Using the Secure Shell Protocol (SSH)

Introduction

The Secure Shell Protocol allows a user to connect to a remote server or machine from another machine or personal computer via an encrypted connection. Using ssh, the Penn State Access Account userid and password pair are transmitted via an encrypted connection to prevent network snooping (or "sniffing") of passwords via traditional, non-secure network connections. Once a login session has been established, the network packets between the local PC or UNIX workstation and the remote workstation or server are also encrypted.

Why use the Secure Shell Protocol?

The secure shell protocol prevents network eavesdropping by unscrupulous individuals in search of userids and passwords to gain unauthorized access to systems. Because telnet, rlogin, and ftp present passwords "in the clear" over a non-secure network, they are vulnerable to this form of eavesdropping. The secure shell protocol encrypts (via public key encryption) userid and password interchange between two machines and then encrypts (via faster, symmetric encryption algorithms) the network traffic between the two machines. Both the password exchange and the data passing between the two machines is encrypted with strong encryption.

Why Use Version 2 of the Secure Shell Protocol?

There are two SSH versions: version 1 and version 2. It is recommened that you use only version 2 clients as there are known security vulnerabilities in version 1. All ASET-manged ITS ssh servers use version 2 of the protocol. Version 2 also includes Secure FTP (SFTP), which provides an easy-to-use interface for transferring files, making it easier than secure copy (scp) to transfer files.

On June 1, 2002, ASET upgraded its FTP servers to provide for secure-only transfers. Information is found in the announcement at http://css.its.psu.edu/news/alerts/ftp_announce.html. This announcement explains the change and provides alternatives for you to use. Please also visit the FTP Alternatives Web site for additional information.

Instructions for Using Clients

The following links provide instructions for using SSH for UNIX, SSH for Windows (SSH.com), Secure FTP for Macintosh (MacSSH.com) and SSH for Macintosh (F-Secure which is installed in the student computing labs).

SSH for UNIX -- installed on all UNIX computers in the student computing labs.
SSH.com for Windows
MacSSH for Macintosh
MacSFTP Carbon for Macintosh. -- SFTP client only

NOTE: Some of the instructions noted above incorporate screen captures. The screen captures are relatively large in size (to include as much detail as possible). As a result, each document might be wider than your screen size allows; if necessary, simply use the scroll bar at the bottom of your browser window to scroll from left to right to read and view the entire document.

Download/Purchase Information

SSH for UNIX
Penn State faculty, staff, and students can download the free SSH client for UNIX via the openSSH Web site at http://www.openssh.org/. Another SSH client for UNIX can be found at ftp://ftp.ssh.com/pub/ssh/. It is recommended that you download the latest SSH2 package (of the form ssh-3.x.x.tar.gz) and upack the tar archive for installation instructions.

NOTE: One of the programs included with ssh, called sshd, also runs on ASET UNIX Lab machines. This feature, which lets users ssh to ASET UNIX lab machines, detects connections from SSH clients. When it receives a connection, it performs authentication and starts to serve the client.

SSH.com for Windows
Penn State faculty, staff, and students can download the SSH.com client via the online version of PACITS at http://www.pac-its.psu.edu/. Support information is also available at this site.

NOTE: Universities can download a version of the client for free at http://www.ssh.com/products/ssh/download.cfm.

MacSSH for MacOS
MacSSH is a free SSH2 client for Macintosh. It does not include Secure FTP or scp. See MacSFTP below for a secure FTP client.

MacSFTP for MacOS
MacSFTP is a secure FTP client. It does not include an SSH client. It has been site licensed by Penn State so that faculty, staff and students can download the client for free via the ITS Downloads Web site at http://www.pac-its.psu.edu/. To download software, you will be prompted to authenticate with your Access Account userid and password.

Support information is available via the online version of PACITS at http://www.pac-its.psu.edu/.

SSH for MacOS X
MacOS X.x ships with SSH and SFTP clients. They can be accessed through a terminal window.

Other SSH Choices

Other SSH and Secure file transfer options are listed via the PACITS Web site under the "File Transfer" category for each operating system listed.

Getting Help

If your need assistance, please send e-mail to the Help Desk at helpdesk@psu.edu or call (814) 863-2494. Visit http://css.its.psu.edu/consulting/ for other Help Desk locations.

If you need assistance with SSH for UNIX, then please send an e-mail request to unixhelp@psu.edu.

The Pennsylvania State University © 2002. All rights reserved.
Alternative Media - Nondiscrimination Statement
This site maintained by Academic Services and Emerging Technologies, a unit of Information Technology Services.
For assistance please write to helpdesk@psu.edu or see our Help Sources.
Last revised: Monday, September 13, 2004