Dear UNIX geeks: need help with SSH

Discussion in 'Mac Help/Tips' started by yamadataro, Jan 10, 2003.

  1. yamadataro macrumors 6502

    When I connected to a remote server via SSH on terminal app, I get the message:

    "Authenticity of host XXXXXXXX can not be established ... Are you sure you want to connect?"

    I type "yes", then:

    "Permanentry added XXXX to the list of known servers"

    David Pogue's Mac OS book says I should just say yes and go ahead. So I guess SSH is encrypting any data from then on, right? The language here is so confusing. At first I thought the question meant "youre connection to this server will always be insecure but SSH will never care about it from now on." Instead it means they've exchanged public keys and teh connection will be secure from now on, yes?

    I just want to make sure any connections after the first connection is secure since I'm dealing with a dedicated web server with root account.

    Thanks again for your help, you UNIX geeks!
  2. robbieduncan Moderator emeritus


    Jul 24, 2002
    It OK

    This is normal behaviour for SSH. Don't worry about it.
  3. yamadataro thread starter macrumors 6502

    Re: It OK


    I'm paying extra attention to this since I'm dealing with a whole server with my clients' sites... root account deal is making me scared.
  4. yamadataro thread starter macrumors 6502

    BTW do you guys recommend any stand-alone SSH client for X?

    Since I'm not a UNIX kinda guy and forget the SSH command often, it would be nice to have a piece of software for this. I used to use MacSSH for OS 9. Are there any choices available for X nowadays?
  5. alex_ant macrumors 68020


    Feb 5, 2002
    All up in your bidness
    If you forget the ssh command, you could always type the command into the first line of a text file, then save it (call it "startssh" or something), then make it executable ("chmod +x startssh"). That way, you would only have to type "startssh" to use ssh, and not your normal command. Only a minor time saver... but perhaps it would save you more time, and be more efficient, than downloading a separate ssh client and setting it up.
  6. evildead macrumors 65816


    Jun 18, 2001
    WestCost, USA
    your message

    When you say "yes", what your doing is adding the public key of the remote host to your /.ssh/knownhosts file. Every time you login to that remote host, your ssh will check that the remote hosts key matiches the one you have saved. This is to aviod IP spoofing. That way you know your really logging into the server that you think you are. If I was to IP spoof a server, and make up my own ssh that records logins and passwords, I could get everything I want from the real remote server once a few users try to login, but hit my server insted.

    It will not ask you again about it. If something fishy is going on or the keys on the remote server have been re-geerated, you will get a warrning about it.

    If you do get a warrning you should ask the admin of the remote server, if the ssh keys have been regenerated recently... if so, then go and trash/eddit your /.ssh/knownhosts file so you can get in again.

    this goes for scp as well, for anyone that doesnt know all ready.
  7. yamadataro thread starter macrumors 6502

    Thanks evilhead for your info!

    I was actually wondering where that file with public keys would be on my machine. Real good to know where it is.
  8. evildead macrumors 65816


    Jun 18, 2001
    WestCost, USA
    There are plenty of free ones.. I cant reconmend any because I never use any. The deal is, all they can reall do for you is save host names/IP addresses for you and connect you with a button instend of a return char. The terminal is not that bad and there is only a few things you need to remeber about ssh.

    #ssh -l userName hostname

    you have to use the -l flag if your username on your client side is diffrent than the user you want to login as on the server side.

    if username is the same exaple root on both sides:

    #ssh hostname

    scp (part of ssh)

    to move a file from your box to a remote host

    #scp /path/fileName IPofRemothost:/DestinationPath/FileName

    to get a file from a remote host:

    #scp IPofRemoteHost:/Path/FileName /destinationPath/fileName

    scp is like ftp but secure
  9. evildead macrumors 65816


    Jun 18, 2001
    WestCost, USA

    take note of the "." infront of the /.ssh/knownhosts

    that file will be invisable in the finder and you can only see it if you do the command:

    #ls -a or #ls -al

    .Files are invisable in the finder and even if you do a ls (with out the -a flag) at the terminal. I only mention this becuase you said you were not a UNIX guy

Share This Page