#!SUITS

SSH is a program used to connect to remote machines securely. One of its main uses to you will be to login to the School of IT computers from home to access files. You can set up private/public keypairs to allow logins without a password. It also is able to forward TCP tunnels between remote machines for port forwarding. All data is transmitted securely through the encrypted connection.

This page documents the OpenSSH software installed by default on almost all Unix operating systems. Including Linux and Mac OS X. Please see SSH PuTTY for information on using SSH on Windows.

Connecting to a remote host

To connect to a host, say congo1.ug.it.usyd.edu.au on the SIT network, you can type a command like this:
$ ssh user1111@congo1.ug.it.usyd.edu.au

Since the server is in the School of IT, locally the command:

$ ssh user1111@congo1 also works

It is also possible to implicitly specify the username. Eg, if the account you’re logged in to at the moment has the username userXYXY, then typing these two commands are equivalent:

$ ssh userXYXY@host
$ ssh host

You can type exit to end this effect.

SSH Public/Private Keys

Basic Principles

You generate a public/private keypair. The private key, as its name suggests, should remain on your computer, and not be shared with anybody. Your public key can be given to other people. Anybody who has your public key can encrypt a message such that it can only be decrypted using the matching private key. You can trust that this works.

For a more thorough explanation, see the Wikipedia article: Public-Key Cryptography

Generating a public/private key pair

What does this have to do with SSH? Well, for each computer account you have, you create a public/private key pair. Do that with this command:
$ ssh-keygen -t rsa -b 4096
That means create a 4096 bit RSA key. Answer yes to all the prompts. I generally don’t bother setting a passphrase. This will then mean you end up with these two files:

~/.ssh/id_rsa # Private key
~/.ssh/id_rsa.pub # Public key


Using the key pair

You now need to create a file called ~/.ssh/authorized_keys. In this file you put a list of the public keys that are authorised to connect to this account without a password.

Example: On your home machine, create a public/private keypair. Log in to your account on the SIT machines and create a file called
~/.ssh/authorized_keys
You may need to create the directory ~/.ssh first. Note that ~ (tilde) means your home directory. Put the contents of the public key you created on your home machine into the authorized_keys file on the SIT machines.

Now you can connect to the school computers without a password.

SSH Config File

There’s a wonderful file that few people use: ~/.ssh/config

You can look up documentation for it in the manpage ssh_config. Here are some examples of things that can go in there:

# This is a useful rule that lets you log in to congo1 by just typing
# $ ssh congo1
# instead of
# $ ssh userXXXX@congo1.ug.it.usyd.edu.au
Host congo1
    User userXXXX
    HostName congo1.ug.it.usyd.edu.au

# Another useful rule for setting up X11 forwarding
Host ugrad
    HostName congo1.ug.it.usyd.edu.au
    User userXXXX
    ForwardX11 yes


Once you have an alias like congo1setup, this alias can be used in scp too. For example, to copy a file called foo from userXXXX’s home directory into the local /tmp directory:

$ scp congo1:~/foo /tmp/