What is Digg?Sponsored by Sony Pictures
Do you believe the 2012 Mayan Prophecy? view!
whowillsurvive2012.com - The Mayan Calendar predicts the end of time: 2012. See the trailer for 2012, opening November 13.
37 Comments
- CypherXero, on 10/12/2007, -2/+21Yes, because it uses an RSA-generated private/public keyset, which the private key resides ONLY on the client computer, not the server. If you don't specify a private key when connection to SSH, it DEFAULTS back to a password.
So STFU if you don't know what you're talking about. - eklitzke, on 10/12/2007, -0/+8In case anyone is wondering how it works. You give the remote server your public key, the remote server generates a random message and encrypts it using your public key, and the message can only be decrypted with the matching private key. If you have the private key you can decrypt the message and prove your identity, all without storing any sensitive information on the remote computer.
- tychop, on 10/12/2007, -0/+8Well, the arcticle is not about what most people use, or what's easier.
It's about SSH Tricks. However, I am also suprised they didn't mention tunneling. I use it to digg through the company's firewall opening any port I need. - wandog, on 10/12/2007, -1/+8I'm surprised it didn't mention SSH tunnelling. I use it all the time for securing VNC sessions or forwarding ports on machines on a remote network.
- stoops, on 10/12/2007, -1/+8Dugg for the ssh file system mount, unless you have a gui based scp client this looks like a good replacement.
- Herolint, on 10/12/2007, -1/+6The link isn't working for me, but I'll comment blindly anyway.
I love OpenSSH. It lets me work from home, tunnel through my proxy server at work to bypass their filters (no, I'm not looking at porn), and securely access my files wherever I am (as long as I have an Internet connection).
If you aren't using it, you should be. - tokachu, on 10/12/2007, -3/+8Three problems with this article:
- Most people use SFTP, not SCP.
- It's easier to tunnel a Samba session (if you really need to) than to install and use SSHFS.
- They didn't mention the "-D" option, which in conjunction with tsocks allows you to tunnel any application through the encrypted connection, whether it has support for SOCKS or not. - mooninite, on 10/12/2007, -1/+5Yes! Ignorance is bliss.
- eklitzke, on 10/12/2007, -0/+4In my experience, most people (probably out of habit) still use scp for CLI copying, rather than sftp.
- michuk, on 10/12/2007, -0/+4Looks like we weren't prepared for over 400 diggs :)
I just installed wp-cache, hope it helps a bit.
And about tunnels - I mentioned in the article that we're going to prepare "SSH tricks [2]" all about SSH tunnelling. Watch it in the near future. - gharding, on 10/12/2007, -0/+4I run Windows on my workstation at work and would absolutely be lost without SSH keys. I use Pageant, PuTTY, and WinSCP. That way, whenever I need to login to any of the dozens of FreeBSD/Linux/Solarios servers, I just launch one of my PuTTY shortcuts.
I've noticed a lot of casual *nix users who connect via PuTTY overlook keys. PuTTY's docs can tell you how to set them up. You'll need to run Pageant once windows starts and load your keyfile, but then PuTTY, WinSCP, and most other related tools can use your keys.
Here's the link to the part of the PuTTY manual that describes keying:
http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter8.html#pubkey - XStatic, on 10/12/2007, -0/+4- Most people use SFTP, not SCP.
Who?
SFTP is perhaps the next step for users that upgraded from FTP access to a hosted web server, but I suspect most ssh users have migrated from the r commands and are using scp in place of rcp.
Comparison...
http://winscp.net/eng/docs/protocols#protocol_comparison
My favorite tool though is rsync. While I use rsync over ssh, I never understood why ssync wasn't created to do this job... - Bogtha, on 10/12/2007, -0/+3> anyone who inherits your environment through sh/bash hacks can now roam the network as you
Anybody with that level of access can install a keylogger to sniff any passwords you type in.
> and please don't assume other people "don't understand".
You gave no indication whatsoever that you understood that no-password ssh connections were still authenticated. Your post was indistinguishable from somebody who assumed that no-password == unauthenticated. Next time try actually _saying_ what you think the problem is and you might not get people assuming that you don't know what you are talking about. Saying that something is bad advice without saying _why_ is worthless. - markr, on 10/12/2007, -0/+3I agree - I prefer using VNC over SSH than X11, because if your client goes down, the vnc server is still running with your applications on the other side.
- relinquish, on 10/12/2007, -1/+3I use SCP daily. Useful when you don't have an ftp open.
- clord, on 10/12/2007, -0/+2I rarely use SFTP. Its great for large multi-file transfers, etc., but scp is brilliant in its philosophy to duplicate `cp`. It is pretty much my default file transfer method when working remotely.
