College of Arts and Sciences

Department of Mathematics

Secure Shell


Secure shell refers to a collection of protocols and software to allow remote login to computers using encryption for all data transfers. This means that when you type in your password, it is encrypted while travelling across the Internet, so that random packet sniffing tools cannot detect it as it passes. Secure shell is referred to as SSH for brevity. There are two SSH protocols extant. SSH1 is older. It uses 56-bit encryption. It is adequate for many purposes, but the encryption scheme could theoretically be broken, and more importantly, it is vulnerable to a certain kind of attack that does not require the encryption scheme to be understood at all. We recommend against its use. SSH2 uses 128-bit encryptions and is ostensibly immune to the aforementioned attack.

We use SSH2 for remote logins in the Math Department at Washington State University. This page offers some instructions on how to do that.

From Unix Machines...

All Unix computers in the Department have SSH installed. You may use it to log in remotely to another computer simply by typing sshcomputername on a command line. If your user name is different on the other computer, you may use the slightly more elaborate command
ssh username@computername.
The SSH program may tell you that the remote computer's name does not appear in the list of known hosts. Tell it that you do want to enter the name in the list of known hosts. After that, you need only to enter your password (it will be encrypted as it goes across the network), and press the ENTER key.

Some of you might have grown used to logging into remote computers without having to give your password. At first glance, when you use SSH, you will not be able to do this. However, through the miracle of public-key cryptography, you can restore this ability. The idea is that you need to create a private key for your own session, and a public key for the remote machine. Do this using the following steps.

  1. At a Unix prompt, type ssh-keygen.
  2. The program ssh-keygen will create public and private keys for you. The private key is stored so that no one but you can read it. The public key is placed (by default) in .ssh/identity.pub on your home directory. When ssh-keygen asks you for an RSA passcode, just push the enter key (twice).
  3. Now change to the .ssh directory (cd .ssh), and type cp identity.pub authorized_keys.

Henceforth, you should be able to log into other machines without having to give a password. Under no circumstances should you change the permission settings on any files in the .ssh directory.

SSH incorporates a utility for file transfer called SFTP (Secure File Transfer Protocol). SFTP allows you to transfer files from the command line with fully encrypted passwords. To use it, type a line similar to the example below.
sftp thetahat.math.wsu.edu
Obviously you may substitute the name of your favorite machine for thetahat. Once logged into the remote machine, you may use commands similar to ordinary shell commands to move around. A brief list of such commands is given below.

Command  FunctionExample
lslist contents of directory on remote computerls
llslist contents of directory on local computerlls
cdchange directory on remote computercd mysubdirectory
lcdchange directory on local computerlcd mylocalsubdirectory
puttransfer file from local computer to remote computer put myfile
gettransfer file from remote computer to local computerget myfile

There are many more elaborate GUI programs to do SFTP. One common one is Filezilla. These can be quite useful if you have many files to transfer or edit on a remote computer.

From Windows Machines...

To gain access to a Unix computer from a Windows machine, you need an SSH client. The systems staff are working to get these installed everywhere, but they won't do it on your home computer. If you want to install an SSH client on your home computer or laptop, you may obtain PuTTY by clicking its name. This is a client for both SSH1 and SSH2 that you may save to your desktop. To run it, double-click its icon, type in the name of the host (e.g. thetahat.math.wsu.edu) and click the radio button labeled "SSH", then click ok. It can be customized in many slightly-less-than-intuitive ways. For sophisticated users, the PuTTY developers have provided an entire suite of SSH tools. You may obtain the latest version of the lot directly from the official site at http://www.chiark.greenend.org.uk/~sgtatham/putty/". The most useful of the other tools are scp and plink.

If you need to transfer files, we recommend WinSCP There is copious documentation available at the WinSCP site. Filezilla is also available in a Windows version.

From Apple Machines...

Macs are actually Unix machines, so they include a command line implementation of SSH and SFTP by default. Just open a terminal, and use the programs as described in the first section of this page. Filezilla is available for Mac.

Department of Mathematics, PO Box 643113, Neill 103, Washington State University, Pullman WA 99164-3113 Phone: 509-335-3926 Fax: 509-335-1188 Contact Us