- About Us
The Secure Shell (SSH) network protocol makes it easy to connect computers that are running Linux, share files, and remotely run applications. Along with an X server, it can make sharing a single computer simple on a home network.
In my home, my wife and I need to share a desktop computer -- often at the same time. The computer runs Slackware Linux, and we have individual user accounts, Thunderbird email profiles, Firefox bookmarks, and other documents. Linux gives us the ability to share the computer by using multiple X Window sessions, each on its own virtual terminal. But the computer has only one monitor and one keyboard, which limits us to one user at a time.
To let us use the system concurrently, I bought a laptop computer, installed openSUSE on it, and set up a wireless router. By connecting to the desktop computer using SSH, the laptop functions as an extension of the desktop -- essentially a second keyboard and monitor. Additionally, KDE's Konqueror and the GNOME's Nautilus file manager can use SSH to remotely connect to another computer. The result is a much more efficient way to share resources than shuttling files back and forth with a flash drive.
To set up this kind of network connection, the first step is to make sure that SSH is installed. OpenSSH, an open source implementation of the SSH protocol, is included in most Linux distributions. If it is not on your system, the official OpenSSH application for Linux is available from the download page of OpenSSH's Web site.
Once you're sure you have SSH, you should configure the SSH daemon on the computer to which you want to connect. The configuration file at /etc/ssh/sshd_config, and is well-commented, but it needs a few edits to make it more useful and secure. The file states that:
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value.
So to change an option, delete the number sign from the beginning of the line. At a minimum, you must change three options. As the root user, or from sudo, open /etc/ssh/sshd_config in a text editor, and search for and change the following lines:
Protocol 2. SSH can use two versions of its protocol, with the second more secure than the first. This option forces SSH to use the more secure protocol.
PermitRootLogin noin order to keep remote users from logging into the computer as the root user. If you need to perform system maintenance or other activities that require root user privileges, use sudo or su to become root after logging in as a regular user.
X11Forwarding yes. This option makes it possible to run more than just command-line-based programs over an SSH connection.
Save the file and the SSH daemon is configured for simple home networking. The daemon is usually already running as part of most default Linux installations.
Before you can connect to the host from another machine, you need to know its IP address. As the root user, or with sudo, use the
ifconfig command (interface configurator) to determine the IP address of the host computer. Look for the line starting with "inet addr" for the connection type you have ("eth0" for the Ethernet card, "ath0" or a different designation for the wireless card).
Once the SSH daemon is running, using the SSH service is simple. Open a terminal window and type the following command using your user name and the IP address you found in the step above:
ssh -Y -l username IP address
-Y switch enables trusted forwarding of X Window applications from the host computer so that they can run in the X Window environment of the client computer. The
-l switch allows you to specify the user name you want to log in under. If you leave it off, SSH assumes you want to log in under the user name you are using on the client computer.
I use a simple bash script I keep in my home directory for connecting. Replace the user name and IP address in the script with your own and then save it as ssh_connect.sh:
#!/bin/bash #ssh_connect.sh ssh -Y -l user name IP address
Make the file executable, and run the script from a terminal window in your home directory by typing
The first time you log in, you will see a message similar to this:
The authenticity of host 'IP address' can't be established.
RSA key fingerprint is a long string of characters
Are you sure you want to continue connecting (yes/no)?
When you answer "yes," the SSH application adds an entry to a hidden file in your home directory listing trusted hosts.
To run applications remotely, simply type the name of the program on the command line of the terminal you used to connect to the host computer. If you are in X, then X Window applications will run through the remote connection. For example, I type
thunderbird& to read my email using that program on the desktop computer from the laptop. The ampersand at the end of the command runs the application in the background so that my command prompt is available while the program is running. Because the computer with the SSH client is acting as an extra keyboard and monitor for the SSH host computer, everything done through the SSH connection is done on the host computer.
By itself, working remotely is a great way to boost productivity, but KDE and GNOME both offer ways to map the host computer as a network folder through an SSH connection, making it easy to copy files between the computers. This in turn makes it possible to use a local application to edit a remote file, rather than running an application on the host.
In Konqueror, click on the Go menu and choose Network Folders, then click on the Add a Network Folder icon. Follow the dialogue prompts by first choosing SSH as the type of folder you wish to add, then filling out the short form. The Name field is any name you want to give to the folder, while the Server field is where you put the IP address of the host computer.
To do the same thing in GNOME, go to the Places menu at the top of the screen and choose Connect to Server. A dialogue box similar to the one in KDE's Konqueror prompts you for the service type (choose SSH), the sever, and optional information -- port (usually 22), the folder to which you would like to connect, your user name, and the name to use for the connection. With both KDE and GNOME, setting up the connection takes only a few seconds.
SSH is a powerful, easy-to-use tool for setting up a simple home network. Application performance over an SSH connection is quick, even on older hardware (both of my computers are Pentium IIIs). In my experience, the host computer does not slow down noticeably when both my wife and I are using it for word processing, email, and Web browsing.
The next time you need to connect two computers, give SSH a try. It is easy to configure and even easier to use.
Drew Ames is a transportation planner in Harrisburg, Penn.