How to SSH from Macintosh to Unix / Linux Workstation

Functions of SSH

Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. It is intended as a replacement for rlogin, rsh, and rcp, but also replaces telnet.

The account name and password are protected by encrypted channel for control communications. The xterm displays and ftp sessions are procted by encrypted channels for "forwarded" communications.

The traditional BSD 'r' - commmands (rsh, rlogin, rcp) are vulnerable to different kinds of attacks. Somebody who has root access to machines on the network, or physical access to the wire, can gain unauthorized access to systems in a variety of ways. It is also possible for such a person to log all the traffic to and from your system, including passwords (which ssh never sends in clear text).

The X Window System also has a number of severe vulnerabilities. With ssh, you can create secure remote X sessions which are transparent to the user. As a side effect, using remote X clients with ssh is more convenient for users.

Users can continue to use old .rhosts and /etc/hosts.equiv files; changing over to ssh is mostly transparent for them. If a remote site does not support ssh, a fallback mechanism to rsh is included.

Ssh protects against:

• IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside.
• IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
• DNS spoofing, where an attacker forges name server records.
• Interception of cleartext passwords and other data by intermediate hosts.
• Manipulation of data by people in control of intermediate hosts
• Attacks based on listening to X authentication data and spoofed connection to the X11 server.

In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypted or play back the traffic, or hijack the connection.

This software is only available for members of ASU. You can download from the ASU website. http://www.asu.edu/it/security/software/html/ssh/download.htm

• Point your web browser to: http://www.asu.edu/it/security/software/html/ssh/download.htm
• Download the SSH package and install on your Mac Desktop (required). If you are using Mac OS version 10.1 then download the following package:
  ASUSSH101.sit
  otherwise for Mac OS version 10.2 download:
  ASUSSH102.sit

  The package should unpack itself with Stuffit and create a folder called ASUSSH10x. The folder contains applications called ASUssh, ASUsftp, ssh2, sftp2 and unmountAFS.

• ASUssh is a basic interface to the ssh2 client that lets you select a server, asks you for a user id and then connects to that server from a Terminal window. Whereas, ASUsftp is a basic interface to the sftp2 client that also lets you select a server, asks you for a user id and then connects to that server. Lastly, unmountAFS is for unmounting AFS that is if AFS is installed and for whatever reason it needs to be unmounted.

• To remote login double-click on the icon for ASUssh, select a server, and enter your user-id. A Terminal window will open and prompt you for your password. After successfully logging in, you may then proceed with your work.

• To file transfer to/from a remote server double-click on the icon for ASUsftp, select or enter a server and then enter your user-id. A Terminal window will open and prompt you for your password. After successfully logging in, you may then proceed with your work.