SSH Samples D-PHYS Workstation to D-PHYS Workstation
We have the following machines for our examples:
- berlin - our linux workstation running OpenSSH
- paris - another linux workstation running OpenSSH
Simple login to another machine
beat@berlin:~$ ssh paris beat@paris's password: beat@paris:~$
We type ssh and the destination host on a command prompt of berlin and after typing in our password, we could work on paris.
First time login to another machine
beat@berlin:~$ ssh paris The authenticity of host 'paris (220.127.116.11)' can't be established. RSA1 key fingerprint is 98:3d:f9:34:bc:64:e2:68:00:3f:35:b2:66:e9:20:ee. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'paris,18.104.22.168' (RSA1)
to the list of known hosts. The first time we login to another machine, ssh asks us if the machine specific key should be added to your known_hosts. Every time you login to this machine, ssh will check, if the hostkey of paris has changed and would warn you if this happens. This ensures, that you are connecting to the right machine and that no one has replaced it.
We run now a program which opens an new window:
beat@berlin:~$ ssh -X paris beat@paris's password: password beat@paris:~$ xclock
The window appears automatically on you desktop. You won't need to fiddle around with
$DISPLAY, xhost or MIT-Cookies - just start your program and everything works well. Even more: the whole communication between paris and berlin is encrypted by ssh!
I hear you say "nice thing - but is this all?". No. ssh is also able to do file transfers. There are two programs to copy files:
We get a file from the remote machine:
beat@berlin:~$ scp paris:/path/to/filea /path/to/fileb
We copy a file to the remote machine:
beat@berlin:~$ scp /path/to/fileb paris:/path/to/filea
The syntax of scp is nearly the same as that of the standard cp. You may use relative or absolute paths and additionally you prepend the source or destination host separated with a colon. You may also use wildcards:
beat@berlin:~$ scp paris:file* .
or copy a directory structure:
beat@berlin:~$ scp -r paris:myfiles/ .
sftp is an alternative file transfer through ssh. Everyone familiar of using a command line ftp-client will love it.
beat@berlin:~$ sftp paris sftp> ls -rwxr-xr-x 1 beat dep 40848 Jun 27 09:01 filea -rwxr-xr-x 1 beat dep 40848 Jun 27 09:01 fileb drwxr-xr-x 2 beat dep 512 Jun 27 09:01 myfiles sftp> get filea Fetching /home/beat/filea to filea sftp> put fileb Uploading fileb to /home/beat/fileb sftp> rm filea Removing /home/beat/filea sftp> quit beat@berlin:~$
Users familiar with the concept of UNIX Pipes will love ssh. ssh forwards STDIN, STDOUT and STDERR from and to the target machine. You may use ssh to execute a command on the remote machine and process the output on the local workstation. But see the examples:
beat@berlin:~$ ssh paris ls > filelist
Output of ls is written to the file filelist. Or copy a bunch of files:
beat@berlin:~$ ssh paris "cd /; tar cf - bin" | tar xvf - bin/ bin/ae bin/bash ...
Creating SSH keys
When using ssh a lot, it becomes annoying to type your password each time. Luckily ssh offers authentication based on keys.
Create an SSH key (see Generate a new SSH key).
Because berlin and paris have the same home directory from the file server, you should be now able to login without a password:
beat@berlin:~$ ssh paris Enter passphrase for /home/beat/.ssh/id_ed25519: beat@paris:~$
You are now now longer asked for you password, but for your passphrase to unlock you keys.
Adding your keys to ssh-agent
Add your key to the
ssh-agent (see Use an SSH agent)`:
ssh-add Enter passphrase for /home/beat/.ssh/id_ed25519: Identity added: /home/beat/.ssh/id_ed25519 (beat@berlin)
Now you are able to connect to paris without typing password or passphrase:
beat@berlin:~$ ssh paris beat@paris:~$