- pizzatsf, on 10/12/2007, -1/+3http://www.duggmirror.com/linux_unix/SSH_tricks/
- hurfydurfur, on 10/12/2007, -0/+2SSH is a suite of remote command line tools. It's included in Linux, OSX and all those Unix variants. You can get it in Windows but it's a major pain. At first, ssh looks like DOS. You log in, type in commands and get stuff done on a remote server. But there's more to it. This article is trying to show off some of the neat parts of SSH.
SSH can replace FTP (scp).
SSH can replace telnet (ssh).
SSH can replace a VPN (port forwarding and user defined tunnels).
If you are a pure Windows shop/job, this article of SSH tricks isn't going to be interesting. However, a Dell box with Linux on it could really be a major asset in your Windows shop/job. If you are at home and aren't into computers, maybe use a bootable non-destructive Ubuntu CD and learn some basics about Linux and then later on look at this article. Hope this helps. - RyanJohnston, on 10/12/2007, -0/+2What leads you to believe most people use SFTP? I never saw any point to using it. Does it offer any advantages over SCP? I personally perfer command line utilities vs. interactive programs. It makes them more useful in scripts.
- Bogtha, on 10/12/2007, -0/+2> It's easier to tunnel a Samba session (if you really need to) than to install and use SSHFS.
I doubt it, considering many (most?) servers won't be running Samba in the first place. Setting up something on the client is easier than setting up something on the client AND setting up Samba on the server. - b7j0c, on 10/12/2007, -1/+3there is some bad advice in this article. you should never employ no-password keys with ssh. the password requirement is still the strongest security imposition you can make. if you don't use it, what are you really protecting against...eavesdropping?
- hurfydurfur, on 10/12/2007, -0/+2I agree. If you expose your *nix box to the Internet, you can ssh in, bounce off to an unexposed Windows or other box running VNC. It's a bit like a VPN because you have a single secure (reasonably) point of entry.
- SirDiggalot, on 10/12/2007, -0/+2But if you want a pure archival off site backup, then you can pipe tar to ssh, like this:
cd /source/dir
tar -cf - . | ssh user@remote "(cd /destination/dir && tar -xpf -)"
This is the most valuable SSH "trick" I've ever learned. Especially if you can't make a tarball on the source system due to disk space limitations. - inactive, on 10/12/2007, -1/+3WinSCP on the Windows side of things.
- inactive, on 10/12/2007, -0/+1SSH is great for tunneling BonJour/DAAP:
http://www.shokk.com/blog/articles/2006/02/06/getting-ipods-and-itunes-everywhere
Now, if only there were a light daap client so I could avoid starting up iTunes... - gameboyhippo, on 10/12/2007, -0/+1That's a lot of stuff that fell in the category "I know that's possible, but I don't know how to do it!" With this, I can create some uber cool scripts for my client. Thanks for the story.
- iconnor, on 10/12/2007, -0/+1Ssh is also really neat as part of an ANT script - so you can use all these neatness for your java deployments and automation.
http://www.jcraft.com/jsch/index.html - M2Ys4U, on 10/12/2007, -0/+1Windows + Cygwin + OpenSSH = good.
I use it ALL the time... WinXP & OpenSSH on my home box, PuTTY at college.
No need for *nix at all! - Night, on 10/12/2007, -1/+1Cool I was looking for something like this the other day thanks a bunch :)
- kevmaster, on 10/10/2007, -0/+0SSH can also be integrated into PHP scripts:
http://digg.com/programming/PHP_SSH - b7j0c, on 10/12/2007, -2/+2no Bogtha, i "know" how this works. with no password keys, anyone who inherits your environment through sh/bash hacks can now roam the network as you, and i don't mean by just sitting at your desk when you get up to pee. ask a devoted security nut to demonstrate this sometime.
and please don't assume other people "don't understand". - Bogtha, on 10/12/2007, -2/+2I don't think you understand how no-password keys work. It's not a way of letting just anybody into the server as long as it's encrypted. You can only get into the server if it's configured to recognise your public key.
- b7j0c, on 10/12/2007, -2/+1anyone who gets your key can roam the network as you. this is why no-password keys are not only discouraged, but disallowed where good security people work. try 'man ssh-agent' for a superior solution. that you have not mentioned this at all, but instead bring up totally irrelevant crap like key sniffers tells me all i need to know.
- gluek, on 10/12/2007, -2/+1Oops! Site down...
- inactive, on 10/12/2007, -4/+1-- ignore.
- i440, on 10/12/2007, -18/+1haha. CypherXero, I was only kidding. No need to break out the STFUs now.
- i440, on 10/12/2007, -37/+1"[...] such as passwordless login [...]"
Yes! SSH is obviously on the cutting edge of security.
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is