SSH

From CTSWiki

Jump to: navigation, search
Image:WustlLogo.jpg

Contents

[edit]

Using SSH (Secure Shell)

[edit]

Creating Profiles

Begin by opening the SSH (Secure Shell) Client from the Start Menu. The following default window will open. Image:SSH Secure Shell.jpg

In the upper left-hand corner, click on 'Quick Connect.'
Image:QuickConnectButton.jpg

The Remote Host window appears.
Image:Connect_to_Remote_Host.JPG

In the "Host Name" field enter the SSH server address of the host to which you wish to connect. For example, we will be using Siesta, which can be found at: siesta.cs.wustl.edu .The "User Name" field is where you should enter your user name, in our example, we'll use our cs username. (If you do not have a cs account, please visit Requesting a CSE/ARL account for directions on how to obtain one.)

A Host Identification Window now appears if this is your first time connecting, and it asks you if you would like to save the new host key to the local database. Click 'Yes' to proceed. If it is not your first time connecting however, and you are still asked to save the "new" host key, check to see if you spelled the host name incorrectly. (For example, the following are all different host names: siesta vs. siesta.cs vs. siesta.cs.wustl.edu .) If you did indeed spell correctly, check with the help desk because spoofing is possible.

You are then prompted to enter your password. In our example, that's the same as our cs password. Enter your password and click 'OK' to continue. You are now connected. If you plan to use this host a lot, you should save your new profile.

[edit]

Saving Profiles

After connecting to your host, the Add Profile window will appear. This is where you should label your new profile for later use. Replace the words "Profile Name" with the name you wish to give your profile. For our example, let's use "Siesta." Then click the "Add to Profiles" button, and your profile will be added. This naming step must be completed quickly however, because the dialog box won't remain for longer than 20 seconds. Image:Add_Profile.JPG

To access your successfully added profile in the future, launch SSH (Secure Shell) Client, and select your profile from the drop-down menu.
Image:Accessing_Profiles_in_the_future.JPG

[edit]

Enabling Tunneling

In order to port forward and establish encrypted tunnels within your host you must first enable tunneling. To do so, begin by selecting 'Edit Profiles...' from the Profiles drop-down menu.

The Profiles dialog box appears.
Image:Profiles_Dialog_Box.JPG

Select the tab entitled 'Tunneling.' From the files listed in the left column of the dialog box, select the host name you gave your profile when you saved it earlier, and check the 'Tunnel X11 connections' box in the lower right-hand corner. Then select 'OK.'
Image:Tunnel_X11_connections_box.JPG

Tunneling is now enabled for your host.

[edit]

Creating Mail Tunnels for Security

In order to access mail through a tunnel, SSH and clients must be configured to use those tunnels. To begin configuration of SSH Tunnels, again access the Profiles dialog box from 'Edit Profiles...' of the Profiles drop-down menu. Once more select the 'Tunneling' tab and the appropriate host, but this time focus on the 'Outgoing/Incoming' area in the center of the window. Make sure the 'Outgoing' tab is selected, and click 'Add.'
Image:Outgoing_Tunneling.JPG

The Add New Outgoing Tunnel window is now displayed.
Image:Add_New_Outgoing_Tunnel.JPG

You should decide between IMAP and POP for the mail tunnel you will be using. Depending on your choice, in the "Display Name" field, enter "IMAP," or "POP." Make sure the type "TCP" is selected. For "Listen Port," as well as "Destination Port," enter "143" for IMAP or "110" for POP. The "Destination Host" for this application is your mail server. Going back to our example of Siesta from above, we'll use "mail.cse.wustl.edu" . The last step is to make sure the "Allow Local Connections Only" box is checked. Select ok, and your newly added tunnel will be listed in the outgoing field.

To add another mail tunnel, simply click 'Add' again, and enter in the appropriate information. One you may want to add is SMTP (port 25). Once all of your tunnels have been added, select 'OK,' and the tunnels you have just created will automatically be saved.

As long as you're connected to your host and your mail client uses the localhost as its mail server, you are now able to access your email client. (See Setting Your Mail Client to Point to Localhost for directions on how to configure your mail client.)

Retrieved from "http://wiki.cts.wustl.edu/index.php/SSH"
Personal tools