Steve Allen's ssh index

I am convinced that everything that could be done with the old (and now dangerously insecure) applications ftp, telnet, rlogin, and rsh can be done just as well or better using the (cryptographically secure) applications ssh (slogin) and scp. Why am I convinced? Because I've done it. Everything from routine logins, to file transfers, to cron jobs, to remote system management, I've done them using ssh.

Sure, I am a cryptogeek, but the tool set that comes with ssh makes it easy for anyone else to be cryptographically secure without much effort.

This is an index of the web pages full of tips and tricks that I've written up as I informed others how to do likewise.

Principles of operation

This document contains an overview of all the components and how they work. It is not designed as a step-by-step guide.

Setup Example

This document contains a step-by-step guide describing the generation and handling of ssh keys.

Tips on using ssh for remote jobs

This allegory describes how and why ssh and its related tools can be used to invoke jobs on other machines and from cron jobs. Included is a step-by-step description of the handling of ssh keys.

Tips on using ssh-agent

Power users of ssh will want to create personal cryptokeys which allow for transparent access to all manner of remote activity, and ssh-agent is a prerequisite for this.

ssh2 vs. OpenSSH

There are two widely-known versions of ssh now in common use. One is the commercial version available from SSH Communications Security, which is also associated with DataFellows/F-Secure. Their version of ssh2 is freely available to educational institutions. Not being bothered to trace down all the who-owns-whos and trademarks, I refer to this simply as Finnish ssh. Finnish ssh is the result of an evolutionary process that began with freely-distributed source that was enhanced by inputs from a world wide community of security hackers.

The other version in wide use is OpenSSH which comes from the OpenBSD operating system. This version is based on an early revision of ssh -- before it became commercial. It now supports the same basic connection protocols as the Finnish ssh does.

Indeed, the login and remote shell access protocols are pretty much guaranteed to interoperate because they are described by relatively mature Internet Drafts published by an IETF Working Group on SECSH. But these two different ssh implementations do not interoperate in all fashions. In particular, the drafts regarding protocols for file transfer, agent authentication, and proxy forwarding of ports and X11 are much less mature. I have uninformed suppositions of why this is so. If these suppositions are more libelous than true, please let me know and I'll endeavor to remedy the defects.