• 
• Deutsch/English
• Homepage
• Contact
• Accessibility
• License
• zeitform

• Mailserver
• Mail Configuration
• Server Access
  • SSH Access
  • FTP Access
  • Telnet Access
  • Restrict WWW Access
• Statistics
• Software

SSH Access

Here we would like to show you how to connect to a server of zeitform Internet Dienste using SSH (secure shell). All servers of zeitform Internet Dienste support SSH protocol version 2. Please read the section General Notes on SSH first. Afterwards consult the section dealing with the SSH client setup for your operating system. If you'd like to use “public key authentication” go through the section Creating a key pair, as well.

• General Notes on SSH
• SSH client setup with Windows
• SSH client setup with Mac OS
• Creating a key pair
• SSH and other operating systems

General Notes on SSH

Using SSH you're able to gain secure (i.e. encrypted) access to your server. SSH however, does not limit you to a shell access alone. You could use it for file transfer, too, and therefore it acts as a complete replacement for Telnet, rsh, rlogin, rcp and FTP.

In general, telnet access to servers of zeitform Internet Dienste is not possible. However, we could provide access via telnet over SSL (telnets) if desired. FTP is possible on some servers but we'd like to strongly encourage you to use SSH instead. Telnet and FTP pose security risks since these protocols transfer all data unencrypted, including user name and password. Therefore this account information is vulnerable to eavesdropping. Protocols – like SSH – that encrypt data exchanged are resistant to these attacks. In short: Use SSH instead of telnet or FTP whenever it's possible.

To access your server using SSH you'll need an appropriate client for your operating system. Such a client should support the main features of SSH which are:

• ssh, to gain shell access to the server
• scp, to copy files from client to server or vice versa
• sftp, to transfer files between client and server similarly to FTP

The following sections will show you how to setup a SSH client for your operating system. The programs chosen there are just examples and you could work with any other client available. You'll find that configuration options in other clients will not differ too much from what is shown in the next sections. If you need help to obtain alternative SSH clients take a look at http://software.zeitform.info.

SSH client setup with Windows

In this section we will use PuTTY and WinSCP as exemplary SSH clients.

To use PuTTY you'll first have to download putty.exe, pscp.exe and puttygen.exe from the appropriate PuTTY Homepage. You can download a Windows installer, alternatively.

When you're done downloading start the program putty.exe. A configuration dialog will appear. Select “Session” and fill in the name of your server in the field named “Host Name”. Next select “SSH” from “Protocol” (the port number will change then to the correct value of “22”):

To save your setup choose a name and enter it in the field named “Saved Session”. Click on “Save” afterwards. You can access your setup anytime you start putty.exe by selecting the name you've chosen and clicking “Load”.

Now change to the section “SSH” and make sure that “Preferred SSH protocol version” is set to “2”.

To establish a connection to your server click “Open”. If this is the first time you connect to that server a warning will be displayed since the server is not known to the client, yet. This is not an error. Click “Yes” (or anything else which means “yes” depending on your operating system localization) to continue:

Next, a terminal window will appear asking for your user name. After entering that the program will ask you for your password which you should enter, too. If your authentication was successful the login shell on your server will be opened:

If you ever see the following warning while trying to connect to your server do not proceed your login. Instead, contact zeitform Internet Dienste immediately:

To copy files between client and server you could use either pscp.exe or psftp.exe. First open a MS-DOS shell and change to the directory where these programs reside. Enter the command pscp alone to get the short help. Files are copied by entering source and destination as shown in the following example. You can copy files from client to server or vice versa:

“psftp.exe” is run from the MS-DOS shell, as well. Just enter the command together with user name and server (glued with an “@”) as shown below:

The example above shows how to get a directory listing and how to download the file index.html. A complete list of commands is available by entering help after the connection is established.

If you prefer a graphical interface for file transfers, WinSCP is for you. You can download the program from the appropriate WinSCP website.

When you start the program you'll first have to enter “Host name”, “User name” and “Password”. Don't care about the other options at the moment:

After entering your account information just click on “Login”. When the connection is established you'll see a window which reminds of the Windows Explorer. In fact you can work with it just like you would with an ordinary Explorer window ... but here you access files on your server via SSH:

SSH client setup with Mac OS

This section is not finished, yet. Sorry for that but in the meantime you could contact us if you have any questions concerning the SSH client setup with Mac OS.

Creating a key pair

SSH comes with a whole bunch of different authentication mechanisms. The above sections described the (system) password authentication. However, public key authentication is much more elegant and simpler. This mechanism is supported by all server's of zeitform Internet Dienste.

To use public key authentication you'll need a key pair consisting of a public and a private key. Once you have such a key pair you can store the public key on your server and then authenticate yourself with your private key. To protect your private key a passphrase is required. Note the difference: While you authenticate with your password against the servers password database when using password authentication, you authenticate with your passphrase against your (local) private key when using public key authentication.

You can create a key pair on your server. To do that first log in via SSH. To create a key pair for SSH protocol version 2 enter the following commands:

C:\Programme\PuTTY putty -ssh user@server:22
[user@server:~]$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/user/.ssh/identity): [RETURN]
Enter passphrase (empty for no passphrase): Password
Enter same passphrase again: Password
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
a9:5e:48:08:a7:b4:3b:47:a7:da:42:6e:af:bf:70:4c user@server
[user@server:~]$ exit

This command creates a RSA2 key pair of 2048 bit length. When prompted for a file name you can accept the default by pressing RETURN (or choose a different file name). After that you're asked to enter your private key passphrase twice. Do not use an empty passphrase! After the key generation finished note the location of the key files.

Now you'll have to complete three tasks:

1. You have to transfer your private key to your client machine. You can use SCP or SFTP for this. Afterwards, you can delete the private key on the server:

   C:\Programme\PuTTY pscp user@server:/.ssh/id_rsa id_rsa
   C:\Programme\PuTTY putty -ssh user@server:22
   [user@server:~]$ rm ~/.ssh/id_rsa id_rsa
   [user@server:~]$ exit

2. Next, tell the server to accept your key pair for authentication. To achive this, you must copy your public key (~/.ssh/id_rsa.pub) to the file ~/.ssh/authorized_keys:

   C:\Programme\PuTTY putty -ssh user@server:22
   [user@server:~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
   [user@server:~]$ exit

3. Finally, your SSH client must know that you'd like to use public key authentication with your key pair.

   If you've chosen PuTTY as your client you just enter the SSH dialog and fill in the path and file name of your private key. For WinSCP enter path and file name of your private key into the field “Private key file” in the configuration dialog (this can only be done if the field “Password” is empty).

Users of PuTTY can create a key pair on their local machine alternatively. Run the program puttygen.exe and click “Generate”:

Once finished, click “Save” to store your private key file. The public key should be copied from the field “Public key for pasting into authorized_keys file” to a file called “authorized_keys”. This “authorized_keys” file must then be transferred to your server (to the directory ~/.ssh/):

SSH and other operating systems

And how to use SSH with other operating systems notably *NIX like systems? At the moment you won't find any information on that topic here since most UNIX/Linux users are quite familiar with SSH. Nevertheless, if you have any question concerning that don't hesitate to contact us.

For UNIX/Linux we recommend using OpenSSH. More information about this software could be found on the OpenSSH website.