12.3 The Secure ShellThe Secure Shell (SSH) lets you connect to a system from another system via TCP/IP and obtain a shell prompt, from which you can issue commands and view output in a secure fashion. SSH works similarly to Telnet, but differs in that conversations between SSH and its clients are sent in encrypted form so hackers cannot easily discover private information, including user account names and passwords. 12.3.1 Installing SSHThe installation procedure automatically installs an SSH client and server and associates the sshd service with runlevels 3-5. You can start, stop, and restart the sshd service and changes its associations with runlevels by using the Service Configuration Tool. The service must be running in order to respond to clients.
12.3.2 Using SSHTo verify that the SSH server is properly running, you can access it via a client on the local system by issuing the following command: $ ssh localhost The client will attempt to log you on to the local system using your current user account and will prompt you for your password. If you supply the correct password, you should see a shell prompt, indicating that the client and server are functioning correctly. Type exit and press Enter to exit SSH. To log on to a remote system, simply specify the hostname or IP address of the remote system in place of localhost. If you want to log in to a user account other than one named identically to the account you're using on the local system, issue the command: $ ssh userid@host where host is the hostname or IP address of the remote host and userid is the name of the user account you want to use. For example: $ ssh billmccarty@gonzo.apu.edu You can use the SSH client's scp command to transfer files to or from a remote system running an SSH server. To transfer a file to a remote system, issue a command such as this one: $ scp file userid@host:destination where file is the path of the file to be transferred, host is the hostname or IP address of the remote host, destination is the directory to which the file should be transferred, and userid is your user account on the remote system. If given as a relative path, the destination path is understood as being relative to the home directory of the specified user. For example: $ scp rhbook_rev.txt billmccarty@gonzo.apu.edu: files To transfer files to your home directory on the remote system, omit the path argument; however, retain the colon or the command will be misinterpreted. You can specify multiple files to be transferred if you like. You can use shell metacharacters to specify a set of files to be transferred. You can also specify the -r flag, which specifies that scp should recursively copy a directory. For example, the following command copies an entire directory to the remote system: $ scp -r Desktop billmccarty@gonzo.apu.edu: files To transfer files from a remote system, issue a command based on this pattern: $ scp userid@host:file path where host is the hostname or IP address of the remote system, file is the path of the file to be transferred, path is the destination path of the file, and userid is your user account on the remote system. For example: $ scp billmccarty@author.ora.com:/out/ch12.doc files This command would log in the user billmccarty to author.ora.com/out, retrieve the ch12.doc file, and place it in his files directory. SSH also provides the sftp command, which lets you transfer files in much the same way the ftp command does. The command has the following form: $ sftp user@host The command will prompt for the password associated with the specified user account. For example, to transfer files to and from the host author.ora.com, you could issue the following command: $ sftp billmccarty@author.ora.com After establishing a connection to the specified host, the sftp command presents a prompt that lets you enter commands similar to those supported by the ftp command. Use the help command to learn more about the supported commands. 12.3.3 Using a Windows SSH ClientTo
log on to your Linux system from a remote system via SSH, you must
install an SSH client on the remote system. A suitable client for
Windows is Simon Tatham's
PuTTY, available at
http://www.chiark.greenend.org.uk/~sgtatham/putty.
Simply download PuTTY to any convenient
directory (the windows directory is a good
choice). The program doesn't have a setup script;
you can run it by selecting Start Figure 12-6. PuTTY's screen To use PuTTY to connect to a host, specify the following information:
Click Open to make the connection to the specified host. The left pane of PuTTY's screen provides access to several configuration options, such as:
Like most Telnet or FTP clients, PuTTY lets you save configurations so you can quickly connect to often-used hosts. Use the Load, Save, and Delete buttons to manage your list of hosts and associated configurations.
Another useful Windows SSH tool is WinSCP, which provides a user interface resembling that of a graphical FTP client. Figure 12-7 shows a WinSCP session. To learn more about WinSCP or obtain the program, visit http://winscp.vse.cz/eng/. Figure 12-7. The WinSCP SSH client 12.3.4 Protocol TunnelingSSH lets you establish a network connection that you can use as a Virtual Private Network (VPN), so called because traffic flowing over the connection is encrypted and therefore secure from eavesdroppers. This facility is known as protocol tunneling because the data that flows via the connection need not use the standard TCP/IP protocol; for example, the data might be encoded using Novell's IPX protocol. Configuring and troubleshooting a VPN is not a task for a Linux newbie. However, if your Linux skills are growing and you desire a challenge, see The Official Red Hat Linux Security Guide, available at http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/. Also see Virtual Private Networks, by Charlie Scott, Paul Wolfe, and Mike Erwin (O'Reilly & Associates, Inc.).  |
Run and typing