Untitled Document

Secure Shell Applications

For those concerned about security in their connectivity, logging into remote hosts via telnet is not the best idea. Telnet is unencrypted, so anyone with the ability to sniff network traffic can read the entire contents of a telnet session with a few simple tools. As an alternative, most security-conscious users rely on secure shell. Secure shell -- or ssh -- is an interactive login program that uses strong encryption for protecting all data transmitted over a session, including initial login and password, files, commands, chat sessions, etc. SSH is remarkably easy to use and there are clients for most operating systems.

SSH For Unix-based Systems

For users of Unix-based systems (such as Linux, Solaris, or OpenBSD), SSH can be downloaded from the SSH Home Page or the Attrition SSH Archive. Once it's downloaded, untar it (or rpm -ivh it, or whatever) and run ./configure. There are several options you can use, but for most purposes, the default is fine. Finally "make," install, and you're ready to go. To connect to another host, all you need to do is type

ssh hostname.example.com

to connect to hostname.example.com as your current user name. You can also do

ssh -l username hostname.example.com

ssh username@hostname.example.com

to secure shell into an account that has a different user name than the one from which you're connecting. If you're using SSH for the first time, you'll see it create a random seed file -- this is part of the keys SSH exchanges. Don't worry about it. If you're connecting to a new remote host for the first time, SSH will note that the host key is unknown, and ask if you're sure you want to continue connecting. Type yes, and you'll be given a password prompt. You're on your way.

SSH For Windows Systems (95, 98, and NT)

SecureCRT is by far the most widely-used Windows secure shell client. It is not free, but it is reasonable at $99 with a 30-day trial period. You can download it from http://www.vandyke.com/products/SecureCRT/. Once you download SecureCRT and use the Install Wizard (again, for easy install, accept the defaults), it should put a SecureCRT icon on your desktop. To get started, double-click on it and accept the license agreement. You'll have a window open showing a Session List tab and a Quick Connect tab. In the Session List tab, click on New.

You're now in a window entitled 'Session Preferences - new'. It has eight tabs -- Session, Emulation, Display, Options, F Keys, Files, Scripts, and Advanced.

Under 'Session', enter the name of the connection as you want it to appear in your Session List (like a bookmarks file). Under Protocol, click the arrow and select 'ssh'. Under Hostname or IP, type in the name of the host to which you'd like to connect, such as hostname.example.com or 172.16.1.2. Leave the Port set at 22. Under Username, type in your user name on the remote system. Under Cipher, you can leave it as 3DES (also known as triple DES) or choose Blowfish -- DES (also known as single DES) and RC4 have both been broken and are not quite as secure. Unless your system administrator has told you otherwise, Authentication should be Password. There is a field for Password, and if you enter it, SecureCRT can remember it and log you on; those of you who are ultra-paranoid, though, might want to leave that blank and let SecureCRT prompt you for the password each time you log on.

Under 'Emulation', unless your adminstrator has told you otherwise, leave it on vt100 with default keyboard mapping. Most of the other stuff on this screen is optional.

Under 'Display', adjust your color scheme and font to suit your preference.

Under 'Options', I suggest checking 'Backspace sends delete' and 'Close on disconnect' as well as the items which are checked by default, but again, this screen can be tailored to individual tastes.

Under 'F Keys', you can enter in macros as desired.

Under 'Files', leave everything as default.

Under 'Scripts', by checking 'Dialog' and 'Details', you can write a script to be launched upon connecting to the remote host; for instance, if you want to launch your pine program immediately upon connecting, you could enter that here.

Under 'Advanced', leave as default.

Click OK.

You're now back on the Session List -- double-click your new connection and accept and save the key it generates. Now you're using SecureCRT -- it's that easy. SecureCRT is not the only ssh client for the Windows system, though. There are others, such as SSH Binaries (http://www.doc.ic.ac.uk/~ci2/ssh/) and PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty.html). You can also download an SSH plug-in for Tera Term (Tera Term can be found at http://hp.vector.co.jp/authors/VA002416/teraterm.html; the SSH plug-in is at http://www.zip.com.au/~roca/ttssh.html).

