Using SSH to Securely Connect to Math Computing
SSH stands for Secure SHell. It is intended as a secure replacement for telnet, rsh, rlogin, as well as ftp. SSH also can serve as a secure conduit through which other services can be encrypted. In order to connect to a Math Department machine outside of the department, you must use SSH. You may SSH to the following login servers: runge.mit.edu, laurent.mit.edu, and lebesgue.mit.edu.
To access MIT's Athena Server, use the host: athena.dialup.mit.edu
Do I have to use SSH? What's wrong with telnet?
Yes. Telnet, as well as ftp, rsh and rlogin send passwords and other user information in what is called cleartext. With the right tools, even casual eavesdroppers can grab cleartext information over the network. SSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network- level attacks. SSH1 and SSH2 are installed on all math machines. SSH is an effective replacement for telnet, rsh, rlogin and ftp and therefore these programs have been disabled.
Can I use SSH at home?
Yes. SSH client software is available for installation on home machines and laptops. This is especially important for those with broadband connections such as cable Modem or DSL. Instructions on how to obtain this software can be found below.
Obtaining SSH Software
SSH is installed on all workstations on the Math Department network. It also comes pre-installed on all Macintosh computers running Mac OS 10.0 and higher. If you are using Linux or Mac OS X at home, OpenSSH is included and you can access it from the Terminal program.
If you need SSH client software on your Windows computer, you can download it from MIT's software download pages by following this link. If you need the certificates, obtain those first, otherwise, click the link for Software Downloads. You will need the client software called SecureCRT for command line usage and SecureFX to transfer files.
Connecting to a remote machine using SSH
If your username on the remote system is the same as the local system, use this command:
% ssh hostname
example: % ssh runge.mit.edu
If your username on the remote system is different than the local system, use this command:
% ssh username@hostname
example: % ssh email@example.com
Using SCP and SFTP to transfer files
SCP and SFTP are also part of the SSH suite of utilities. They can be used to securely transfer files to and from remote systems. Note: Use SCP1 when copying files to Athena.
To transfer files, type the following command from the directory from which you wish to transfer the files (be sure to include the colon at the end of the hostname):
scp filename username@hostname:
example: scp projectdata1.html firstname.lastname@example.org:
To transfer whole directories, type the following command:
scp -r directoryname username@hostname:
example: scp -r simulations email@example.com:
Conversely, you can also use SCP to retrieve files from a remote system. To copy a file from your home directory on another machine to your local home directory, use the following command:
scp username@hostname:filename local_directory
example: scp firstname.lastname@example.org:projectdata1.html ~
To copy whole directories, use the following command:
scp -r username@hostname:directory_name local_directory
example: scp -r email@example.com:simulations ~
Windows and Mac users please note: Make sure that SSH, instead of telnet, is selected or you will be unable to connect.
SFTP, a secure ftp client, works just like regular ftp except the information is encrypted. SFTP only works when the location you are trying to connect to has SSH. If it doesn't, you will need to use SCP as described above. Use the following command when connecting to a computer where your username is different (otherwise, omit the username):
SSH and Graphical Programs
I heard that I can run graphical programs requiring X through SSH and have them appear on my screen as if I was a local user. How does that work?
SSH supports a process called X tunneling. For tunneling to work, both the remote system and the system from which the client is attaching must both be running X. This is usually not a problem for Linux systems, but for Windows and Mac systems, this requires the user to have installed an X server. For MacOSX users, this is available free from Apple. For Windows users, download X-Win32 from MIT using the process described above.
I'm trying to run a program using SSH and I get an error message saying "display not found". How do I fix this?
If you get this message, you've executed a command that requires X. If using Emacs, you may prefer to use the non-X compatibility mode. To execute Emacs without requiring X, invoke it with emacs -nw. If you need to run the program with X, you need to first have an X server as described above. Next, both the local machine and the remote machine must have X tunneling support enabled. You may or may not have sufficient privileges yourself. On the machine you attached to, the SSH server must be set to allow X tunneling. Math Department machines are configured properly for this. On the client end, the SSH client must support X tunneling. This is set in /etc/ssh/ssh_config under linux and MacOSX, and in the preferences menu on SecureCRT. You can temporarily override a disabled client-side X setting by adding the -X flag to ssh, as in ssh -X firstname.lastname@example.org
You will see this scary looking message if the host key of the server you are attempting to ssh into does not match the host key your local computer remembers it to be. This could mean that the server has been re-installed, or that the host key has been changed for security purposes. This could also mean that someone could be eavesdropping (man-in-the-middle attack) while you are attempting to establish a connection, so it is generally a good idea to contact the department help desk (email@example.com) to double check that we did change the host key. Otherwise, you can override this warning by issuing this command:
ssh-keygen -R hostname