# SSH - how do I use it?

## whygentoo

I do like to get remote access from my gentoo-box to another remote gentoo machine. I never used SSH. 

How do I use it? 

Which client or server apps do I have to emerge?

----------

## crudh

Install:

```
emerge openssh
```

This will give you both client and server.

```
/etc/init.d/sshd start
```

will start the server.

To access a remote server with the client, do:

```
ssh username@server
```

----------

## clerus21

Hello

You can also do:

```
 ssh "ip address"

```

by doing that you will be asked for the root password directly.

If you want to be able to manage files.. like downloading files from a server or uploading files, instead of using ssh u can use sftp which will connect to sshd on the remote computer ( you have to install an ftp server on the remote computer)

```

sftp user@ipaddress
```

I hope this helps

----------

## crudh

 *clerus21 wrote:*   

> 
> 
> If you want to be able to manage files.. like downloading files from a server or uploading files, instead of using ssh u can use sftp which will connect to sshd on the remote computer ( you have to install an ftp server on the remote computer)

 

No, you don't have to install an ftp server on the remote computer. The openssh package is enough.

And you can also use "scp" to transfer files when you are in an active ssh-session, instead of making a separate sftp-connection.

----------

## kill[h]er

 *Quote:*   

> You can also do:
> 
> Code:
> 
> ```
> ...

 

actually, by not supplying the username, ssh assumes that you want to log in with the username you are using to ssh from.  So if you are logged into PC1 as joeblow, and did "ssh pc2", it'd try to log you into pc2 as joeblow.

----------

## JeliJami

 *crudh wrote:*   

> And you can also use "scp" to transfer files when you are in an active ssh-session, instead of making a separate sftp-connection.

 

even without an active ssh-session, you can use scp

am i missing something here?

----------

## clerus21

sorry that was a language typing mistake, i ment to say " you dont have to install and ftp server"

still i didnt know that if you dont provide the user u are asked for the user you are doing ssh from  on the remote server   :Embarassed:   je  :Smile: 

----------

## ASID

Here's a tip. If you just want to transfer files through an ssh tunnel type 

```
fish://username@ipaddress
```

 to your konqueror. Give the password and vuala, you are file managing the remote system   :Very Happy: 

----------

## dalek

and if you have a GUI on the machine you are sitting at and have KDE and Konqueror, you can use fish to access the server and you can edit files, copy or whatever.

fish://root@swifty/

You can replace swifty with the IP address if you need to.  I have it in my hosts file so it knows where to look.

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## crudh

 *davjel wrote:*   

>  *crudh wrote:*   And you can also use "scp" to transfer files when you are in an active ssh-session, instead of making a separate sftp-connection. 
> 
> even without an active ssh-session, you can use scp
> 
> am i missing something here?

 

Yeah, sorry. Temporary brain damage or something  :Wink: 

The only thing I wanted to get through was that you don't need sftp for file transfer over SSH.

----------

## nativemad

Another nice feature of ssh is, that you can openup a second SSH connection from the remote Host. So you can manage a Whole network if you just can reach one of them...

Probably the best Thing is that even if you are behind a proxy (like me at work  :Wink: ), you can use https-tunneling with a little script to a Server which is Listening on Port 443! (it can be binded to multiple Ports)

Other Nice things are X-Forwarding or Port-Tunneling, scripting options etc.

So i would say, that SSH is absolutely the best thing for doing remote Administration!

----------

## dalek

 *nativemad wrote:*   

> 
> 
> So i would say, that SSH is absolutely the best thing for doing remote Administration!

 

Amen!!  I agree, and all that other good stuff.  My girlfriend, windoze user, can't grasp me sitting at a computer but giving commands to another computer besides the one I am sitting at.  I guess it is weird if you are not familiar with it.

I have also installed Gentoo over ssh.  I got the guy to boot the CD, start sshd and set the root password.  He lived in Sweden, I'm in the USA.  I did all the way up to rebooting and install the GUI stuff.  It was pretty cool, to me at least.

