How to ssh:
----------

To log onto Fred's machine, tesop:


    First, connect to skate as user enlighten:

      ssh -l enlighten 24.161.120.103

    Then telnet to tesop:

      telnet tesop
          bob.bob

    To display on Bob's machine:

    On megalith:

         xhost +24.161.120.103

    On tesop

        export DISPLAY=megalith.rattlesnake.com:0.0
        display /home/enlighten/.ee/icons/u/gif/great-red-spot.jpg


For AI Lab, as of 2000 Jan 19, both as `root' and as `bob':

      ssh -l bob soggy-fibers.ai.mit.edu


rice-chex.ai.mit.edu does not respond to ping and may have been removed.
Note message below about .ssh/config; could not run with such a file.
Error message:

    /home/bob/.ssh/config line 3: Bad yes/no argument.

So removed file and ssh worked fine.



# soggy-fibres works as of 10 Jul 1999

(see also how-to-cvs)

 ssh -l bob limitingfactor.trinhall.cam.ac.uk

Run following as `bob'; does not work otherwise.  use new passphrase.

 ssh -l bob xanthine.gratuitous.org 
 ssh -l bob s-a.gratuitous.org 



On 2000 Jan 19:

 # apt-get install ssh

The following NEW packages will be installed:
  ssh 
0 packages upgraded, 1 newly installed, 0 to remove and 234 not upgraded.

Need to get 0B/234kB of archives. After unpacking 482kB will be used.
Setting up ssh (1.2pre17-1) ...
Starting OpenBSD Secure Shell server: sshd.


From: Nolan Darilek <nolan_d@bigfoot.com>
Date: Thu, 4 May 2000
To: Jason White <jasonw@ariel.ucs.unimelb.edu.au>

    Jason> A question arose on this list, a few months ago if I
    Jason> remember correctly, as to whether it was possible to access
    Jason> web sites protected by Secure Socket Layer (SSL), with
    Jason> Emacs/W3.

Yep, that'd be me. :)

    Jason> What are the options so far as W3 is concerned?

OpenSSL works nicely for this. Here's my setup:

In .emacs:
(setq ssl-program-name "/home/nolan/bin/ssl")
(setq ssl-program-arguments 
      '("-host" host "-port" service "-verify" "4" "-quiet"))

And, /home/nolan/bin/ssl is:
#!/bin/sh
openssl s_client $* 2>/dev/null

This works great for me; I've visited many online merchants with this
system, including amazon.com, without any problems whatsoever. (I do
occasionally receive a blank buffer whose title is the document URL,
but haven't hit that bug lately.)





Old info:

Get from 

ftp://ftp.jimpick.com/pub/mirrors/debian-non-US/ dists/slink/non-US/binary-i386



if [ $TERM = xterm-debian ]
then export TERM=xterm ; echo changed to xterm
fi



How to ssh:
----------

9 Sept 1997

Works securely as of 4 Dec after a bug was fixed at MIT:

      ssh -l bob rice-chex.ai.mit.edu
      ssh -l bob soggy-fibers.ai.mit.edu


Use kerberos to get to gnu machines:

    kinit bob@GNU.ORG
    ktelnet mescaline.gnu.org
    ktelnet delysid.gnu.org


            Emacs sources in: /gd/gnu/emacs/<latest>

Also works:

      telnet rice-chex.ai.mit.edu
      telnet soggy-fibers.ai.mit.edu

      telnet titan.berkshire.net        <== use mostly

      telnet shell.berkshire.net

for 8 bits at BerkshireNet (may not work in 1999):

      rlogin -l bob loomis.berkshire.net

For secure connection to BerkshireNet (may not work in 1999):

      ssh -l bob loomis.berkshire.net

      ssh -l bob atlas.berkshire.net

      ssh -l summerhf loomis.berkshire.net

----------------------------------

check 

~bob/.netrc

/root/.netrc




Sender: mycroft@bikini.ai.mit.edu
Subject: Re: ssh design flaw
From: mycroft@mit.edu (Charles M. Hannum)
Date: 04 Dec 1997 12:44:05 -0500


"Leonard H. Tower Jr." <tower@ai.mit.edu> writes:

> 
> I am surprised that ssh, just goes forward and logs one in,
> transmitting one's passwd in the clear.

That's only true if it fails to connect and starts rsh.  You can put
the following in your .ssh/config file to prevent that:

Host *
  FallBackToRsh no
  UseRsh no

I'd agree it's a misfeature that this is enabled by default.





