Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
4.  Using Secure Shell (Tasks) Using Secure Shell How to Use Secure Shell Port Forwarding Example -- Using Remote Port Forwarding to Communicate Outside of a Firewall  Previous   Contents   Next 
   
 

How to Copy Files With Secure Shell

Use the scp command to copy encrypted files between hosts. You can copy encrypted files between either a local and remote host, or between two remote hosts. The command operates similarly to the rcp command except that it prompts for passwords. See scp(1) for more information.

  1. Start the secure copy program.

    Specify the source file, user name at remote destination, and destination directory.

    myLocalHost% scp myfile.1 johndoe@myRemoteHost:~
  2. Type the Secure Shell passphrase when prompted.

    Enter passphrase for key '/home/johndoe/.ssh/id_rsa': <Return>
    myfile.1       25% |*******                      |    640 KB  0:20 ETA 
    myfile.1 

    After you type the passphrase, the progress meter is displayed. See the second line in the preceeding output. The progress meter displays:

    • the file name

    • the percentage of the file that has been transferred at this point

    • a series of asterisks that are analogous to the percentage transferred

    • the quantity of data transferred

    • the estimated time of arrival (ETA) of the complete file (that is, the remaining amount of time)

Transferring Files Remotely Using sftp

The sftp command works similarly to ftp but uses a different set of commands. The following table lists some representative commands.

Table 4-3 Interactive sftp Subcommands

Category 

Subcommands

Description

Navigation

cd path,

Changes the remote directory to path.

 

lcd path

Changes the local directory to path.

Ownership

chgrp group file

Changes the group for file to group, a numeric GID.

 

chmod mode file

Changes the permissions of file.

File copying  

get remote_file [local-path]

Retrieves remote_file and stores it on the local host.

 

put local_file [remote_path]

Stores a local file on the remote host.

 

rename old_filenew_file

Renames a local file.

Directory listing

ls [path]

Lists the contents of the remote directory.

Directory creation

mkdir path

Creates a remote directory.

Miscellaneous

exit, quit

Quits the sftp command.

How to Set Up Default Connections to Hosts Outside a Firewall

You can use Secure Shell to make a connection from a host inside a firewall to a host on the other side of the firewall. This task is done by specifying a proxy command for ssh either in a configuration file or as an option on the command line. For more information see "Example -- Connecting to Hosts Outside a Firewall From the Command Line".

In general, you can customize your ssh interactions through a configuration file, either your own personal file $HOME/.ssh/config or an administrative configuration file in /etc/ssh/ssh_config. See ssh_config(4). There are two types of proxy commands. One proxy command is for HTTP connections. The other proxy command is for SOCKS5 connections.

  1. Specify the proxy commands and hosts in a configuration file.

    Use the following syntax to add as many lines as you need:

    [Host outside_host]
    ProxyCommand proxy_command [-h proxy_server] \
    [-p proxy_port] outside_host|%h outside_port|%p

    Use the Host outside_host option to limit this proxy command specification to instances when this host (or hosts if a wildcard is used) is specified on the command line.

    The designation proxy_command can be replaced by either of the following:

    • /usr/lib/ssh/ssh-http-proxy-connect for HTTP connections

    • /usr/lib/ssh/ssh-socks5-proxy-connect for SOCKS5 connections

    The -h proxy_server and -p proxy_port options specify a proxy server and a proxy port, respectively. If present, they override any environment variables that specify proxy servers and ports, such as HTTPPROXY, HTTPPROXYPORT, http_proxy (for specifying a URL), SOCKS5_SERVER, and SOCKS5_PORT. If the options are not used, then the relevant environment variables must be set. See ssh-socks5-proxy-connect(1) and ssh-http-proxy-connect(1).

    Use outside_host to designate a specific host to connect to or use %h to specify the host on the command line. Use outside_port or %p to specify the port. Specifying %h and %p without using the Host outside_host option has the effect of applying the proxy command to the host argument whenever ssh is invoked.

  2. Run Secure Shell, specifying the outside host.

    For example, type:

    myLocalHost% ssh myOutsideHost

    This command looks for a proxy command specification for myOutsideHost in your personal configuration file. If not found, then the command looks in the system-wide configuration file, ssh_config. The proxy command is substituted for ssh.

Example -- Connecting to Hosts Outside a Firewall From the Command Line

The -o option for ssh lets you type any line that is permitted in an ssh configuration file. In this case the proxy command specification from the previous task is used.

Specify the proxy commands and hosts in a configuration file.

Run ssh and include a proxy command specification as a -o option. For example, type:

% ssh -o'Proxycommand=/usr/lib/ssh/ssh-http-proxy-connect \
-h myProxyServer -p 8080 myOutsideHost 22' myOutsideHost

This command substitutes the HTTP proxy command for ssh, uses port 8080 and myProxyServer as the proxy server, and connects to port 22 on myOutsideHost.

 
 
 
  Previous   Contents   Next