summary: SSH Configuration for Windows XP last updated: Wednesday, July 11 2002 prepared by: naf test hardware: Gateway E3400 test OS: XP professional, Version 2002 ------------ Overview ------------ Secure Shell (SSH) is a secure replacement for a standard TELNET service *nix machines. The SSH package, offers a encrypted session between the end user and the server they connect to. SSH also bundles a Secure FTP client that is a replacement for your standard FTP client. Utilizing these new secure applications is an important step in securing your information. The standard TELNET and FTP application send your username and password over the network plain text, while the SSH applications encrypt that information SSH is an added service that system administrators must enable on there servers. Currently at DePaul the following I.S. run Unix servers have SSH enabled on them: condor.depaul.edu students.depaul.edu ------------ Requirements ------------ DePaul has a site license for the SSH Windows Client from SSH.COM. This software must be installed into the operating system, as it does not come built into Windows. The software can be obtained from: http://www.ssh.com You can download the latest version under the non-commercial license from this site. ------------- Configuration ------------- 1. Install the SSH application with the default settings set 2. Once you have it installed, you will need to create shortcuts to the hosts most commonly used at DePaul. These hosts are: students.depaul.edu condor.depaul.edu 3. SSH by default will create icons on your desktop for SSH Secure Shell Client and SSH Secure Shell FTP. These are actual shortcuts to the binary executables. These are "default" profiles, and can be used to connect to any host. It is safe to delete these shortcuts from the desktop. 4. You will now need to create 4 text files. Below is the information to place in each one of these text files along with there filename: File Name: SSH Telnet - students.ssh2 Contents of File: # Start of File File Version=S:3.20 [Connection] Host Name=S:students.depaul.edu [Window Positions] Window=S:T 200 100 600 550 # End of File File Name: SSH FTP - students.ssh2 Contents of File: # Start of File File Version=S:3.20 [Connection] Host Name=S:students.depaul.edu [Window Positions] Window=S:F 200 100 600 550 # End of File File Name: SSH Telnet - condor.ssh2 Contents of File: # Start of File File Version=S:3.20 [Connection] Host Name=S:condor.depaul.edu [Window Positions] Window=S:T 200 100 600 550 # End of File File Name: SSH FTP - condor.ssh2 Contents of File: # Start of File File Version=S:3.20 [Connection] Host Name=S:condor.depaul.edu [Window Positions] Window=S:F 200 100 600 550 # End of File 5. Once you've created these files, double click them one by one. The should each load and prompt you for your username to the specific system. Enter your username, and click Connect 6. Once you click connect, you may be prompted to save the host key to your local database. This only happens the first time you connect to a server. Click YES to save this host key. 7. Now it prompts you for your password, enter it and click OK. 8. You should now see a prompt if you are using the SSH Telnet icon, and or the FTP window if you are using the SSH FTP icon. 9. Verify each file works 10. Now move these 4 files to: C:\Documents and Settings\All Users\Start Menu 11. The should now display at the top of your start menu --------------- Troubleshooting --------------- Problem: Client connection attempt reports Connection Failure Resolution: 1. Ping the host you are trying to connect to, to ensure it is responding on the network. 2. The server you are trying to connect to may not have SSH running, verify the server supports SSHv2 3. Your client PC may not have a network connection. Verify the client has a network connection ----- Notes ----- The first time a client SSH connection is made to a server, you're asked to accept an unknown host identification (public key) for that remote server. If this is the first time connecting to a remote SSH server, generally this is an acceptable warning and you can safely proceed. However, it is possible for someone to be performing a 'man-in-the-middle' attack and pretending to be the remote SSH server. Determining if that key is valid or not can be difficult. Perhaps more importantly, if you connect to a remote SSH server a subsequent time and receive a message that the host identification (public key) has changed, you should be very suspicious. While this message may indicate that a server has changed its public key (often due to a SSH server upgrade or re-install), it oftens means the server is not the server you think it is. It is recommended that you do not complete a SSH connection unless you know for sure the status of the remote SSH server. Instead, connect the help desk or appropriate system administrator immediately for assistance. ---------- References ---------- SSH.COM Home Page http://www.ssh.com SSH.COM Home Page - Non-Commerical License FAQ http://www.ssh.com/faq/index.cfm?id=164 SSH.COM Download Page http://commerce.ssh.com SSH.COM - Windows Client Version 3.2 Manual http://www.ssh.com/products/ssh/winhelp32/ SSH Host Identification Has Failed (changed) message http://www.ssh.com/products/ssh/winhelp32/Host_Identification_Failed.html ------- Changes ------- 20020710 Document creation date 20020711 Updated troubleshooting section (naf), notes, minor edits (jtk)