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## gmtongar

 *dalek wrote:*   

>  *nativemad wrote:*   
> 
> So i would say, that SSH is absolutely the best thing for doing remote Administration! 
> 
> Amen!!  I agree, and all that other good stuff.  My girlfriend, windoze user, can't grasp me sitting at a computer but giving commands to another computer besides the one I am sitting at.  I guess it is weird if you are not familiar with it.
> ...

 

Doing a remote install as we speak. It's really cool... Comfortable at my usual place... Playing Morrissey's latest effort. 

Well, that's all! It's nice

gmtongar

----------

## booyaa

I emerged openssh and i still cannot access my Gentoo box remotely.

I started ssh  /etc/init.d/sshd start

Still cant connect.

Any ideas?

----------

## crudh

 *booyaa wrote:*   

> I emerged openssh and i still cannot access my Gentoo box remotely.
> 
> I started ssh  /etc/init.d/sshd start
> 
> Still cant connect.
> ...

 

How are you running the client?

What error message do you get?

What do you get in the sshd log file (somewhere in /var/log) on the server machine?

Are the server on your local network? Otherwise are you sure it accepts ingoing traffic?

Are you running any firewall on the server?

Can you connect locally from your server to your server?

----------

## booyaa

Forget it guys I got it.  

I was too impatient while the server was generating the key pair.  Cisco does it real fast, so I was concerned.

/etc/init.d/sshd start

*Generating public key pair

  This sequence takes up to a minute so those of you with the same issue dont be as impatient as me.

 :Smile: 

----------

## dalek

You should do that on a old 200MHz rig with only 64MBs of ram.    :Shocked:    I went and ate me a sandwich while it did it.    :Laughing: 

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## robdd

Hi there 'whygentoo'.

Just a security warning - if you use ssh over the Internet you want to be a bit careful.  Our office ssh server is constantly getting attacked with login attempts using a dictionary of usernames/passwords. The safest way to set it up is to only allow login using a private key, and disabling password authentication.  Even if you do allow password authentication make sure you use a passphrase, and disallow root login. Also, I think there was a (more than one ?) buffer overflow exploit in early versions of sshd, so make sure you stay up to date. The current version from portage should be fine, but you can't just emerge and forget it.

Good Luck.

----------

## ASID

Maybe you'll find this link usefull: http://www.gentoo.org/doc/en/security/security-handbook.xml?full=1

----------

## cruzki

 *nativemad wrote:*   

> 
> 
> Probably the best Thing is that even if you are behind a proxy (like me at work ), you can use https-tunneling with a little script to a Server which is Listening on Port 443! (it can be binded to multiple Ports)
> 
> Other Nice things are X-Forwarding or Port-Tunneling, scripting options etc.
> ...

 

I'm in a similar situation now, can you explain how-to use a https-tunneling or point me to a how-to / wiki or something else where it's explained?

----------

## quag7

 *robdd wrote:*   

> Hi there 'whygentoo'.
> 
> Just a security warning - if you use ssh over the Internet you want to be a bit careful.  Our office ssh server is constantly getting attacked with login attempts using a dictionary of usernames/passwords. The safest way to set it up is to only allow login using a private key, and disabling password authentication.  Even if you do allow password authentication make sure you use a passphrase, and disallow root login. Also, I think there was a (more than one ?) buffer overflow exploit in early versions of sshd, so make sure you stay up to date. The current version from portage should be fine, but you can't just emerge and forget it.
> 
> Good Luck.

 

This is good stuff; I'd also recommend that if you leave ssh exposed to the internet, running it on a non-standard port reduces the number of attacks probably by 95% or more.  I actually set up Slackware in QEMU and made that open on the standard SSH port just to see (this was about a month ago) and it was dramatic.  I had a lot of fun tailing the logs and watching people trying all sorts of different logins to try to get in.  I have a few servers at work I need to get to through the internet; in the past year I've not seen a single illicit login attempt on the SSH running on the weird high port.

You can change the port sshd runs on in /etc/ssh/sshd_config

It will probably be the first directive.  Uncomment it, change it to something non-standard, then run /etc/init.d/sshd restart

----------

