Secure Shell and Secure Copy
(replacement for telnet and ftp)
In order to help prevent unauthorized access to the biochem servers
we have placed all secured computers behind a firewall and replaced insecure
programs such as telnet and ftp with encryted versions that do not transmit
passwords in the open. ssh (secure shell) and scp (secure copy) tunnel
all tcp/ip communication through an encrypted channel to prevent unauthorized
packet-tapping of legitimate connections.
In order for you to access a secured machine, your local computer will
have to have the client versions of ssh and scp installed. This document
explains what steps need to be taken to install the necessary software
on your system.
Access from Linux and unix systems.
If you use Linux computers to interface with the secured biochemistry servers,
you can use the following syntax on your local computer to connect:
ssh:
ssh biochem.uthscsa.edu -l username
or:
ssh username@biochem.uthscsa.edu
scp:
scp localfile username@biochem.uthscsa.edu:.
Note: Copies localfile to your home directory of biochem. The period at
the end is part of the syntax. It means to write the file by the same name
as that being copied. Inside the uthscsa.edu domain you can omit the domain
name (.uthscsa.edu) from the syntax)
scp text.txt username@biochem:public_html/.
Note: Copies the file to subdirectory public_html
scp text.txt username@biochem:newname.html
Note: Copies and renames the file.
scp text*.* username@biochem:.
Note: Copies all files described by the wild cards.
scp path/text.txt username@biochem:.
Note: Uses path descriptor to get the file from a directory other than
the default directory.
scp username@biochem:*.html .
Note: Retrieves files *.html from your biochem root and puts them in the
default directory. The <space> <period> after the html specifies
the destination as the default directory and the filename to be written
as the same as the one being read. Alternatively give a path and or a new
filename.
scp -r directory username@biochem.uthscsa.edu:public_html/.
Note: Recursively copies directory with all its contents to public_html.
For Windows 95, 98, ME, NT and 2000 on Intel x86, or Windows NT on Alpha:
Download a freeware package named PuTTY:
PuTTY
- Windows clients for SSH and SCP (http://www.chiark.greenend.org.uk/~sgtatham/putty/).
-
Just go to the download page and download all of the appropriate executables
for your system into a directory in your default path (the list of directories
you get if you use the dos prompt and type "path").
-
For all of the intel machines, you can just download the single installer
file and execute it, instead of downloading the individual files.
-
Alternatively, you can put it in its own directory and add it to the path
specified in an autoexec file. To do that:
-
For windows 95 or windows 98 machine, add a line to the file named autoexec.bat
in your root directory (probably c:\) (or else create such a file if one
doesn't already exist) that says PATH=%PATH%;c:\sudir1; c:\subdir1\subsub1;
etc where c:\subdir1, c:\subdir2\subsub, are names of subdirectories you
want automatically searched for programs.
-
For windows 2000, NT and above, use the control panel > system to change
the default path.
-
The installer creates a desktop icon to start the ssh client (Putty).
The secure copy program (pscp) is run from DOS. Putty can also be
run from DOS by typing "putty".
-
When the Putty window appears, fill in the boxes to establish ssh communication.
In the "host" box fill in username@computername. Click the SSH radio button,
and click OPEN. You will be prompted for a password. You can alter
various items on the interface by clicking on the tree in the left panel.
Most frequently useful is to click on terminal, keyboard and alter the
backspace character. You can save a configuration and later reload
it from the list box.
-
To do secure copy, go to DOS and type pscp localfile username@computer:path/filename
to copy a file. See variations listed for the program above.
-
For the local pathname, it accepted drive names, and paths with either
\ or /:
-
It ignored upper and lower case as typed for the local file name, and instead
preserved the case pattern present in the windows directory for that file
if you use . as the target. Type the destination name explicitly if you
want to control the case differently.
-
Wildcards worked as expected with the following exception. If you
want to use a wildcard when copying from the remote machine (eg. pscp me@computername:*.html
.), you have to add the "unsafe" parameter as follows: (pscp -unsafe me@computername:*.html
.). This operation is called "unsafe" because in theory a compromised
scp server on the remote computer would be permitted to overwrite system
files on your computer and possibly plant a virus or trojan horse.
So don't use this mode for untrusted remote computers.
-
There is a documentation page on the website above that fully explains
additional options, for example embedding the password in the command line.
-
Typing "pscp" without arguments will give a usage summary for this command.
-
For directories with extensive path designations that you wish to
access often, you may want to create a special .bat file in the same directory
as the putty programs. For example tovpv.bat could contain "pscp %1 hs_lab@biochem.uthscsa.edu:public_html/vpv/."
Then tovpv filename would be shorthand for pscp of filename to the
public_html/vpv/ directory of user hs_lab on biochem.uthscsa.edu.
WinSCP - GUI-based Windows Secure
Copy Program. This utility installs on your desktop and allows you to see
both the local and remote file hirarchies graphically, and copy back and
forth using them. It can also be downloaded from our ftp
server.
Other solutions:
-
The newest versions of QPC's QVT package support ssh1 for the terminal
application. It doesn't do scp. There are several flavors of ssh, and I
haven't ascertained if this version will communicate with biochem. This
program costs money. There is a cheap site license version available from
computing resources that only covers the terminal program, not the other
parts of the package.
-
TTSH is freeware that does ssh but not scp. It does work with biochem.
Go to (http://www.zip.com/au/~roca/ttssh.html). Download the teraterm package,
self extract, and execute setup.exe. Copy the shortcut icon to the desktop.
Then download the ttsh extension, extract with winzip, and direct the files
to the Program Files directory created during the teraterm setup operation.
Change the target program in the Teraterm icon to ttssh.exe.
TTSH was pointed out to me by "Whisenant, Tim" <whisenant@uthscsa.edu>
with the following additional information:
Another SSH client that I've used on Windows 95 and Windows NT is TTSH.
TTSH is an SSH extension to Teraterm (a free telnet client).
http://www.zip.com.au/~roca/ttssh.html
*Please note that it does NOT support SSH protocol version 2.*
Here's a link to some setup information:
http://web.nwe.ufl.edu/writing/help/remote/ssh/teraterm/
http://www.egr.unlv.edu/stock_answers/remote_access/install_ttssh.html
For MacIntosh SSH:
For Mac Os X: ssh and scp should already be installed.
For Mac Os 9.x, you might try the following two sites:
-
(http://www.lysator.liu.se/~jonasw/freeware/niftyssh/).
Excerpt from NiftySSH README file:
Scp is accessed by clicking the Scp... button in the New Connection dialog box. It opens a new window where the files to send/receive are specified. When receiving files from the remote host one can enter several file names separated by space. The syntax is the same as for the Unix version of Scp which means that wildcards are possible and quoting is needed for special characters.
-
(http://www.macssh.com/).
Xwindows.
In order to connect your local X-server to a remote X-server using ssh,
all you need is a working ssh connection to the remote host and the remote
host needs to allow you to tunnel X over ssh. Some biochemistry servers
allow this, others don't. Check with the support staff if you are unsure.
While this will not allow you to connect to a xdm or kdm daemon, it allows
you to connect to the remote server via ssh, and then invoke X-applications,
which will then display locally on your local X-server. In order to connect
with X-tunneling, use the following syntax:
ssh username@bioinformatics.uthscsa.edu +X -C
this will tunnel X through ssh and compress (the very compressible) X-protocol
on the fly for improved network speed. For more options, type:
ssh --help
Last update: 12/3/02 SCH