What is SSH?

Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login, file transfer and other network services over a secure channel. SSH implementations typically provide scp and sftp commands to securely copy files from one host to another, and rsync supports transfers via SSH by default.

SSH replaces the less secure telnet, rlogin, rsh and rexec commands.

How do I use SSH?

Penn VPN software is required for all SSH connections from networks that are outside of PennNet.

Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:

University VPN Getting Started Guide

The OpenSSH application suite included with MacOS, most Linux/UNIX distributions and Windows 10 (version 1803 or newer) is an industry standard and used in the examples below.

There are many other SSH client options, including WinSCP, SecureCRT, PuTTY, MobaXterm, Cygwin, WSL (Windows Subsystem for Linux), etc.

To begin using SSH, open a terminal, command prompt or PowerShell and type this command (replacing username with the SEAS account name):

ssh username@eniac.seas.upenn.edu

The first time you connect to a host, you will be asked to verify its authenticity:

The authenticity of host 'eniac.seas.upenn.edu (2607:f470:8:64:5ea5::14)' can't be established.
ECDSA key fingerprint is 3a:ea:ab:7d:d1:65:21:7d:66:88:28:a4:c6:40:92:97 [MD5].
Are you sure you want to continue connecting (yes/no)?

Type yes and press the Enter key to permanently trust the fingerprint of the remote host in your local account. The list of verified hosts is kept in ~/.ssh/known_hosts.

To complete your login, enter your password at the prompt (your PennKey password will work, as will your SEAS password if you have set one):

username@eniac.seas.upenn.edu's password:

Where username is the name of the account you are connecting to.

Two-Step Verification is required when using a PennKey password for SSH authentication on SEAS systems.

If you entered your PennKey password, you will be presented with a variation of this Duo two-factor prompt:

Duo two-factor login for xxxxx

Enter a passcode or select one of the following options:

1. Duo Push to phone_push (iOS)
2. Phone call to XXX-XXX-0123
3. SMS passcodes to XXX-XXX-0123 (next code starts with: 2)

Passcode or option (1-3):

Enter the number of the Duo option you would like to use and complete the challenge.

You will now begin a session on the remote computer using your default shell (typically bash), where you can type commands.

To end your session, type:

exit

Ending your session this way will preserve your command history and perform other housekeeping tasks that might not occur if you simply close quit your terminal on your local computer, put it to sleep, or shut it down.

For additional information about the ssh command on Linux/UNIX environments, please check the man page on your system:

man ssh

Otherwise, check the documentation for your SSH client software.

Related Articles

© Computing and Educational Technology Services