ssh tutorial

Sun Jun 7 08:44:42 UTC 2009

On Sat, 2009-06-06 at 17:26 -0700, gmspro wrote:
> Many thanks.
> This is a great tutorial.
> It helps to learn basic uses of ssh.
> I was looking for this.
> It saved my time from googling and reading long "man ssh" page.
> 
> One last thing,reading other mail from fedora-list I knew that I
> must be the ssh administrator for log-in using ssh.
> 
> How can I be the ssh administrator?Is it possible for me?
> Or is there any ssh server(free) where I can log-in using ssh without bothering about being ssh server administration or concerning of having an account in remote computer by the ssh administration.
> 

Like telnet, ssh works in a client-server fashion.

When one does telnet jason at argonaut, one is running the telnet client on
one's PC.  One is connecting to the telnet daemon (telnet server) on the
computer, argonaut.

Similarly, when one does ssh jason at argonaut, one is running the ssh
client on one's PC.  One is connecting to the ssh daemon (ssh server) on
the computer, argonaut. 

To make this example concrete, let us first get specific information on
a specific implementation of ssh.  You might be using the ssh client
from openssh.  
Please see the URL: http://openssh.com/
In the second paragraph, at the time of this message, they mention the
ssh program, and they mention the program, sshd, calling sshd the server
side of the package.
The ssh program has a URL to the openbsd man page for ssh:
http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1
The sshd program has a URL to the openbsd man page for sshd:
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8

Let's say the name of your computer is jefferson.  You wish to connect
to the remote computer, argonaut.  On the remote computer, argonaut, is
the account, jason.

On your computer, jefferson, you do the command, ssh jason at argonaut.

Your ssh client, on jefferson, will attempt to connect to the ssh
server, running on the computer, argonaut.  The user name, jason, needs
to exist on the computer, argonaut.  If you are supposed to give a
password, the password will be the password used on the computer,
argonaut.  

The ssh server administrator controls the computer, argonaut.  
He must set up the account, jason, on the computer, argonaut.  He must
allow people to ssh to the account, jason, on argonaut.  He will
configure what types of authentications are permitted.  He will
configure if you can enter the password for the account, jason, to
log-in, or you need public key authentication.  He will configure other
options.

I assume you are not the ssh server administrator for argonaut.  I
assume you do not control the computer, argonaut, in our example.

If you did control the computer, argonaut, and were trying to connect to
the computer, argonaut, from another computer, you would need to know
how to configure the ssh server running on argonaut.  Configuring a ssh
server incorrectly is a security risk.  If you need to do this, I would
suggest you find a person, you trust, who has configured ssh servers
before, to help you do this.

You ask the question, could someone let you use ssh to connect to their
computer without creating an account on their computer?  The answer is
no.  They have to set up the account.  

They might set up an anonymous or guest account that allows limited
access for a specific purpose, but that account, be it anonymous or
guest must be set up.  

An anonymous account might be set up that lets you download publicly
available source code for Linux using cvs.  You wouldn't be able to do
anything else.  You wouldn't be able to use that account to do shell
commands on their computer.

You wish to use ssh to connect to the remote computer so you can issue
shell commands.  This requires a higher degree of trust.  The people
controlling the computer, argonaut, need to be able to identify who you
are.  They need to be able to "trust" you are who you say you are.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090607/09e7ce43/attachment-0001.sig>