Secure command-line login
The ssh program (secure shell) is now the standard tool for remote command-line access to Linux and other systems. Free ssh clients are available for all platforms:
- Linux, and other Unix-like systems
- The OpenSSH suite is available for Linux, *BSD, and other Unix-derived systems, and is typically installed by default.
- There are several free and commercial clients available for Windows. We recommend PuTTY.
- OS X
- OpenSSH is available for OS X, and is usually installed by default.
- One option is ConnectBot.
On Linux, and Unix-like systems, you can use
ssh for remote
login, whether it's to a
dedicated server, a
virtual server, or a
Specify your username on the remote server, followed by
followed by the full domain name of the server you are logging into:
Often you will need to copy files to or from one of our systems, for
example, when you are uploading a website to a hosting server. The
scp command is a simple command-line file copier, modelled
A friendlier option is
sftp, with which you can
interactively examine the remote filesystem, move around it, and copy
files in both directions. It is modelled on the old
program. There are also GUI versions available.
You can even use the
sshfs file system to map a remote file
system into your local namespace using the SSH protocol to provide
secure communication. Details are beyond the scope of this tutorial.
Whichever program you are using to connect, it will use the underlying SSH protocol to authenticate you to the remote system. Initially this is likely to be using a password. This is secure, since the password is only ever sent encrypted, but it is not always convenient.
You can create a public key pair to make logging in more convenient. Use
ssh-keygen command to create the key pair; protect it
with a passphrase; and then upload the public half of the key to the
remote server. This is normally to the file
~/.ssh/authorized_keys, although some of our services have
alternative arrangements for uploading the key.
Once your public key has been correctly installed on the remote server,
you will need to supply your passphrase when you log in, to decrypt the
private half of the key. However, you normally only need to do this once
per session, as your desktop environment (or failing that,
ssh-agent) will arrange to securely store the private key.
We do not allow login access using any of the insecure forerunners of ssh (such as telnet or rsh). The protocols used by these programs require you to send your password in-the-clear over the network, leaving it open to password sniffers. There is no need to ever use them, given the widespread availability of free ssh clients.
We do still permit plain ftp, but this has the same issue that it sends unecrypted passwords across the network. We strongly advise you to use sftp instead. If you must use ftp, try not to use it on an insecure network, such as at an Internet café.
- Support Index
- Domains, DNS and SSL
- Hosting accounts
- Miscellaneous topics
- NAT64 usage and configuration
- Our reverse proxies
- Reverse Proxy configuration
- Running Java and Tomcat on a Virtual Server
- Security and Encryption
- Unix: Editing files
- Unix: Introduction to files
- Mythic Beasts APIs
- Support by email