs the default shell for that account, typically Bash. If you want to run graphical programs, there is a -X option: 

ssh -X remotemachine
xlogo &

This will automatically set the DISPLAY environment variable and configure it so you can run graphical programs on the server and have them displayed on the client. The second command should display the X server logo on your machine. From here, you can run most graphical programs, though they might be slower for having to transfer all of the graphics over the network.

You can also run commands over ssh in the default shell. 

ssh remotemachine '
  echo 1
  echo 2
'

If you do this, it won't allocate a terminal. That means that you won't be able to run certain programs like screen. If you want to be able to ssh straight into a running screen session, you can do: 

ssh -t remotemachine 'screen -r'

The -t will make ssh allocate a terminal. Then it runs screen -r to reconnect to your existing screen session.

File transfer

A typical ssh installation comes with scp and sftp. scp is made to be like the cp command, but work across different machines, and sftp is made to be like a secure version of ftp. For single files, it is easier to use scp. 

scp file remotemachine:   #Upload to remotemachine
scp remotemachine:file .  #Download from remotemachine

scp copies files to and from a remote machine. If you are not careful and leave out the colon (':') it will copy files on the same machine. Of course, you can specify paths for the local and remote machine as well. 

scp -r dir/ remotemachine:

With -r, scp will copy entire directories instead of just the listed files.

sftp works with an interactive prompt. 

 sftp remotemachine  #Connect to remotemachine
cd path1            #Go to where files are on remote machine
get file1           #Download file 1
lcd path2           #Go to different directory on local machine
put file2           #Upload file 2
bye                 #Quit

You can type help to get a list of the supported commands. This shows the most common.

Scripts

ssh can be used in scripts to automate doing things from one computer to another. Standard in and out are piped through ssh. So, for example, you can copy a whole directory using tar: 

tar c dir/ | ssh remotemachine 'tar x'
ssh remotemachine 'tar c dir/' | tar x

This works by tarring the file to ssh, which sends it to the remotemachine. Then, tar on the remotemachine gets it from standard in, and extracts it. The second does the same thing, but going the other direction.

Often when you are running from a script, you want it to be able to connect to the remote machine automatically, since scripts are used for things that are not interactive, thus interactive entering a password would be inappropriate. This can be accomplished by using an ssh public and private key pair. To generate the keys: 

ssh-keygen -t rsa

It will prompt you where to save it. The defaults should be fine. id_rsa is the private key. You should make a backup of it and keep it secret. id_rsa is the public key. You can freely give it out. To allow the account with the private key to ssh to the account with the public key, add the public key to ~/.ssh/authorized_keys 

cd ~/.ssh
cat id_rsa.pub >> authorized_keys

After doing this, you should be able to ssh to the computer without it requesting a password, thus ssh will work from scripts.

Quoting can also be an issue in scripts. I have made a simple program called BashEscape to allow untrusted arguments to be passed safely. For example: 

ARG="1    2"
ssh remotemachine "`bashescape echo "$ARG"`" # 1   2
ssh remotemachine "echo $ARG"                # 1 2

Of course, this requires BashEscape to be installed on the local machine. Try this command both with and without bashescape and the quotes. With BashEscape, it will print out ARG as it appears with 3 spaces. Without it, it will only print 1 space, because ARG will get retokenized into 2 different parameters.

Sometimes you need to carry out the same or related actions on different machines. To carry out the same command on 4 computers named from c1 to c4 for you can use a BASH for loop: 

for i in c1 c2 c3 c4
{
  ssh "$i" 'cat /proc/uptime'
}

Putting this all together, you can have scripts that can access remote machines automatically, pass parameters, and have them safely executed.

Valid XHTML 1.1 Use any browser Get FireFox Valid CSS