bahattab
07-12-2008, 01:54 AM
How to use SSH
SSH is short for Secure SHell. SSH allows customers direct access to the Linux command line. SSH access on Site5 is disabled by default on all accounts, for internal security purposes. To use SSH with your account, simply click the enable SSH option contained within your Site5 control panel.
By default, all accounts will use the bash (http://wiki.site5.com/Bash) shell.
Freeware SSH Clients and Tools by Platform
Macintosh OSX
Fugu (http://www.versiontracker.com/dyn/moreinfo/macosx/15693)
Son of Fugu (http://www.versiontracker.com/dyn/moreinfo/macosx/28462)
SSH Agent (http://www.versiontracker.com/dyn/moreinfo/macosx/16051)
SSHKeychain (http://www.versiontracker.com/dyn/moreinfo/macosx/20463)
sshfs (http://code.google.com/p/macfuse/wiki/MACFUSE_FS_SSHFS) (ssh file system that fully integrates into the Finder. Requires installation of 1 other package.)
Macintosh OS9
MacSSH (http://www.versiontracker.com/dyn/moreinfo/macos/8913)
Unix/Linux
Nix's Web-based SSH client (http://unix.freshmeat.net/projects/ssh_mgr/?branch_id=67999&release_id=244974)
rssh (http://packages.debian.org/stable/net/rssh)
SecPanel (http://freshmeat.net/projects/secpanel/)
zssh (http://packages.debian.org/stable/net/zssh)
Windows
PuTTY (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)
DataFreeway (http://www.versiontracker.com/dyn/moreinfo/win/35954EngInSite)
Some Of The Most Commonly Used SSH/Shell Commands
Commands,
cd : change directory · ·
cd /usr/local/apache : takes you to /usr/local/apache/ directory.
cd ~ : go to your home directory.
cd - : go to the last directory you were in.
cd .. : go up one directory.
cp : copies a file.
grep : looks for text in files.
ln : create's symbolic links. ln -s foo1 foo2 Creates a symbolic link to foo1 with the name of foo2.
ls : Lists the contents of a directory.
ls -al : shows all files even files that start with a .(dot) permissions, owners, size, and when last modified.
rm : deletes a file.
rm image.jpg: deletes image.jpg will ask for confirmation before deleting.
rm -f image.jpg: deletes image.jpg, will not ask for any confirmation.
rm -rf images/ : deletes the folder images, and all files in it, including subdirectories. DANGEROUS BE CAREFUL WITH THIS COMMAND!!!!!!
tail : like the name implies reads the end of a file.
touch : create an empty file.
touch /home/account_name/public_html/index.html : create an empty file called index.html in the directory /home/account_name/public_html/.
top : see currently running processes and other information like memory and CPU usage with real time updates.
Setup SSH access with SSH keys -- No passwords for login
So, you're tired of putting your password in to SSH to gain access? You ask, "Isn't there a way so that this can be secure but still not require me to input a password?" Indeed, there is a way. That way is using SSH keys and the following will detail how to setup it up.
PuTTY
Setting it up with PuTTY is easy as a few clicks.
Make sure you have all of PuTTY (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)'s applications -- you'll specifically need PuTTY, Pageant, PuTTYgen.
Launch "PuTTYgen"
Click "Generate" button to start the key generation process
Input a comment -- something useful but short
Input a passphrase -- the private key will encrypted and it's important to have a passphrase
If you're sure no will ever get access to your private key, then you can leave the passphrase out. If you do this, however, you may want to put the private key file on a USB flash drive or something external from your computer and in a safe place.
Click the "Save public key" button and save the public key to the desktop -- for easy access
Click the "Save private key" button and save in a safe and secure place -- it's important never to give this key to anyone and do NOT store it on the server.
Login to SSH using your password
Type the following command: nano ~/.ssh/authorized_keys
Open the public key file and copy ALL the contents (Control C)
Go back to PuTTY and right click the mouse -- this will paste the public key in.
Save the file by doing "Control O" and exit nano by doing "Control X"
Logout of SSH
Launch "Pageant"
Click "Add key" button and navigate to the private key file.If you inputted a passphrase, it will ask for it at this point.
Open PuTTY and login to SSH -- It should ask for the user but then it should login using the SSH key.
You're done, congrats! Now if you want to login to multiple accounts using the SSH key, just copy the public key file to the other accounts and login as usual.
http://wiki.site5.com/SSH#Some_Of_The_Most_Commonly_Used_SSH.2FShell_Com mands
SSH
SSH is some kind of an abbreviation of Secure SHell. It is a protocol that allows secure connections between computers. In this tutorial, we'll be dealing with the ssh command on Linux, the OpenSSH version. Most Linux distributions feature the OpenSSH client today, but if you want to be sure, have a look at the SSH manpage on your system. You can do this by typing:
[rechosen@localhost ~]$ man ssh
Note: this should be done in a terminal. This tutorial assumes that you have some basic terminal knowledge, like knowing how to start a terminal session on your system and being familiar with the basic commands and syntaxes.