Return-Path: <tec@ai.mit.edu>
X-From_: owner-system-hackers@life.ai.mit.edu Wed Dec  2 12:08:16 1998
Date: Wed, 2 Dec 98 11:41:06 EST
From: Thomas Edward Cavin <tec@ai.mit.edu>
To: Raquel Romano <romano@ai.mit.edu>
Cc: system-hackers@ai.mit.edu
Subject: Re: SSH without typing password
In-Reply-To: <199812012230.RAA00296@oakenshield.ai.mit.edu>
Content-Length: 3915

Raquel Romano writes:
 > 
 > Daniel Hagerty writes:
 > >  > From: Jerry Pratt <jpratt@ai.mit.edu>
 > >  > Date: Tue, 01 Dec 1998 15:57:23 -0500
 > >  >
 > >  > How do I ssh without typing in my password.
 > >  >
 > >  > For rsh I just need to have machine name/ user name lines in
 > >  > .rhosts
 > >  >
 > >  > The ssh man page (or the part that's over my head anyway)
 > >  > makes it seems like you need a corresponding .shosts file but
 > >  > I can't get that to work.
 > > 
 > >     There are two basic mechanisms; you can use .shosts or you can use
 > > RSA keypairs.  RSA keypairs are usually used with an ssh-agent.  See
 > > the manual pages for ssh-agent and ssh-keygen if you want to go that
 > > route.  There are probably some good examples of how to use it from
 > > local people in /com/archive/system-hackers.
 > 
 > From: "Paul A. Viola" <viola@ai.mit.edu>
 > To: hag@ai.mit.edu
 > CC: bruce@ai.mit.edu, cph@martigny.ai.mit.edu, grg@ai.mit.edu,
 >         system-hackers@ai.mit.edu
 > Subject: Re: ailab netgroups
 > Date: Fri, 24 Oct 1997 14:34:59 -0400
 > 
 > 
 > OK.  The final fix seems to be to:
 > 
 > chmod 755 ~
 > chmod 700 ~/.ssh
 > cp .ssh/identity.pub .ssh/authorized_keys
 > chmod 600 .ssh/*
 > ssh-agent bash
 > ssh-add 
 > 
 > Then ssh wheaties seems to work fine and repeatedly.  BTW I don't
 > know if a subset of the above would have worked....
 > 
 > Thanks,
 > Paul

Just a quick description of what the above commands actually do:

 > chmod 755 ~
 > chmod 700 ~/.ssh

These limit the write access to the SSH files.  If the files are group
or world writable, SSH will not use them.

 > cp .ssh/identity.pub .ssh/authorized_keys

This says that the user's public key is an authorized key for this
account.  Since this was a "cp" instead of an append, this also means
that this public key is the only authorized key -- "identity.pub"
holds exactly 1 public key, "authorized_keys" can contain more than
one public key.

 > chmod 600 .ssh/*

This again limits the write access.

All of the commands up to this point have been initialization
commands, and they do not have to be done more than once unless you do
something weird.  The remaining commands will be done each session.

 > ssh-agent bash

This starts an authentication agent which can handle challenges, and
also starts a sub-shell (bash) which inherits a connection to the
agent.  At this time the agent is running un-attached to a terminal,
and the command (bash) has information in its environment pointing to
the agent.  The agent does not know about any keys yet.

 > ssh-add 

This command, run from the sub-shell, uses the environment variables
to connect to the running ssh-agent process.  It looks for the private
key associated with the user, in the file "~/.ssh/identity" by
default, and registers its contents with the agent.  This file SHOULD
BE protected by a pass-phrase between 20 and 30 characters.  Once the
key has been registered with the agent, the agent can answer any
challenges based on the public key that originated in the
"~/.ssh/identity.pub" file.  In particular, it can answer the
challenges based on the "~/.ssh/authorized_keys" file.

Any SSH command (basicly "ssh", and "scp") which is started with the
proper environmental variables ("SSH_AGENT_PID", and "SSH_AUTH_SOCK"
or "SSH_AUTHENTICATION_SOCKET" depending on the version of SSH) will
use those values to connect to the running agent.  The agent itself
will continue running until explicitly killed.  SSH is usually
configured with agent forwarding, meaning that if your start ssh-agent
on mini-wheats, then use ssh to connect to rice-chex and then do an
scp to pull a file from beet-chex, the RSA challenge originating on
beet-chex will be answered by the agent running on mini-wheats.

	--Tom

-- 
Tom Cavin                                Phone:  (617) 258 - 7806
WCCF Systems Manager                     Email:  tec@ai.mit.edu




Fri, 1999 Apr 23  21:54 EDT

<root> ~ # apt-get  install ssh
Updating package status cache...done
Checking system integrity...ok
The following NEW packages will be installed:
  ssh 
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 428k of archives. After unpacking 745k will be used.
Get ftp://ftp.jimpick.com slink/non-US/binary-i386/ ssh [428k]
Fetched 428k in 2m20s (3057b/s)                                                
Selecting previously deselected package ssh.
(Reading database ... 57326 files and directories currently installed.)
Unpacking ssh (from ssh_1.2.26-1.2.deb) ...
Setting up ssh (1.2.26-1.2) ...
Generating 1024 bit host key.
Initializing random number generator...
Generating p:  .................................++ (distance 562)
Generating q:  ...++ (distance 42)
Computing the keys...
Testing the keys...
Key generation complete.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key is:
1024 37 139044123316217487116617942011104602126253982322031343889347795374523793855701630204201378030018866451737560423455534407528495386503433505851959869396346960667730642318359729957271606261524188191933113833883958777659780983915702390583644360361396892210143885029939144415162056281642783244164874363790854388649 root@megalith
Your public key has been saved in /etc/ssh/ssh_host_key.pub

You should read the documentation and then configure /etc/ssh/ssh_config
and /etc/ssh/sshd_config to your sites needs and preferences.
Starting Secure Shell server: sshd.