Ssh, don’t tell anyone it’s so easy!

I am constantly surprised by just how easy it is to do really useful little tricks in Linux once you know how. The difficulty is finding out what is available.

Ssh (secure shell) is a really fantastic way to connect several machines on a local wireless network. Once it is setup its pretty much seamless. You can transfer files between machines as you like. Combine that with rsync and cron and you never have to worry again that you forgot to back up your thesis or latest paper if one of your laptops gets stolen. Just make sure you don’t lose both at the same time! Given the extreme insecurity we have to live with on a daily basis in Mexico this possibility does  worry me rather much more than any technical details of the configuration.

I recently bought a tiny Acer Aspire One for travelling and GPS work. It needed some slight tweaking to get Ubuntu running well. All the necessary instructions are contained here,

https://help.ubuntu.com/community/AspireOne

Acer laptops are not particularly  Ubuntu friendly so I was relieved to get most of the hardware working around an hour after install.  However the machine is very good value for the price tag. It has a 120 GB hard drive so it has plenty of space for mirroring work in progress. To connect the two machines over the wireless network I first made sure that both the shh server and client were running on the tiny Acer

sudo apt-get install ssh

This gives you both client and server while a default Ubuntu install only includes the client. The client alone is enough for the main machine (Toshiba)

I called the Acer “tiny”. So I log onto the Toshiba using the the same user as I have on “tiny” (“duncan”). To follow this yourself simply change tiny and duncan to your own versions. If I type in a console

ssh tiny

Then tiny replies and I authenticate with the password. I’m then connected to tiny from the Toshiba. Exit by typing exit. Notice that you can move around and even run programs such as R that output to the console before you leave.

Now the interesting step is to do away with the password and use a secure key instead. This will tell “tiny” to trust the Toshiba.

type

ssh-keygen -t dsa

Follow the defaults entering a suitable passphrase

Then type

ssh-copy-id -i ~/.ssh/id_dsa.pub duncan@tiny

Thats all there is to it. Now

ssh tiny

will get me in without a password. I can browse tiny and transfer files as if they were on the Toshiba with Nautilus simply by bookmarking sftp://tiny/

ssh -X tiny

Will even allow me to run programs with graphical output as if I were in front of tiny itself. This can be quite useful in this particular case if using the small screen becomes tiring. The alternative way is with Remote-desktop, but using a shell is much more direct.

An optional step for a bit more security is to now disallow any further plain password authentication by changing the configuration file on the server (tiny).

sudo gedit /etc/ssh/sshd_config

Find the line

#PasswordAuthentication yes

Uncomment it, and change yes to no:

PasswordAuthentication no

Save the file, and restart ssh.

Perhaps you wouldn’t want quite such a low level of security at work, but it is an ideal and rock solid setup between two trusted computers. After all, nobody can get in unless they physically  have their hands on a part of the hardware that makes up the link, They also need to know a password to run Linux itself.  If any component in the network did get into the wrong hands I can always just delete the key. Both machines would have to be on the same network to use it anyway. So no worries at all for a home user. Ssh really does just what it says on the can. It is a secure shell. If it is set up so login using a password without a key is not allowed only machines that have been configured by a trusted person can log in.

This is clearly  a very useful option for research groups wanting to allow some trusted mobile devices access to potentially sensitive data. It requires nothing more complex than a fixed PC as server and a laptop on a LAN.

Now to backup all my personal stuff I just run rsync from Toshiba

rsync -e ssh -varuzP /home/duncan/Documents/MyWork tiny:/home/duncan/backup/

This is a safe set of options. Verbose, archive, recursive, update, compress, partial. It won’t delete any files on tiny, but will recursively copy all folders within MyWork and update to the latest version if I run it again later. This can be entered into crontabs and run automatically every night, or I can just find it in the shell history and run it whenever I get home from work. Really, really easy…… When you know how of course. Thanks to Ross!

Tiny hard at work backing up with Ubuntu Netbook remix installed

Tiny hard at work backing up with Ubuntu Netbook remix installed

3 thoughts on “Ssh, don’t tell anyone it’s so easy!

  1. Pingback: Geotagging example « Duncan Golicher’s weblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s