SSH: An Easier-Than-You-Thought Tutorial
by Paul Arnote (parnote)
SSH. Just say those three little letters, and you can literally watch the color drain from the face of many Linux users. It's mysterious. It's thought to be difficult to use. And, it uses the (Eeeek!) command line.
Never fear. SSH is none of that. Actually, SSH, or more accurately, OpenSSH (the version in the PCLinuxOS repository) is easy to use, and can give you a very powerful tool that will make your life so much simpler. I hope that I can remove the shroud of mystery that surrounds it. The only thing I cannot change is that it is a command line tool, albeit a very easy one to use.
What's in it for me?
Here's my little scenario where I found ssh to be useful. You may have a very similar need. I literally have a fleet of 12 computers in my house, 10 of them running different flavors of PCLinuxOS. They all connect to the internet via my home network. Three of them are hard wired connections to the network, and the remainder connect via a wireless connection. Until recently, I did the production of The PCLinuxOS Magazine on my dual core laptop computer, which is the newest computer "in the fleet," before moving the bulk of the magazine production to my desktop computer. The desktop computer has two extra storage drives, totaling over 800 GiB of additional storage.
As you can imagine, with 12 different computers connected to the internet at different times, there is a wide variety of files that need to be archived or backed up. Before I learned about ssh, my only choice was to take one of three external portable USB hard drives, save the files to the USB hard drives, then transfer them to the additional storage media on my desktop. It always seemed that I was forgetting to back up one computer or another. Plus, because it became so time consuming, it was a task that I dreaded, and as a result, didn't do as often as I should.
Also, you can't even begin to imagine the volume of files that I have collected on my new laptop since just April 2010 from the production of the monthly magazine. Those files are beginning to take up considerable hard drive space on my laptop (over 2.6 GiB for just the magazine files). Although I rarely use them, I can't (for some reason) seem to part with those files and feel the need to archive them. Add to that mix 45 different ISOs of PCLinuxOS (some beta testing copies) totaling nearly 24 GiB of additional space, plus all of my music files (another 3.6 GiB), a large assortment of wallpaper files, and my video files (7.7 GiB), plus an assortment of all of my other files, you can see that the 160 GiB hard drive on the laptop is rapidly filling up. I simply needed an easier way to move files from one computer on my home network to another.
This is where learning how to run ssh has literally saved my neck. It's also taken an arduous, dreaded task and made it simple.
Especially in the Linux corner of the universe, there are quite a few options that provide remote access to other computers on a network. Telnet, RDP, NFS, Samba and FTP are just five of several protocols that are popular among Linux users. Some, like Telnet and FTP, are unsecure. Others, like Samba and NFS, are just a royal pain to set up and use. The tales are legendary and wide spread on Linux forums and message boards all over the place of someone having extreme difficulties either setting up or maintaining a properly working Samba or NFS.
This is where ssh comes in. To begin with, ssh stands for Secure SHell. It provides a secure connection between two trusted computers. In its most basic form, you can log into another computer on a network, and use shell (bash) commands to navigate that remote computer. That remote computer could be just on your local network, or it could be half way around the world, as you will see by the end of this tutorial.
It doesn't stop there (as you will also soon discover). You can also run GUI applications from the remote computer, right on your desktop, without having to have those applications installed on your local computer. Despite the mysteries associated with a lot of command line tools, ssh is actually fairly easy to use and run. You don't have the hassles and headaches of setting up and maintaining file shares (with either Samba or NFS), since you pretty much have full access to the remote computer, just as you would if you had a user account set up on your local computer. Just as on your local computer, you will need access to the root account to make system-wide changes or install software on the remote computer.
To get started with ssh, you will need to enter something that resembles the following on the command line:
[parnote-xfce@localhost /]$ ssh -l paul_lenovo 192.168.1.101
ssh invokes the OpenSSH version of the program.
-l (small L) logs the listed computer as a trusted computer, and we only have to do this once (per remote machine, per local machine).
paul_lenovo is the user name on the computer that I want to log in under. Replace this with the user name you want to log into the remote computer as. The user account you select has to already exist.
192.168.1.101 is the IP address on my local home network for that computer. Replace this IP address with the one for the remote computer on your network that you want to log into.
Once connected, you will be prompted for the user password to gain access. This is the user password for the user you are attempting to log in as on the remote computer.
At this point, you have full command line access to the remote computer, and you can browse the files there just as if you were browsing the files on your local computer from the command line. In fact, you will notice that the user name on your command line has changed to the user you signed in as on the remote computer.
Now, log out of the ssh session. Don't worry, we're going to be going right back in. We just needed to "register" paul_lenovo as a trusted computer. To log out, type ~. at the command prompt. If you do this correctly, you won't see either character on the command line. The ~ is the escape character to send commands from the command line to ssh, while the . exits the connection. If you mess up (e.g., hit the ~ key twice), just hit enter to get back to a "virgin" command line and try again.