PuTTY is less versatile than SecureCRT, but it's free. To set up PuTTY, download it into a download directory (I'd suggest making a shortcut on the desktop after doing so) and double-click on putty.exe. The PuTTY Configuration window will come up, with seven tabs -- Connection, Keyboard, Terminal, Telnet, SSH, Selection, and Colours.

Under 'Connection', enter the host name of the remote host to which you're connecting, such as hostname.example.com. Then select the 'SSH' button. Once you're finished with all the other tabs, you'll come back to 'Connection' and enter, under the text box for Stored Sessions, the name of this connection as you'd like it to appear in your Stored Sessions list (like a bookmarks file), and hit Save. Don't do this yet, though.

Under 'Keyboard', you should probably leave everything as the default.

Under 'Terminal', you can change font and configure to your preferences.

Under 'Telnet', fill in nothing -- you're not using this for telnet.

Under 'SSH', you can select your preferred cipher between 3DES and blowfish. You can also enter your user name on the remote host. Unless your system administrator has told you otherwise, leave the terminal-type string as the default.

Under 'Selection' set your mouse preference or leave it as default.

Under 'Colours', set your terminal window's background and foreground.

Now go back to 'Connection' and save your settings, then hit the Open button. Accept the new system's key and log in with your password. Now you're using PuTTY.

SSH For the Macintosh System

The Macintosh also has a number of clients that can handle secure shell. DataFellows is developing a client called F-Secure SSH Tunnel & Terminal (http://www.Europe.Datafellows.com/support/ssh/mac/mac-upg.html), but it is not free -- it, like SecureCRT, costs $99.

BetterTelnet, available at http://www.cstone.net/~rbraun/mac/telnet/, does -not- support SSH (it was intended, but due to export issues, SSH support was cancelled). Some download locations advertize it as being SSH capable -- it is not. Too bad, because it's a nice telnet program.

NiftyTelnet (http://www.lysator.liu.se/~jonasw/freeware/niftyssh/) is a free, easily configured client for the Macintosh. Download the .hqx file and unstuff it. Double-click on the NiftyTelnet icon in the NiftyTelnet folder. A window should pop up entitled 'New Connection'. In this screen, you can either type in the host name or IP address of a remote host (such as hostname.example.com) and quick connect without saving, or you can create a new shortcut. To create a new shortcut, click on the 'New...' button.

You'll be taken to a window entitled 'Telnet Shortcut'. In this window, you'll set all your configurations. Under 'Shortcut Name', enter the name of the remote host as you'd like it to appear in your shortcut list. Under 'Host Name', enter in the host name or IP address of the remote host -- for instance, hostname.example.org. Set your width and height as you prefer (80 by 24 is the standard). Under 'Protocol', select either SSH -- 3DES or SSH -- Blowfish (SSH -- DES is not as secure as the other two). Under 'User Name', enter your user name on the remote host. Configure the rest to your liking -- foreground and background colors, font and font size, etc. When you're done, click 'OK' and and then 'Connect'. You will be prompted to accept a key for the new remote system, and then for your password. Enter it, and you're using SSH on your Mac.

Other SSH Clients

There are secure shell clients for BeOS, the Palm Pilot, Windows CE, and even Java. Located at http://www.db.toronto.edu/~djast/ssh.html, the SSH Resource Page has links to all of these secure shell clients. It does not, however, contain a link to the only Windows 3.x client I've found (apparently nameless), which can be downloaded from ftp://ftp.wcug.wwu.edu/pub/ssh/windows/windows3x/ and unzipped. I have not used it, but there is information regarding it at http://sloth.wcug.wwu.edu/sloth/userguide/ssh.html.

Please note: patent conflicts on the RSA public-key encryption algorithm prevent the use of many foreign-created clients within the United States.

/dev/null (null@attrition.org)
Professional Script Kiddie