Secure Shell (commonly known as SSH) is a secure way to connect two computers over a network, even though the network itself might not be secure. Most often used for remote administration, SSH provides an encrypted data link between the two machines, so the connection is secure even over an inherently insecure network like the internet. (Wow…that sounds pretty boring — even to me.)
Basically, SSH lets you log into another machine somewhere with full access to a Terminal window (also called a shell) on that machine. Many people have probably seen some kind of remote login, either using Microsoft’s Remote Desktop, Apple Remote Desktop, or even just via having another computer in the Finder window. SSH is basically the same, with some differences (as follows).
Firstly, with SSH, you get into the command line, not the GUI. Anything you can do in Terminal you can make another machine do remotely. SysAdmins love it — many are serious Terminal users and being able to have secure remote access from anywhere to the command line on servers and client machines is a huge benefit for them. SSH can be a useful troubleshooting tool. On machines with no video output, SSH can tell you a lot about what is happening inside the machine. If a process has frozen the GUI, many times accessing the machine via SSH will let you identify the problem process and kill it if desired.
The other main feature of SSH is security — the connection is encrypted. Data going between the machines is secure. Well, mostly anyway — there is a vulnerability that would allow a small bit of data to be read by someone who knows what they are doing. But really it’s pretty solid. Anyone looking at the data stream will not be able to read it.
Let’s SSH in and see what’s up! This assumes you have two Macs on your local network you can play with:
1) On one of the machines, go into the Sharing preferences in System Preferences and enable Remote Login. You will see an indicator that Remote Login is active, and text that reads:
“To log into this computer remotely, type ssh yourname@yourIPaddress”
2) On the second machine, open Terminal, type ssh yourname@yourIPaddress and hit enter.
After a bit you will see the following: In this case, it’s fine that the host can’t be authenticated — you can be pretty sure you are connecting to the right place! (Always check to make sure you typed the right address in though.)
If all goes well, you will be presented with a command line prompt that shows you as logged onto the other computer. Let’s test it with the say command. In your Terminal window type say hello. If the volume is up on the other machine, it should say “hello” to you. Silly, but very satisfying!
Soo, we have a way to log into another machine’s command line via a secure connection, but what now? Besides some dorky system stuff, it’s hard to see what it might be useful for. It certainly was for me! There are a ton of things you can do with SSH, but one of the most useful is when you browse the web via a secure SSH connection no matter where you are (such as a coffee shop, bookstore, or airport) — it’s kind of a poor man’s VPN!
More on that next week, and other SSH stuff coming soon. Feel free to email me any specific questions or feedback you have.