If it displays something like this
NAME
ssh - OpenSSH SSH client (remote login program)
then you can be quite sure you're running the OpenSSH version. For more background information about SSH, see http://en.wikipedia.org/wiki/SSH.
The most simple case
In the most simple case, you can connect to a server that supports ssh with a syntax as short as this:
[rechosen@localhost ~]$ ssh yourserver
Note: If you do not have any ssh server nearby that you can access, you can also try this command with your own computer as a server. To do this, replace "yourserver" with "localhost".
Of course, yourserver should be replaced by a hostname or an ip address of the server you want to connect to. As you can see in the terminal snippet, I am logged in as rechosen. If you do not specify a username (I'll explain how to do that later in this tutorial), SSH will assume that you want to login with the username you're currently logged in with. So, in this case, SSH will try the username rechosen.
Of course, you need to be sure that the server supports ssh connections. The ssh client tries to connect to port 22 defaultly. This means that, if you want to connect to a remote host with the default settings, you should make sure that, if applicable, port 22 is forwarded to the server you're trying to connect to. You will find more regarding the SSH port further in this tutorial.
Now, back to the command we ran. If the server supports SSH connections and you can reach it by port 22, you should be prompted for a password (if this is the first time you try to connect to the server, ssh will first ask the question if you want to continue connecting, which can generally just be answered with a 'yes'). If you type a password here, you won't see asterisks appearing. Don't panic, this is ssh's normal behaviour.
It makes connecting using ssh even more safe, because any accidental spectators won't be able to see the length of the password. After entering the password, if the username and the password were correct, you should be running a shell on the server.
If not, make sure you are connecting to a server of which you know that you should be able to login with your username and the specified password. You could try connecting to your own computer (see the note beneath the terminal quote) or read on to learn how to specify an other username.
Once you're done trying the ssh shell, you can exit it by pressing Ctrl + D.
Specifying a username
It's actually quite simple to specify a different username. You might even already be familiar with it. See the following example:
[rechosen@localhost ~]$ ssh yourusername@yourserver
The above will make ssh try to connect with the username "yourusername" instead of (in my case) rechosen. This syntax is also used by a lot of other protocols, so it'll always come in handy to know it. By the way, you will still be asked for a password. For security reasons, it is not even possible to directly specify the password in the syntax. You will always be asked interactively, unless you start configuring the server in an advanced way (which is exactly why that topic is out of this tutorials scope: this tutorial documents how to use the clients, not how to configure the server).
Specifying a port
There are many reasons to move the ssh service to an other port. One of them is avoiding brute-force login attempts. Certain hackers try to get access to ssh servers by trying a lot of common usernames with common passwords (think of a user "john" with password "doe").
Although it is very unlikely that these hackers will ever get access to the system, there is an other aspect of the brute-force attacks that you'll generally want to avoid: the system and connection load.
The brute-force attacks usually are done with dozens or even thousands of tries a second, and this unnecessarily slows down the server and takes some bandwidth which could've been used a lot better. By changing the port to a non-default one, the scripts of the hackers will just be refused and most of the bandwidth will be saved.
As the ssh command can't just guess the port, we will have to specify it if it's not the default 22 one. You can do that this way:
[rechosen@localhost ~]$ ssh -p yourport yourusername@yourserver
Of course, you will have to replace "yourport" with the port number. These is an important difference between ssh and scp on this point. I'll explain it further on.
Running a command on the remote server
Sometimes, especially in scripts, you'll want to connect to the remote server, run a single command and then exit again. The ssh command has a nice feature for this. You can just specify the command after the options, username and hostname. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver updatedb
This will make the server update its searching database. Of course, this is a very simple command without arguments. What if you'd want to tell someone about the latest news you read on the web? You might think that the following will give him/her that message:
[rechosen@localhost ~]$ ssh yourusername@yourserver wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"
However, bash will give an error if you run this command:
bash: !": event not found
What happened? Bash (the program behind your shell) tried to interpret the command you wanted to give ssh. This fails because there are exclamation marks in the command, which bash will interpret as special characters that should initiate a bash function.
But we don't want this, we just want bash to give the command to ssh! Well, there's a very simple way to tell bash not to worry about the contents of the command but just pass it on to ssh already: wrapping it in single quotes. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver 'wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"'
The single quotes prevent bash from trying to interpret the command, so ssh receives it unmodified and can send it to the server as it should. Don't forget that the single quotes should be around the whole command, not anywhere else.
http://www.linuxtutorialblog.com/post/ssh-and-scp-howto-tips-tricks
SSH is short for Secure SHell. SSH allows customers direct access to the Linux command line. SSH access on Site5 is disabled by default on all accounts, for internal security purposes. To use SSH with your account, simply click the enable SSH option contained within your Site5 control panel.
