Dear UNIX geeks: need help with SSH

[yamadataro]

When I connected to a remote server via SSH on terminal app, I get the message:

"Authenticity of host XXXXXXXX can not be established ... Are you sure you want to connect?"

I type "yes", then:

"Permanentry added XXXX to the list of known servers"

David Pogue's Mac OS book says I should just say yes and go ahead. So I guess SSH is encrypting any data from then on, right? The language here is so confusing. At first I thought the question meant "youre connection to this server will always be insecure but SSH will never care about it from now on." Instead it means they've exchanged public keys and teh connection will be secure from now on, yes?

I just want to make sure any connections after the first connection is secure since I'm dealing with a dedicated web server with root account.

Thanks again for your help, you UNIX geeks!

 

[robbieduncan]

It OK

This is normal behaviour for SSH. Don't worry about it.

 

[yamadataro]

Re: It OK

Originally posted by robbieduncan
This is normal behaviour for SSH. Don't worry about it.

Thanks!

I'm paying extra attention to this since I'm dealing with a whole server with my clients' sites... root account deal is making me scared.

 

[yamadataro]

BTW do you guys recommend any stand-alone SSH client for X?

Since I'm not a UNIX kinda guy and forget the SSH command often, it would be nice to have a piece of software for this. I used to use MacSSH for OS 9. Are there any choices available for X nowadays?

 

[alex_ant]

If you forget the ssh command, you could always type the command into the first line of a text file, then save it (call it "startssh" or something), then make it executable ("chmod +x startssh"). That way, you would only have to type "startssh" to use ssh, and not your normal command. Only a minor time saver... but perhaps it would save you more time, and be more efficient, than downloading a separate ssh client and setting it up.

 

[evildead]

your message

When you say "yes", what your doing is adding the public key of the remote host to your /.ssh/knownhosts file. Every time you login to that remote host, your ssh will check that the remote hosts key matiches the one you have saved. This is to aviod IP spoofing. That way you know your really logging into the server that you think you are. If I was to IP spoof a server, and make up my own ssh that records logins and passwords, I could get everything I want from the real remote server once a few users try to login, but hit my server insted.

It will not ask you again about it. If something fishy is going on or the keys on the remote server have been re-geerated, you will get a warrning about it.

If you do get a warrning you should ask the admin of the remote server, if the ssh keys have been regenerated recently... if so, then go and trash/eddit your /.ssh/knownhosts file so you can get in again.

this goes for scp as well, for anyone that doesnt know all ready.

 

[yamadataro]

Thanks evilhead for your info!

I was actually wondering where that file with public keys would be on my machine. Real good to know where it is.

 

[evildead]

Originally posted by yamadataro
BTW do you guys recommend any stand-alone SSH client for X?

Since I'm not a UNIX kinda guy and forget the SSH command often, it would be nice to have a piece of software for this. I used to use MacSSH for OS 9. Are there any choices available for X nowadays?

There are plenty of free ones.. I cant reconmend any because I never use any. The deal is, all they can reall do for you is save host names/IP addresses for you and connect you with a button instend of a return char. The terminal is not that bad and there is only a few things you need to remeber about ssh.


#ssh -l userName hostname

you have to use the -l flag if your username on your client side is diffrent than the user you want to login as on the server side.

if username is the same exaple root on both sides:

#ssh hostname

scp (part of ssh)

to move a file from your box to a remote host

#scp /path/fileName IPofRemothost:/DestinationPath/FileName

to get a file from a remote host:


#scp IPofRemoteHost:/Path/FileName /destinationPath/fileName

scp is like ftp but secure

 

[evildead]

Originally posted by yamadataro
Thanks evilhead for your info!

I was actually wondering where that file with public keys would be on my machine. Real good to know where it is.

take note of the "." infront of the /.ssh/knownhosts

that file will be invisable in the finder and you can only see it if you do the command:

#ls -a or #ls -al

.Files are invisable in the finder and even if you do a ls (with out the -a flag) at the terminal. I only mention this becuase you said you were not a UNIX guy