This module goes over how to remotely connect to a computer using ssh and transfer files between the two.
Secure shell (ssh) is a secure way to attach to a server that is encrypted. It allows you to remotely connect to a secure shell server (sshd) running on a computer and interact with the login users shell, whether that is sh, ksh, bash, zsh etc… Some other tools are provided such as secure copy (scp) and a secure file transfer program (sftp), which allow you to transfer files securely.
Commands | Description |
---|---|
ssh |
Secure shell for remotely logining into a computer |
scp |
A secure cp, functions like cp |
sftp |
A secure ftp client |
Ssh is a convienent tool to connect to servers. If you have a known user account with a password you can log in using ssh,
$ ssh user@example.com
Password:
example.com $
You can now use commands learned previously on the remote computer! Your prompt will vary depending on the prompt settings and hostname of the remote computer. man ssh
as there are many useful options, such as -p
, -X
or -Y
.
A useful trick is to combine ssh
with tar
, e.g., if you want to tar some files and send it accross,
$ ls ~/work
readme.md script.py data.csv
$ tar czf - ~/work | ssh user@example.com "cat > ~/archive.tar.gz"
Password:
$ ssh user@example.com
example.com $ ls
archive.tar.gz
Or the reverse!
$ ssh user@example.com tar czf - /home/user/work > archive.tar.gz
Password:
$ ls
archive.tar.gz work/
And if you have to string multiple commands
$ ssh user@example.com "cd ~/work && tar cf - * | xz" > archive.tar.xz
Password:
$ ls
archive.tar.xz work/
The reason for the quotes is to ensure the pipe is acting within the ssh connection
To enhance security you can use a ssh key pair. This is a private and public pairing of keys. You control/posses the private key and give the public key to remote computers. When you initiate a connection the ssh client and server compare keys and the user must know the passphrase (ideally different than the user passord). If everything is known a connection is made. This may seem to be cumbersome, however, security is very important. It is more difficult for a hacker to login with your credentials if they are missing the private key.
As of 2019-Dec-2018 some keys are not as safe as others, to be safe using RSA keys you need to set the bit count to over 2048, so a secure key would have 4096 bits but is expensive when connecting. Anything lower than 2048 is easily compromised by hackers today. One uses ssh-keygen
to generate keys,
$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dave/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/id_rsa.
Your public key has been saved in /home/dave/.ssh/id_rsa.pub.
Here you can copy the id_rsa.pub
key to ~/.ssh/authorized_keys
on the remote computer
$ cat ~/.ssh/id_rsa.pub | ssh user@example.com 'cat >> ~/.ssh/authorized_keys'
Password:
$
Now when you ssh in you will be asked for your passphrase
that you chose on key creation.
The convention is to create a key pair on each computer/device, i.e., one for a laptop, one for a desktop, etc…
Another cryptographic key used is the ed25519 key. It’s main design is to be more or as secure using less bits (256 bits) and is faster to compute,
$ ssh-keygen -t ed25519
Generating public/private 25519 key pair.
Enter file in which to save the key (/home/dave/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/id_ed25519.
Your public key has been saved in /home/dave/.ssh/id_ed25519.pub
copy as before.
NB Security and cryptography is an ongoing battle, never assume something is safe. It is important to keep some awareness about key security.
What if you have many remote computers to connect to and you don’t want to type what key you used or username if it is different on each computer? man ssh_config
shows many options to make your life easier! Here is an example of one with two remote computers,
$ cat ~/.ssh/config
Host lab
Hostname example.com
User user
IdentityFile /home/dave/.ssh/id_rsa
ForwardAgent yes
ForwardX11 yes
Host collab
Hostname example.org
User dave
IdentityFile /home/dave/.ssh/id_ed25519
In this example lab has X11 forwarding enabled which can use
ssh -X
for untrusted X11 connections. To enable trusted X11 connections addForwardX11Trusted yes
and usessh -Y
Now you can use the Host
as the shortcut name to login instead
$ ssh lab
Enter passphrase for key '/home/dave/.ssh/id_rsa':
example.com$
It is functionally the same as typing ssh -i ~/.ssh/id_rsa user@example.com
$ ssh collab
Enter passphrase for key '/home/dave/.ssh/id_ed25519':
example.org$
Some people define an alias for ssh in their run config file for their shell (.shrc, .kshrc, bashrc, etc…), but it is more flexible to use
~/.ssh/config
as it works withscp
andsftp
What if you want to be lazy and just copy files across? scp
is similar to cp
but shares options of both cp
and ssh
.
ssh
uses-p
to specify port, whereasscp
uses-P
to specify port. This is why it is important to use man to see the options available for commands.
To copy a single file to the home directory,
$ ls -F
data/ readme.md script.py
$ scp script.py user@example.com:~/
Password:
script.py 100% 1KB 1.0MB/s 00:00
$ ssh user@example.com
Password:
example.com$ ls -F
script.py
Copying a directory and it’s contents requires the recursive option -r
$ scp -r data user@example.com:~/
Password:
data.csv 100% 1KB 1.0MB/s 00:00
log.txt 100% 1KB 1.0MB/s 00:00
$ ssh user@example.com
Password:
example.com$ ls -F
data/ script.py
If you want a more interactive experience with puting geting files to and from a remote computer, then sftp is the tool you need. This is useful when you forget specifically where you stored files and need to look around without disconnecting and retyping passwords.
$ sftp user@example.com
Password:
sftp>
You are now in the sftp
program and connected to the remote machine. Commands can be issued in sftp
. Typing help
will list available commands, and quit
or exit
will end the session.
Command | Description |
---|---|
get |
Download a file, -R for recursive directories |
help |
Displays help text |
put |
Upload a file, -R for recursive directories |
quit |
Quit sftp |
— | — |
cd |
Remote change directory |
ls |
Remote list files |
mkdir |
Remote make directory |
pwd |
Remote print working directory |
— | — |
lcd |
Local change directory |
lls |
Local list files |
lmkdir |
Remote make directory |
lpwd |
Local print working directory |
You can move to a remote directory and local directory independently. When you type get myfile.txt
it will download it from the current remote directory and store it in the local directory on your machine, vice-versa for put
.
© 2017–2024 David Kalliecharan