By default, all accounts will use the bash (http://wiki.site5.com/Bash) shell.
Freeware SSH Clients and Tools by Platform
Macintosh OSX
Fugu (http://www.versiontracker.com/dyn/moreinfo/macosx/15693)
Son of Fugu (http://www.versiontracker.com/dyn/moreinfo/macosx/28462)
SSH Agent (http://www.versiontracker.com/dyn/moreinfo/macosx/16051)
SSHKeychain (http://www.versiontracker.com/dyn/moreinfo/macosx/20463)
sshfs (http://code.google.com/p/macfuse/wiki/MACFUSE_FS_SSHFS) (ssh file system that fully integrates into the Finder. Requires installation of 1 other package.)
Macintosh OS9
MacSSH (http://www.versiontracker.com/dyn/moreinfo/macos/8913)
Unix/Linux
Nix's Web-based SSH client (http://unix.freshmeat.net/projects/ssh_mgr/?branch_id=67999&release_id=244974)
rssh (http://packages.debian.org/stable/net/rssh)
SecPanel (http://freshmeat.net/projects/secpanel/)
zssh (http://packages.debian.org/stable/net/zssh)
Windows
PuTTY (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)
DataFreeway (http://www.versiontracker.com/dyn/moreinfo/win/35954EngInSite)
Some Of The Most Commonly Used SSH/Shell Commands
Commands,
cd : change directory · ·
cd /usr/local/apache : takes you to /usr/local/apache/ directory.
cd ~ : go to your home directory.
cd - : go to the last directory you were in.
cd .. : go up one directory.
cp : copies a file.
grep : looks for text in files.
ln : create's symbolic links. ln -s foo1 foo2 Creates a symbolic link to foo1 with the name of foo2.
ls : Lists the contents of a directory.
ls -al : shows all files even files that start with a .(dot) permissions, owners, size, and when last modified.
rm : deletes a file.
rm image.jpg: deletes image.jpg will ask for confirmation before deleting.
rm -f image.jpg: deletes image.jpg, will not ask for any confirmation.
rm -rf images/ : deletes the folder images, and all files in it, including subdirectories. DANGEROUS BE CAREFUL WITH THIS COMMAND!!!!!!
tail : like the name implies reads the end of a file.
touch : create an empty file.
touch /home/account_name/public_html/index.html : create an empty file called index.html in the directory /home/account_name/public_html/.
top : see currently running processes and other information like memory and CPU usage with real time updates.
Setup SSH access with SSH keys -- No passwords for login
So, you're tired of putting your password in to SSH to gain access? You ask, "Isn't there a way so that this can be secure but still not require me to input a password?" Indeed, there is a way. That way is using SSH keys and the following will detail how to setup it up.
PuTTY
Setting it up with PuTTY is easy as a few clicks.
Make sure you have all of PuTTY (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)'s applications -- you'll specifically need PuTTY, Pageant, PuTTYgen.
Launch "PuTTYgen"
Click "Generate" button to start the key generation process
Input a comment -- something useful but short
Input a passphrase -- the private key will encrypted and it's important to have a passphrase
If you're sure no will ever get access to your private key, then you can leave the passphrase out. If you do this, however, you may want to put the private key file on a USB flash drive or something external from your computer and in a safe place.
Click the "Save public key" button and save the public key to the desktop -- for easy access
Click the "Save private key" button and save in a safe and secure place -- it's important never to give this key to anyone and do NOT store it on the server.
Login to SSH using your password
Type the following command: nano ~/.ssh/authorized_keys
Open the public key file and copy ALL the contents (Control C)
Go back to PuTTY and right click the mouse -- this will paste the public key in.
Save the file by doing "Control O" and exit nano by doing "Control X"
Logout of SSH
Launch "Pageant"
Click "Add key" button and navigate to the private key file.If you inputted a passphrase, it will ask for it at this point.
Open PuTTY and login to SSH -- It should ask for the user but then it should login using the SSH key.
You're done, congrats! Now if you want to login to multiple accounts using the SSH key, just copy the public key file to the other accounts and login as usual.
http://wiki.site5.com/SSH#Some_Of_The_Most_Commonly_Used_SSH.2FShell_Com mands
SSH
SSH is some kind of an abbreviation of Secure SHell. It is a protocol that allows secure connections between computers. In this tutorial, we'll be dealing with the ssh command on Linux, the OpenSSH version. Most Linux distributions feature the OpenSSH client today, but if you want to be sure, have a look at the SSH manpage on your system. You can do this by typing:
[rechosen@localhost ~]$ man ssh
Note: this should be done in a terminal. This tutorial assumes that you have some basic terminal knowledge, like knowing how to start a terminal session on your system and being familiar with the basic commands and syntaxes.
