SSH and SCP Clients for UNIX

Getting Started with OpenSSH

SSH is used to login to a remote machine from your local machine and to execute a command on a remote machine. SCP is use to copy files between a local and a remote machine. SCP should be used instead of ftp.

Using SSH to connect to a remote machine

Use ssh to login your local machine to another machine, or to run a command on a remote machine. For example, to connect to the machine i7.msi.umn.edu, use the following command:

ssh -X i7.msi.umn.edu

or, if you want to use a different login name on the remote machine than on your local machine

ssh -Xl remote-user-name i7.msi.umn.edu

If all goes well, you will be asked to enter your password, and the connection will be established. When you use ssh to connect, the DISPLAY environment variable is automatically set to forward X11 programs to the local machine.

There are several warning messages that you may receive.

You may see something like the following the first time you connect to remote machine from your local machine.
% ssh -X i7.msi.umn.edu Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)?
Type yes. You will then see the following:
Host 'i7' added to the list of known hosts. user@i7's password:
Enter your password. You will then be connected. The next time you connect from your local machine to the same remote machine, you will only need to type the password. (SSH uses a public key encryption algorithm, in which a public and a private keys are used. The above sequence saves the public key on your local machine for future use.)
The next message that you may see indicates that something has changed on the remote machine, which may or may not be a cause for concern.
% ssh -X i7 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >WARNING: HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host key has just been changed. Please contact your system administrator. Add correct host key in /home/msia/user/.ssh/known_hosts to get rid of this message. Agent forwarding is disabled to avoid attacks by corrupted servers. X11 forwarding is disabled to avoid attacks by corrupted servers. Are you sure you want to continue connecting (yes/no)?
This warning message means the ssh key on the remote machine has changed. This could be due to a new version of ssh that was installed, and there is no cause for concern. To eliminate this message, delete the very long line containing the name of the remote machine (in this example i7) from the file .ssh/known_hosts on your local machine and try ssh again. You should get the milder warning message asking you to add the host to the list of known hosts.
This warning message could also mean there are security problems. If you suspect this, please contact your systems administrator, or if you are connecting to an Institute machine, send email to help@msi.umn.edu.

Using SSH to run a command on a remote machine

To run a command on a remote machine, just add a command to the end of the SSHcommand that you use to connect to a remote machine. This command replaces the insecure rsh command. For example, to get a listing of files (ls) on i7.msi.umn.edu,

ssh -X i7.msi.umn.edu ls

or, if you want to use a different login name on the remote machine:

ssh -Xl remote-user-name i7.msi.umn.edu ls

Getting Started with SCP

Use SCP to copy files from one machine to another. SCP replaces rcp, should be used instead of ftp. It also has more flexibility than ftp and can be use to copy directories instead of just files. The general form of SCP is:

scp [[user@]host1:]filename1 [[user@]host2:]filename2

Where filename1 and filename2 can be file or directory names. If your user name is the same on both the local and remote machines, then you do not have to provide the user@. If you are copying from your local machine, you do not have to provide the name of host1. For example, to copy a file called temp.ps from a local machine to i7.msi.umn.edu, use the following command:

scp temp.ps i7.msi.umn.edu:temp.ps

The file temp.ps will be copied to your home directory on i7. If you have a different user name on i7, then specify it as shown below.

scp temp.ps remote-user-name@i7.msi.umn.edu:temp.ps

Using SSH and SCP without entering passwords

To permit a connection (ssh or scp) from a local machine to a remote machine without always typing a password, on the remote machine, create the file ".shosts" in your home that contains the name of the local machine. The permissions on "e;.shosts"e; should be rw for the user and --- for everyone else (The command chmod 600 .shosts will set the permissions correctly). If you have the file ".rhosts", please delete it.

SSH and SCP will use the ssh_know_hosts file. If the local machine is correctly entered in the user's .ssh/known_hosts file, then the connection will be permitted with out a password.

To make this work, you may need to log back in from the remote machine to your local machine. For example, if your local machine is i7.msi.umn.edu and you want to connect to origin.msi.umn.edu, use the following procedure to set up connecting from i7 to origin without a password:

Estiblish an ssh connection to origin:
ssh -X origin.msi.umn.edu
After typing a password and establishing a connection, Add i7.msi.umn.edu to the file "e;.shosts"e; in your home directory.
Extablish an ssh connection back to i7.msi.umn.edu.
ssh -X i7.msi.umn.edu
After typing a password on i7, you can exit from i7.

If you have an account on any of the Institute's machines and have difficulties, please contact help@msi.umn.edu or call (612) 626-0802.