Accessing GUI apps
One of the real treats of using ssh is that you can run GUI applications from the remote computer right on your local desktop, without having to have that particular program installed on your local computer. To do this, we need to log back into the remote computer. Enter something like the following on the command line:
[parnote-xfce@localhost /]$ ssh -v -X email@example.com
-v puts ssh into a verbose mode, so you can see any error and debugging messages.
-X enables X11 forwarding, and is what will enable us to run GUI applications that are installed on the remote computer, on our desktop.
firstname.lastname@example.org is the user and IP address of the computer I want to connect to. Replace my user name and the address on my local network with the user name and IP address of the computer you want to log into.
If successful, you will be prompted for the user password to gain access, just as you were when we registered the remote computer as a trusted computer.
My desktop runs Phoenix Mini, while my Lenovo laptop runs KDE 4. As such, Dolphin (the KDE 4 file manager) is not installed on my desktop. Yet, once I have a successful connection, I can enter dolphin & on the command line, and Dolphin will fire up and display on my Xfce desktop. The & at the end of the command line runs Dolphin in the background, and returns control to the terminal.
It doesn't have to be just Dolphin that you run. You can run any GUI application installed on the remote computer, right from the comfort of your seat in front of your local computer. Below is a screen capture of me running Dolphin (installed on my Lenovo computer running KDE 4) on my Xfce desktop (my desktop computer running Phoenix Mini).
At this point, you cannot yet transfer files between the two computers, at least as you might think you would or should be able to. Fortunately, this is also easily overcome, and there is a command line way to accomplish the task, as well a a GUI method. First, we'll take a look at the command line method.
There are two programs associated with ssh, called scp and sftp, and they stand for Secure Copy and Secure FTP. Using these from the command line allows you to use an ssh connection to transfer files between computers. We'll deal mostly with scp. The sftp application is ideal for transferring individual files over a ssh connection, especially when you know you don't want an entire directory. The scp application, on the other hand, can handle individual files, entire directories, and recurse any subdirectories that may exist, copying all of those files as well. Also, sftp is reported to be a bit slower than scp at transferring files. Below is an example of scp "in action."
scp -r email@example.com:/home/paul_lenovo/Wallpaper /home/parnote-xfce/Desktop/
scp invokes the secure copy program.
-r tells scp to recurse any and all subdirectories, and copy the files stored there.
firstname.lastname@example.org is the user and IP address of the computer I will be connecting to. Replace the user name and IP address with the user name and IP address of the computer you want to connect to.
:/home/paul_lenovo/Wallpaper is the directory on the remote computer that I want to copy to my local computer. Replace this directory with the path and name of the directory you want to connect to on the remote computer.
/home/parnote-xfce/Desktop/ is where I will be copying the "Wallpaper" directory from the Lenovo (remote) computer, to my desktop computer. Replace this directory with the path and name of the directory where you want to save your files to.
Once the file copy is complete, I can then move the folder off of my desktop to its "permanent" location on my extra storage drives, or I can choose to leave it on my Xfce desktop.
Of course, there is a GUI method to transfer files over a ssh connection, as well. To get started, you will need to install gsshfs from Synaptic, and it stands for Gtk SSH File System. It allows you to mount the indicated directory as a file system.
Once installed and started, it looks like this:
Click on the "Add" button, then simply double click your mouse under each category and fill in the requested data. Under the "Host" column, fill in the IP address of the computer you want to connect to. If I were you, I'd leave the "22" under the "Port" column alone, since port 22 is most commonly used for ssh connections. Fill in the user name you will be connecting as, under the "Username" column. The "Directory" field is the directory you want to connect to once you are logged in. The information under "Mount Point" will be filled in as you fill out the other columns. Finally, place a check mark if you want your local computer to mount the remote computer as a file system.
Once you select "Connect" from the buttons at the bottom of the window, your ssh connection will be made and you will have to enter the user password to gain access. Once you gain access, your file manager (Dolphin, Konqueror, Thunar, PCManFM, etc.) will automatically open on your local computer, already opened up to the directory you specified. From this point on, it's a simple matter of opening up a second copy of your file manager and using drag and drop to move files from one computer to another. Below is a screen capture showing me copying a LARGE number of files from my Lenovo (as the remote computer, bottom) to my desktop computer (as the local computer, top, running Xfce). I simply dragged the files from the bottom copy of Thunar to the top copy of Thunar. It literally was THAT easy.
As you can see, ssh makes sharing of files between computers on a local network a snap. But of course, there is more.
Transferring files, Part II
There is another way to transfer files between two computers, using an application from the PCLinuxOS repository that tends to be a perennial favorite. Using FileZilla, you can set up file transfers between two computers on a network, using sftp. Below is a screen shot showing my connection from my desktop computer (parnote-xfce) to my Lenovo laptop (paul_lenovo).
