Using SSH To Securely Connect to Math Computing

What is SSH?

SSH stands for Secure SHell. It is intended as a secure replacement for telnet, rsh, rlogin, as well as ftp. SSH also can serve as a secure conduit through which other services can be encrypted.

Do I have to use SSH? What's wrong with telnet?

Yes. Telnet, as well as ftp, rsh and rlogin send passwords and other user information in what is called cleartext. With the right tools, even casual eavesdroppers can grab cleartext information over the network. SSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network- level attacks. SSH1 and SSH2 are installed on all math machines. SSH is an effective replacements for telnet, rsh, rlogin and ftp and therefore these programs have been disabled.

Further information on ssh and how to use it can be found below.

Can I use SSH at home?

Yes! SSH client software is available for installation on home machines and laptops. This is especially important for those with broadband connections such as cable Modem or DSL. Instructions on how to obtain this software can be found below as well.

Obtaining SSH Software

SSH is installed on all workstations on the Math Department network. It also comes pre-installed on all Macintosh computers running Mac OS 10.0 and higher. If you are using Linux or Mac OS X at home, OpenSSH is included, you can access it from the Terminal program.
If you need SSH client software on your Windows computer you can download it from MIT's software download pages by following this link. If you need the certificates, click those links first, otherwise, click the link for Software Downloads. You will need to grab the client software called SecureCRT for command line usage, and to transfer files use SecureFX.

Connecting to a remote machine using SSH

If you are using a computer without ssh installed but have a reasonably recent browser(MS Internet Explorer 4.0 or Netscape 4.0 and above) you can use the ssh web interface below.

Web Interface for SSH Login

If you are away from MIT and you need an SSH client immediately, you can download one from MIT's software download pages by following this link. If you need the certificates, click those links first, otherwise, click the link for Software Downloads. For Windows, you will need to grab the client software called SecureCRT for command line usage, and to transfer files use SecureFX.

SSH can be invoked in the following manner from the command line:

If your username on the remote system is the same as the local system use:

% ssh hostname

ex: % ssh lagrange.mit.edu

If your username on the remote system different than the local system use:

% ssh -l remote_user_name hostname

ex: % ssh -l juser athena.dialup.mit.edu

Using SCP and SFTP to transfer files

SCP and SFTP are also part of the SSH suite of utilities. They can be used to transfer files to and from remote systems securely.

SCP

To use scp to transfer files type the following from the directory from which you wish to transfer the files (Be sure to include the colon at the end of the hostname):

scp filename username@hostname:

ex: scp projectdata1.html joebob@athena.dialup.mit.edu:

or, for whole directories:

scp -r directoryname username@hostname:

scp -r simulations joebob@athena.dialup.mit.edu:

Use scp1 when copying files to Athena.

Conversely, you can also use scp to retrieve files from a remote system. To copy a file from your home directory on another machine to your local home directory use:

scp username@hostname:filename local_directory

ex: scp joebob@athena.dialup.mit.edu:projectdata1.html ~

or, for whole directories:

scp -r username@hostname:directory_name local_directory

scp -r joebob@athena.dialup.mit.edu:simulations ~

For more information on scp, please see the man pages on scp, sftp and ssh.

Windows and Mac users please note: Make sure that SSH instead of telnet is selected or you will be unable to connect.

SFTP

sftp is a secure ftp client that works just like regular ftp except that the information is encrypted. Sftp only works when the location you are trying to connect to has ssh2. If not, you will need to use scp as described above.

sftp username@host

This works when connecting to a computer where your username is different. Otherwise the username can be omitted.

I heard that I can run graphical programs requiring X through ssh and have them appear on my screen as if I was a local user. How does that work?

SSH supports a process called X tunneling. For tunneling to work, both the remote system and the system from which the client is attaching must both be running X. This is usually not a problem for Linux systems, but for Windows and Mac systems, this requires the user to have first installed an X server. For MacOSX users, this is available free from Apple. Click the Apple Menu in the top right corner of the screen, select Software Downloads, and search for X11. For Windows users, download X-Win32 from MIT, using the process described above.

I'm trying to run a program using ssh and I get an error message saying "display not found". How do I fix it?

If you get this message, you executed a command that requires X. If using Emacs, you may prefer to use the non-X compatibility mode. To execute Emacs without requiring X, invoke it with emacs -nw. If you need to run the program with X, you need to first have an X server as described above. Next, both the local machine and the remote machine must have X tunneling support enabled. You may or may not have sufficient priveleges yourself. On the machine you attached to, the ssh server must be set to allow X tunneling. Math Department machines are configured properly for this. On the client end, the ssh client must support X tunneling. This is set in /etc/ssh/ssh_config under linux and MacOSX, and in the preferences menu on SecureCRT. You can temporarily override a disabled client-side X setting by adding the -X flag to ssh, as in ssh -X joebob@server.mit.edu

SSH and Barton Library

One common use of telnet was to get into the library catalogue system.

ssh -l library library

is the new way to get to Barton. One can also, of course, go to the Barton webpage.