If it displays something like this
NAME
ssh - OpenSSH SSH client (remote login program)
then you can be quite sure you're running the OpenSSH version. For more background information about SSH, see http://en.wikipedia.org/wiki/SSH.
The most simple case
In the most simple case, you can connect to a server that supports ssh with a syntax as short as this:
[rechosen@localhost ~]$ ssh yourserver
Note: If you do not have any ssh server nearby that you can access, you can also try this command with your own computer as a server. To do this, replace "yourserver" with "localhost".
Of course, yourserver should be replaced by a hostname or an ip address of the server you want to connect to. As you can see in the terminal snippet, I am logged in as rechosen. If you do not specify a username (I'll explain how to do that later in this tutorial), SSH will assume that you want to login with the username you're currently logged in with. So, in this case, SSH will try the username rechosen.
Of course, you need to be sure that the server supports ssh connections. The ssh client tries to connect to port 22 defaultly. This means that, if you want to connect to a remote host with the default settings, you should make sure that, if applicable, port 22 is forwarded to the server you're trying to connect to. You will find more regarding the SSH port further in this tutorial.
Now, back to the command we ran. If the server supports SSH connections and you can reach it by port 22, you should be prompted for a password (if this is the first time you try to connect to the server, ssh will first ask the question if you want to continue connecting, which can generally just be answered with a 'yes'). If you type a password here, you won't see asterisks appearing. Don't panic, this is ssh's normal behaviour.
It makes connecting using ssh even more safe, because any accidental spectators won't be able to see the length of the password. After entering the password, if the username and the password were correct, you should be running a shell on the server.
If not, make sure you are connecting to a server of which you know that you should be able to login with your username and the specified password. You could try connecting to your own computer (see the note beneath the terminal quote) or read on to learn how to specify an other username.
Once you're done trying the ssh shell, you can exit it by pressing Ctrl + D.
Specifying a username
It's actually quite simple to specify a different username. You might even already be familiar with it. See the following example:
[rechosen@localhost ~]$ ssh yourusername@yourserver
The above will make ssh try to connect with the username "yourusername" instead of (in my case) rechosen. This syntax is also used by a lot of other protocols, so it'll always come in handy to know it. By the way, you will still be asked for a password. For security reasons, it is not even possible to directly specify the password in the syntax. You will always be asked interactively, unless you start configuring the server in an advanced way (which is exactly why that topic is out of this tutorials scope: this tutorial documents how to use the clients, not how to configure the server).
Specifying a port
There are many reasons to move the ssh service to an other port. One of them is avoiding brute-force login attempts. Certain hackers try to get access to ssh servers by trying a lot of common usernames with common passwords (think of a user "john" with password "doe").
Although it is very unlikely that these hackers will ever get access to the system, there is an other aspect of the brute-force attacks that you'll generally want to avoid: the system and connection load.
The brute-force attacks usually are done with dozens or even thousands of tries a second, and this unnecessarily slows down the server and takes some bandwidth which could've been used a lot better. By changing the port to a non-default one, the scripts of the hackers will just be refused and most of the bandwidth will be saved.
As the ssh command can't just guess the port, we will have to specify it if it's not the default 22 one. You can do that this way:
[rechosen@localhost ~]$ ssh -p yourport yourusername@yourserver
Of course, you will have to replace "yourport" with the port number. These is an important difference between ssh and scp on this point. I'll explain it further on.
Running a command on the remote server
Sometimes, especially in scripts, you'll want to connect to the remote server, run a single command and then exit again. The ssh command has a nice feature for this. You can just specify the command after the options, username and hostname. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver updatedb
This will make the server update its searching database. Of course, this is a very simple command without arguments. What if you'd want to tell someone about the latest news you read on the web? You might think that the following will give him/her that message:
[rechosen@localhost ~]$ ssh yourusername@yourserver wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"
However, bash will give an error if you run this command:
bash: !": event not found
What happened? Bash (the program behind your shell) tried to interpret the command you wanted to give ssh. This fails because there are exclamation marks in the command, which bash will interpret as special characters that should initiate a bash function.
But we don't want this, we just want bash to give the command to ssh! Well, there's a very simple way to tell bash not to worry about the contents of the command but just pass it on to ssh already: wrapping it in single quotes. Have a look at this:
[rechosen@localhost ~]$ ssh yourusername@yourserver 'wall "Hey, I just found out something great! Have a look at www.examplenewslink.com!"'
The single quotes prevent bash from trying to interpret the command, so ssh receives it unmodified and can send it to the server as it should. Don't forget that the single quotes should be around the whole command, not anywhere else.
http://www.linuxtutorialblog.com/post/ssh-and-scp-howto-tips-tricks