To send your files to the remote computer (in this case, paul_lenovo, on the right), simply right click on the file on the host computer (parnote-xfce, on the left), and select "Upload" from the context menu. The selected file will be uploaded to the selected directory on the remote computer. Similarly, to move a file (or group of files) from the remote computer to the host computer, highlight the file(s) you want to copy, right click your mouse on them, and select "Download" from the context menu. Those selected files will be copied from the remote computer to the host computer, and placed in the selected directory on the host computer. I have found file transfers using FileZilla and sftp to be quite fast and reliable.
Setting up FileZilla to transfer files between two computers on a network is not difficult, at all. Select File > Site Manager from the menu bar, and you will be shown a window similar to the screen capture below.
Click on the "New Site" button (left) to start an entry for a new site. Under the "General" tab, enter the host name or address on the "Host" entry line. Since I'm only using FileZilla here to transfer between two computers on my local network, I enter the network address of the remote computer that I want to connect to. You can fill in the "Port" address, but for some reason, FileZilla will not preserve your entry here. The default port for ssh connections is 22.
Under "Server Type," select "SFTP - SSH File Transfer Protocol" from the list it presents, rather than the insecure "FTP - File Transfer Protocol" setting that is the default. Connections using FTP are inherently insecure, since they are open and unencrypted, which means that anyone eavesdropping on the connection will also have full access to the data exchange. In contrast, an sftp connection is encrypted and secure.
Under the "User" field, enter the login name you want to use on the remote computer, and enter the user password on the "Password" line. This is the same password you would use if you were physically sitting in front of the remote computer and logging in.
Because of the use of the ssh, via sftp, to govern the transfer of data between computer connections, the use of this method should also be secure and free from worry as a method to connect to a trusted computer over the internet.
Besides being useful for moving files across a local network (such as your home network), you can also use ssh to gain access to a computer half way around the world. To test this out, Sproggy set up an account for me on his computer in Bedford, England (point "B" on the right). I used my computer in Independence, MO, USA (point "A" on the left) to ssh into the account he created on his computer. In fact, the second entry in the gsshfs screen capture is my account on Sproggy's computer.
Here is a screen capture of me running Thunar (from Sproggy's computer with Xfce) on my Lenovo laptop (running KDE 4):
To do this, there are a couple of "extra" steps you must take. First, you need to know the external IP address of the computer you are trying to connect with. This is the address that is provided by your internet provider – NOT the internal IP address on your local network. The easiest way is to point your browser to http://www.showmyip.com. Your external IP address will be shown in large numbers at the top of the screen.
Secondly, if you are behind a firewall or a router with a built in firewall, you will need to forward port 22 to the computer you are trying to connect to. It would be impossible to tell you how to do this for each and every one of the hundreds (if not thousands) of different routers on the market. It would be better to refer to the manual or documentation that came with your particular router. A good indication that the port is NOT open and/or that you are behind a firewall is that you will get a "connection timed out" error message.
There isn't a lot to troubleshoot with ssh. Probably one of the biggest problems is with misspelling. That is the first thing I check when I find that I cannot connect. The second thing to check is that you have the right user and IP address specified. Third, make sure the paths you type are valid. Do not expect ssh to create a directory for you. Rather, it must already exist.
I was trying to ssh into my test laptop with smurfslover's e17 light installed on it. Despite everything else being correct, I kept getting a "connection refused" error. Upon further investigation, I discovered that sshd, or the ssh daemon, was not turned on in the PCLinuxOS Control Center. So, if you keep getting a "connection refused" error, check in PCC on the remote computer to make sure this is running. Go under System > Manage System Services, and look for "sshd." Set it to start at boot, and then hit the "Start" button to the right side. Chances are high that you'll now be able to connect. I found that KDE and Phoenix come with the ssh daemon already running. Other flavors of PCLinuxOS may not however, start it up by default, due to the choices the maintainer of the remaster made when they put it together.
As you can see, ssh really isn't the big scary monster that so many Linux users make it out to be. It's a very powerful tool that gives you the ability to share files between computers, as well as running applications you have installed on one computer without having to install it on a second computer.
There are a lot more things you can do with ssh that we didn't cover here. The intent here was to demonstrate the power of ssh to an ordinary Linux user, who may have several computers on his or her local network, and who may have a need to centralize and consolidate the files from those computers onto some sort of mass storage device. Or, perhaps the user just needs to access a file that is on another computer attached to the local network. With ssh, it's only a few keystrokes away, without even having to get out of your seat to go find it. With ssh, you can even "tunnel" past and through firewalls, with enough skill and luck. But this isn't something an ordinary, daily user of Linux has a need for, and these "extra" uses of ssh are left for you to explore on your own. For more information, simply do an internet search for "ssh man pages." There are several copies floating around the internet.
There are also programs that allow you to run ssh on Windows. So, if you have Windows computers still on your home network, ssh could be the answer you are looking for to share files between your PCLinuxOS computers and your Windows computers. Of course, since Mac OS-X is largely based on BSD Unix, Macs already have built in support for ssh.
Thanks to ssh, I now have full access to all of my files on all of my computers, without having to set up complex and confusing network file sharing utilities on each and every computer.