|
SSH Overview
|
|
|
SSH is a widely-used suite of remote access programs which provides
authentication (to protect your password) and encryption (to protect
your data). It does not generally use Kerberos, although more recent
versions include this as an option. For general information on SSH,
including mailing lists and FAQs, see the SSH Users Group and
SSH Home Page.
If you have a Java-enabled web browser, you can make an ssh connection
to Athena through http://athena.dialup.mit.edu or
http://express.dialup.mit.edu.
A free Unix version of SSH is available for most platforms from http://www.ssh.org/. Note that ssh2
clients will not currently work on Athena; if ssh1 clients are no longer
available from ssh.org, then you may take the client for your platform
from the crypto locker.
(While the ssh2 server has a compatibility mode which allows ssh1
clients to connect to it, ssh2 clients are not backwards-compatible with
ssh1 servers. There is work underway on integrating OpenSSH into
Athena, which will provide ssh2 and sftp support; this will most likely
be added for Athena 9.1 in summer 2002, but may be made available on the
dialups sooner.)
Mac and PC versions are available from various sources including the
following. Please note that at this writing the Computing Help Desk is
not equipped to offer help with SSH on the level provided for IS supported software.
Maintained or licensed by MIT:
- MindTerm SSH (secure
Java applet for connections to Athena "dialup" pool; for short
sessions, connect to http://express.dialup.mit.edu)
- Nifty Telnet SSH
(free Mac client, includes SCP for file transfers)
- FiSSH
(free, open source Windows client, future versions to be released
by MIT)
- SecureCRT
(Windows95/NT client including zmodem file transfer
capabilities, available to the MIT community courtesy of the
Media Lab)
Others:
Generally, ssh involves users generating public/private key pairs and
using them to authenticate, but the default behavior on Athena is to
use either Kerberos authentication (with forwardable tickets), or
simple password authentication. The reason for this is that
you need to get Kerberos tickets to be able to do things like read
your files and incorporate your mail, and you can't get tickets on the
remote machine without either forwarding them from the machine you're
already logged in to, or typing your password.
If you have forwardable Kerberos tickets on your machine (the default
in Athena 8.2 and later), then ssh will use them to authenticate you
and log you in. If you don't, it will fall back to password
authentication (ssh always encrypts your connection, including any
password you type).
ssh is a secure remote login program, which can be used
in place of regular telnet, or on systems where kerberized telnet is not readily
available.
Example of how to use ssh to login remotely to/from
Athena
You can run X windows applications
remotely from ssh to secure the X connection.
scp is a secure alternative to the regular UNIX rcp
command for copying files between hosts (scp uses ssh for authentication
and data encryption). You can use it between any UNIX host with SSH
installed and the Athena dialups (or a private workstation with
remote-access enabled).
Example
of how to use scp to transfer files to/from Athena.
Most of the SSH clients currently available for Mac and PC do not
include an scp feature (Cygwin for
Windows does include it), but some provide other means for making
secure file transfers:
SecureCRT is a terminal emulation program from Van Dyke
Technologies which includes ssh and has zmodem file transfer
capabilities. The MIT Media Lab has extended its license of this
program client to make it available to the MIT community. To download,
go to the MIT Software
Distribution page (see the License file for instructions on entering
the MIT license data). Once you have downloaded the program and entered
the necessary license information, you'll need to set up a session
profile specifying ssh as the protocol:
- The Connect window may open automaticaly;
otherwise, go to the File menu and select
Connect.
- Right click on Sessions and choose New Session, or click on the 3rd icon.
- In the Session Options window, under Connection set Protocol to ssh1, and
enter either the hostname for a private workstation or
athena.dialup.mit.edu. The other default settings
should be correct.
For more detailed instructions, see the HOWTO file on the download site.
Please keep in mind that Information Systems does not support this
software and these instructions are based on SecureCRT v.3.3.2; Academic Computing has posted this information as a convenience, but we do not have the resources to troubleshoot individual problems.
In order to transfer files see:
Example of how to use SecureCRT for
file transfer
