'''[http://en.wikipedia.org/wiki/Secure_Shell%|%ssh]''', short for '''secure shell''', provides a secure shell on a remote system. ** See Also ** [http://www.openssh.org/%|%openssh]: An open implementation of the secure protocol for working with remote shells. [http://www.ssh.com/%|%ssh.com]: Another site at least associated with source code base for SSH implementations. [https://web.archive.org/web/20031130230229/http://www.phaseit.net/claird/comp.security.ssh/ssh.html%|%Cameron Laird's personal notes on ssh]: [Automating sftp with Tcl]: [TLS]: [http://geekpit.blogspot.com/2006/04/five-minutes-to-more-secure-ssh.html%|%Five Minutes to a More Secure SSH]: [http://groups.google.com/groups?oi=djq&selm=an_408378721%|%ssh and Tcl sockets], 1998-11-03: Includes an example that uses Tcl together with ssh. [multixterm]: [http://themediahost.de/secpanel/%|%SecPanel]: Serves as a GUI for managing and running SSH (Secure Shell) and SCP (Secure Copy) connections. [https://web.archive.org/web/20200514012746/http://themediahost.de/secpanel/images/ssh.png] ** Description ** The security infrastructure of SSH is completely separate from that of [SSL]. '''SSH''' — Secure (Remote) Shell: Typically used to connect securely to a machine where you have an account. At heart, it is a "secure [telnet]" which however can carry lots of other traffic (forwarded IP ports, file transfers) within the encrypted connection. '''SSL''' — Secure Sockets Layer: Provides a secure connection without requesting login, but the ''server'' is typically expected to authenticate its identity. ** ssh with sudo ** This isn't directly related to Tcl, but I didn't see a simple answer anywhere else, so here is a an example of sh command to connect to a remote system, and execute a command on that system as another user, without exposing the password. In this example, the task is to back up the entire filesystem starting at root: ======none ( printf 'Enter sudo password: ' >&2 stty -echo; read; stty echo exec 3<<<"$REPLY" rsync -ACHXavzPie 'bash -c '\''{ cat <&3; cat -; } \ | ssh "$@" &'\'' fakearg0forsh ' --rsync-path "sudo -S rsync" \ --backup-dir=/path/to/backupchanged --fake-super \ --exclude=/dev/ --exclude=/mnt/ --exclude=/proc \ --exclude=/tmp/ --exclude=/sys \ @:/ /path/to/backupdir/ ) ====== ** Discussion ** Anyone know of a Tcl extension binding to one of the ssh libraries? Perhaps [D. J. Hagberg]'s example of port forwarding, from 1998 [http://groups.google.com/groups?oi=djq&selm=an_408378721] is useful. [CMcC] I've thrown together some code to allow [remote ssh tcl] execution. [hkoba]: You can also use [comm via ssh] to send/eval any script to remote host. [AMG]: I whipped up a Tcl script that allows you to [ssh] to multiple hosts at the same time, using a single command and a single set of ''stdin/stdout/stderr.'' Try running [bash] with it, heh heh. (It really works!) For details, see [multissh]. [Justis]: The [TclCURL] library seems to have some SSH features compiled into it: [http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html] ---- Russell Treleaven reports [http://groups.google.com/groups?q=Russell+Treleaven+Expect&hl=en&lr=&ie=UTF-8&c2coff=1&selm=GrVTc.1017%24FZs1.32%40news04.bloor.is.net.cable.rogers.com&rnum=2] that he successfully automates ssh client sessions on a [Windows] host with [ActiveState]'s [Expect] and the ssh2 executable [http://www.ssh.org/]. He uses the "send slow" option. Both of these applications are proprietary. ---- [TV]: I've within some limitations, used the [cygwin] ssh facility, which is quite extensive, except varying from a drag to requiring out of package documentation to install. It is almost [unix], though. It also contains working executables to use openSSL to create and deal with [certificates], I used it successfully to make a secure httpd tick, except I forgot how. <> Internet | Security | Protocol