University home > School of Chemistry > Unix Computer Resources > secure shell

Secure Shell (SSH) Logins

Telnet, ftp, etc. have serious security flaws and it is now usual to limit connections to secure shell.

You can daisy-chain X11 forwarded connections, that is, you can login to one system, and from there login to another, and if you have X11 forwarding set on all connections, a program which opens a new window will send it all the way to your local system.

Unix/Linux Systems

If your local machine runs under unix, secure shell may already be installed, if not, ask your system administrator to install it.

slogin -X [-l user] remote_computer_name
or ssh -X -l user remote_computer_name
or ssh -X user@remote_computer_name

The -X flag allows X11 tunnelling, which enables you to run applications which open new windows. Do not use the xhost command on your local computer and ignore the DISPLAY variable on the remote computer, these are no longer relevant.

For file transfers use:

scp user@host1:file1 file2
or scp file1 user@host2:file2
or sftp remote_computer_name
or sftp user@remote_computer_name

See the man pages for more information.

When you connect using secure shell, the local system compares the identifier key of the remote system with one obtained and stored locally the first time you connected. The key of the remote host might change if the version of secure shell is updated on the remote host. If this happens secure shell will issue a warning, and may prevent connection. Delete the old key, and the next time you connect the new key will be stored. To delete the key go to the directory ~/.ssh (that is, a directory called .ssh under your home directory) and delete the line starting with the name of the remote system in the file known_hosts and/or known_hosts2.

Windows

Secure shell is part of the standard build. If, for some reason, it is not installed, contact the department's computer support staff.

Run ssh by selecting

Start | Programs | SSh Secure Shell | SSh Secure Shell Client

Click on Quick Connect, under the Host Name put the system you wish to connect to, eg chm-fs or mole, under User Name put your username on that system, which will usually be your UOB username, then click on Connect. You will be asked for your password for that system.

If you want to run applications which start new windows (Xwindows) you need exceed running in the background BEFORE you log on to enable your local computer to accept the display. In SSh, click on

Edit | Settings | Profile Settings | Connection | Tunneling

and ensure the tick box for 'Tunnel X11 connections' is selected. Then start exceed (not xterm or xstart) with:

Start | Programs | Hummingbird connectivity | Exceed | Exceed

Then connect and login to the remote computer. You will have the opportunity to save the settings as a profile. If you do this you can select the profile to log in (once exceed is running) without worrying about selecting the Tunnel X11 connections box again.

If your X applicaton uses certain 3GL extensions which are not available in Exceed (due to licensing costs to the University) or you want an X server to use on your pc at home you can try an alternative X server called Xming, but please note that this is not a supported application by the university or the department.

Also see the University web page on ssh.

Edit | Settings | Global Settings | Server Authentication | Host Keys

Click on the appropriate key and click on delete.

PUTTY

There is a small ssh client for Win32 platforms which you can download and place on a floppy disk. This can be run from the disk without installing the ssh client on the computer. This may be useful if you are a visitor somewhere. The download site is http://www.chiark.greenend.org.uk/%7Esgtatham/putty/

Apple Mac

Secure shell is part of the standard OS X, and can be used from the command line as for unix/linux systems.