To use ssh1 to login to a computer with the same username:
$ ssh remote.example.org
To use ssh1 to login to a computer with a different username:
$ ssh -l username remote.example.org
To use ssh1 to securely send a command to a remote system:
$ ssh remote.example.org command
You can also define the cipher, turn on compression, define configuration file location, forwarding, and many other things. For more information, check out the ssh1 man page.
To use scp1 to copy a file to a remote system:
$ scp localdir/to/filelocation user@host:/dir/for/file
To use scp1 to copy a remote file to the local system:
$ scp user@host:/dir/for/file localdir/to/filelocation
To keep the file attributes of the source file from the source host, use -p:
$ scp -p user@host:/dir/for/file localdir/to/filelocation
For more information, check out the scp1 man page.
To run the sshd1, just type it on the command line (usually as root, unless you're not running an ssh daemon as root).
# sshd
You can also define the host key files, the configuration files, the port, and the
number of bits in the server key. See the man page for more details.
Note: You can start up sshd in a start-up script on your system.
To put public keys in memory, use ssh-agent. To run it by itself, it will run in the background and load your public key into memory:
$ ssh-agent
If you want to run it with an x-window (like xterm or dtterm), you can run it
like so:
$ ssh-agent xterm &
Here's the man page.
You can add other identities to ssh-agent using ssh-add. You can also list and delete identities with ssh-add (which should have been named ssh-identity manager :-).
To add an identity:
$ ssh-add identityfile
If used without any file defined, it will automatically add the default identification
file. See the man page for more details.
In ssh2, it uses similar syntax that ssh1 uses. To use ssh2 to login to a computer with the same username:
$ ssh2 remote.example.org
To use ssh2 to login to a computer with a different username:
$ ssh2 -l username remote.example.org
To use ssh2 to securely send a command to a remote system:
$ ssh2 remote.example.org command
You can play with more functionality on ssh2 than ssh1 like toggling the forwarding for the authentication agent and X traffic. Note that the options are different from ssh1. For more information, check out the ssh2 man page.
To use scp2 to copy a file to a remote system:
$ scp2 localdir/to/filelocation user@host:/dir/for/file
To use scp2 to copy a remote file to the local system:
$ scp2 user@host:/dir/for/file localdir/to/filelocation
To keep the file attributes of the source file from the source host, use -p:
$ scp2 -p user@host:/dir/for/file localdir/to/filelocation
Also note that scp2 has other functionality such as simulating a smv (secure move) command with the -u option. For more information, check out the scp2 man page.
To run the sshd2, just type it on the command line (usually as root, unless you're not running an ssh daemon as root).
# sshd2
You can also define the host key files, the configuration files, the port, and other options (there is no server key in sshd2). See the man page for more details.
Note: You can start up sshd2 in a start-up script on your system.
To put public keys in memory for SSH2, use ssh-agent2. To run it by itself, it will run in the background and load your public key into memory:
$ ssh-agent2
If you want to run it with an x-window (like xterm or dtterm), you can run it
like so:
$ ssh-agent2 xterm &
Here's the man page.
You can add other identities to ssh-agent2 using ssh-add2. You can also list and delete identities with ssh-add2 (which should have been named ssh-identity2 manager :-).
To add an identity:
$ ssh-add2 identityfile
If used without any file defined, it will automatically add the default identification
file. See the man page for more details.
To transfer data using SSH, use the sftp2 client. The syntax is:
$ sftp2 remoteserver user
The remote server should be running sshd2. See the man page for details.
The central problem of administering ssh is the management of host keys. To allow a client to connect to a remote host with RSA host authentication, the server needs to know the client's public key.
You can collect these automatically each night using either make-ssh-known-hosts.pl (distributed with the ssh source distribution) or with the much faster ssh-keyscan, from ftp://ftp.cs.hut.fi/ssh/contrib/.
With these utilities, you can write scripts to verify public keys on a regular basis. When new machines are running ssh or people have changed public keys, you may want to contact the people in question directly, to make sure there were no man in the middle attacks (to which these utilities are vulnerable).
| Table of contents of this chapter | | General table of contents | | Beginning of this section |