Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file.
The X server
This procedure assumes that you have a running X server on the client where you want to display the application from the remote host. The client may be of different architecture and operating system than the remote host, as long as it can run an X server, such as Cygwin (which implements an XFree86 server for MS Windows clients and others) or Exceed, it should be possible to set up a remote connection with any Linux or UNIX machine.
10.3.4.3. Server authentication
The ssh client/server system automatically maintains and checks a database containing identifications for all hosts it has ever been used with. Host keys are stored in $HOME/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables password authentication to prevent a Trojan horse from getting the user's password. Another purpose of this mechanism is to prevent man-in-the-middle attacks which could otherwise be used to circumvent the encryption. In environments where high security is needed, sshd can even be configured to prevent logins to machines whose host keys have changed or are unknown.
10.3.4.4. Secure remote copying
The SSH suite provides scp as a secure alternative to the rcp command that used to be popular when only rsh existed. scp uses ssh for data transfer, uses the same authentication and provides the same security as ssh . Unlike rcp , scp will ask for passwords or passphrases if they are needed for authentication:
lenny /var/tmp> scp Schedule.sdc.gz blob:/var/tmp/
lenny@blob's password:
Schedule.sdc.gz 100% |*****************************| 100 KB 00:00
lenny /var/tmp>
Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. Copies between two remote hosts are permitted. See the Info pages for more information.
If you would rather use an FTP-like interface, use sftp :
lenny /var/tmp> sftp blob
Connecting to blob...
lenny@blob's password:
sftp> cd /var/tmp
sftp> get Sch*
Fetching /var/tmp/Schedule.sdc.gz to Schedule.sdc.gz
sftp> bye
lenny /var/tmp>
Secure copy or FTP GUIs
Don't feel comfortable with the command line yet? Try Konqueror 's capabilities for secure remote copy, or install Putty .
10.3.4.5. Authentication keys
The ssh-keygen command generates, manages and converts authentication keys for ssh . It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.
Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in $HOME/.ssh/identity , id_dsa or id_rsa . Additionally, the system administrator may use this to generate host keys for the system.
Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but .pub appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length.
There is no way to recover a lost passphrase. If the passphrase is lost or
