• Dean
• News
• Events
• Academics
  • Architecture
  • Landscape Architecture
  • Urban Planning & Design
  • Advanced Studies Program

• Admissions
• Library
• Research & Publications
• Professional Development
  • Executive Education
  • Loeb Fellowship
  • Career Discovery

• People
• Gallery
• Alumni
• Inside the GSD
  • Dean's Office
  • Student Services
  • Registrar
  • Finance Office
  • Computer Resources
  • Fabrication Laboratory
  • Building Services
  • Human Resources
  • Internal Publications

Advanced SSH and PuTTY

• Why use SSH and PuTTY?
• host keys?
• Configuring PuTTY/ssh
• save a session
• Tips

Why use SSH and PuTTY?

Every time you use telnet you are broadcasting your password, and anything else you type, all over the internet, so that any person with a program called a 'sniffer' can read everything you type.

SSH is a protocol that allows information to pass between computers in an encrypted format. This means that the information is secured (confidentiality, integrity, and authentication) between the two parties for it's useful lifetime. Similar network security protocols (SSL, TLS) are used to secure your credit card and address information if you are buying something on the web.

SSH is a 'protocol' (not just a program) which means it can be used to secure ANY data, not just text, but it is most often used to replace remote terminal access to UNIX machines, such as telnet.

PuTTY is a free implementation of SSH for the Microsoft Windows operating system. You are allowed to copy and distribute this program at will since it is released under a free software license.

What is a host key? What is it doing?

This is ssh telling you that it has never connected to this server before, and it wants to know if you trust the connection. The server has sent you its 'key' which is used to decrypt the encrypted information it sends you. When connecting to terra, you almost certainly do trust the connection, and if you press 'Yes' PuTTY will store the key and not ask you this question again.

If you pressed 'Yes' and it does ask you this question at some later time, while making this connection, there is a possibility that someone is trying to intercept your password. That isn't very likely though, and you most likely will not have to worry about it. If you are asked this question again, check and see if anything has changed about the connection (maybe the server HAS changed its key for a good reason, maybe you are trying to connect to a different machine than you thought).

If you have tried it a couple of times and keep getting warnings about the key, and you suspect maybe someone IS trying to intercept your password, you should inform the helpdesk. If you press 'No' the connection will go through, but not store the key, and it will ask you this question next time you connect also.

Cryptography is complicated! If you would like to understand it better, you could try starting here: http://www.ssh.com/tech/crypto/intro.cfm

If that is too much, you should understand at least this much:

• Confidentiality: All information passed over SSH is encrypted, i.e. scrambled and encoded so that it cannot be read except by the people who are supposed to read it. (This is done by using one of the well known encryption protocols, such as AES, and 3DES)
• Integrity: The data receive are guaranteed to be the original data sent (No un-authorization modification made on the wire, this is done by using MAC - Message Authentication Code)
• Message Authentication: The data are guaranteed to be sent from the sender (Not someone who pretends to be the other party, this is done by using Digital Signature)
• Do you know that people can decode what's on your monitor screen by the analyzing the radiation of your monitor, or by the amount of power consumed by your CPU?

When you connect to a server, it gives your machine the key it needs to decrypt the information. If you accept the key permanently (you should - storing the key ensures that you are always connecting to the same machine) your computer stores it and remembers that key is associated with a particular server. If that server's key changes, your program (in this case PuTTY) should warn you that the key changed. Sometimes the key changes for a legitimate reason, like the ssh server program got reinstalled, or maybe the server is actually a new box. But if the key changes and you weren't expecting it to, it is possible that someone is trying to trick your computer into thinking that it is connecting to a server it knows, but in fact you are connecting to this person's imposter machine. This isn't likely, but it is possible, and it is one of the primary reasons SSH is claimed to be secure. So if you suspect someone is trying to fake your computer out, you should ask computer resources if there is a legitimate reason for concern.

Configuring PuTTY/ssh - and saving sessions

Set Configuration Preferences

PuTTY's configuration is simple, but may not be immediately apparent. When you double-click the putty.exe icon and open the PuTTY configuration window, it already has default configuration values set. (If you are using Windows 2000, and used the simple PuTTY instructions with the gsd_putty.exe installer, then the defaults will be set to work with the GSD's network, and you can probably skip ahead to 'saving a session')

Along the left side of the PuTTY configuration window is a tree, you can click on each one of those nodes of the tree and it brings up a different configuration page for PuTTY. You can configure PuTTY to work the way you want it to by going through selecting these nodes on the tree and setting things up. Then select 'session' again to get back to the beginning page, and press 'open' but if you do that PuTTY will only open the current session with those configurations.

For the GSD there are a few key configuration options that will make using PuTTY here much simpler.>

Set Backspace Key

Select the 'Keyboard' node from the tree, and change "The Backspace key' selection to 'Control-H' - this functions better with the GSD's servers.

Window Size Settings

Select the 'Window' node from the tree; change the 'Rows' field to 30 and change the 'Lines of scrollback' field to '1000' - this will make your window larger, and save more in the scrollback buffer.

Encryption Method and Protocol

Select the 'SSH' node. Select '2' for 'Preferred SSH protocol version, and check the box for 'Imitate SSH 2 MAC...' - This will fix some small glitches in making different types of SSH talk to each other. In the 'Encryption cipher selection policy:' box select 'Blowfish' and press the 'Up' button - Blowfish is a faster encryption technique than the default.

It would certainly be nice to be able to save those settings, which you can do by saving a session.

Save Session

Configure PuTTY the way you want. Then come back to the Session panel. Enter a name for the saved session in the "Saved Sessions" input box. (The server name is often a good choice for a saved session name.) Then press the "Save" button. Your saved session name should now appear in the list box.

So, if the server you are connecting to is terra, set all the configuration settings the way you want them, go back to the 'Session' node of the tree and make sure you have the server name 'terra.gsd.harvard.edu' in the 'Host Name (or IP address)' field and 'SSH' is selected for the Protocol. Then enter 'terra' in the 'Saved Sessions' field and press 'Save'

Reload a Saved Session

Single-click to select the session name in the list box, and then press the "Load" button. Your saved settings should all appear in the configuration panel. You can now modify the settings, open then connection, or even delete that connection.

Tips

options There are lots of different options for PuTTY, if you would like to understand them all I recommend reading the official PuTTY documentation about configuration. You can do all sorts of things like change the default colors, or mess with the terminal emulation, or change your character set to Cyrillic.

double-click to open If you double-click on your saved session name, it will immediately open the connection.

X11 Forwarding If you have access to an X windows client for MS windows, PuTTY will handle tunneling X11 over SSH. Simply select 'Tunnels' out of the configuration window tree, and check the box for X11 forwarding. If you don't know what this is, you don't need to worry about it.