12.3. OpenSSH Clients

To connect to an OpenSSH server from a client machine, you must have the openssh-clients package installed (see Section 9.2.4, “Installing Packages” for more information on how to install new packages in Red Hat Enterprise Linux).

12.3.1. Using the ssh Utility

The ssh utility allows you to log in to a remote machine and execute commands there. It is a secure replacement for the rlogin, rsh, and telnet programs.

Similarly to the telnet command, log in to a remote machine by using the following command:

ssh hostname

For example, to log in to a remote machine named penguin.example.com, type the following at a shell prompt:

~]$ ssh penguin.example.com

This will log you in with the same user name you are using on the local machine. If you want to specify a different user name, use a command in the following form:

ssh username@hostname

For example, to log in to penguin.example.com as USER, type:

~]$ ssh USER@penguin.example.com

The first time you initiate a connection, you will be presented with a message similar to this:

The authenticity of host 'penguin.example.com' can't be established.
ECDSA key fingerprint is SHA256:vuGKK9dsW34zrZzwjl5g+vOE6EZQvHRQ8zObKYO2mW4.
ECDSA key fingerprint is MD5:7e:15:c3:03:4d:e1:dd:ee:99:dc:3e:f4:b9:67:6b:62.
Are you sure you want to continue connecting (yes/no)?

Users should always check if the fingerprint is correct before answering the question in this dialog. The user can ask the administrator of the server to confirm the key is correct. This should be done in a secure and previously agreed way. If the user has access to the server's host keys, the fingerprint can be checked by using the ssh-keygen command as follows:

~]# ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
SHA256:vuGKK9dsW34zrZzwjl5g+vOE6EZQvHRQ8zObKYO2mW4

Note

To get an MD5 key fingerprint, which was the default fingerprint in previous versions, use the ssh-keygen command with the -E md5 option, for example:

~]# ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub -EM md5
MD5:7e:15:c3:03:4d:e1:dd:ee:99:dc:3e:f4:b9:67:6b:62

Type yes to accept the key and confirm the connection. You will see a notice that the server has been added to the list of known hosts, and a prompt asking for your password:

Warning: Permanently added 'penguin.example.com' (ECDSA) to the list of known hosts.
USER@penguin.example.com's password:

Important

If the SSH server's host key changes, the client notifies the user that the connection cannot proceed until the server's host key is deleted from the ~/.ssh/known_hosts file. Before doing this, however, contact the system administrator of the SSH server to verify the server is not compromised.

To remove a key from the ~/.ssh/known_hosts file, issue a command as follows:

~]# ssh-keygen -R penguin.example.com
# Host penguin.example.com found: line 15 type ECDSA
/home/USER/.ssh/known_hosts updated.
Original contents retained as /home/USER/.ssh/known_hosts.old

After entering the password, you will be provided with a shell prompt for the remote machine.

Alternatively, the ssh program can be used to execute a command on the remote machine without logging in to a shell prompt:

ssh [username@]hostname command

For example, the /etc/redhat-release file provides information about the Red Hat Enterprise Linux version. To view the contents of this file on penguin.example.com, type:

~]$ ssh USER@penguin.example.com cat /etc/redhat-release
USER@penguin.example.com's password:
Red Hat Enterprise Linux Server release 7.0 (Maipo)

After you enter the correct password, the user name will be displayed, and you will return to your local shell prompt.

12.3.2. Using the `scp` Utility

scp can be used to transfer files between machines over a secure, encrypted connection. In its design, it is very similar to rcp.

To transfer a local file to a remote system, use a command in the following form:

scp localfile username@hostname:remotefile

For example, if you want to transfer taglist.vim to a remote machine named penguin.example.com, type the following at a shell prompt:

~]$ scp taglist.vim USER@penguin.example.com:.vim/plugin/taglist.vim
USER@penguin.example.com's password:
taglist.vim                                   100%  144KB 144.5KB/s   00:00

Multiple files can be specified at once. To transfer the contents of .vim/plugin/ to the same directory on the remote machine penguin.example.com, type the following command:

~]$ scp .vim/plugin/* USER@penguin.example.com:.vim/plugin/
USER@penguin.example.com's password:
closetag.vim                                  100%   13KB  12.6KB/s   00:00
snippetsEmu.vim                               100%   33KB  33.1KB/s   00:00
taglist.vim                                   100%  144KB 144.5KB/s   00:00

To transfer a remote file to the local system, use the following syntax:

scp username@hostname:remotefile localfile

For instance, to download the .vimrc configuration file from the remote machine, type:

~]$ scp USER@penguin.example.com:.vimrc .vimrc
USER@penguin.example.com's password:
.vimrc                                        100% 2233     2.2KB/s   00:00

12.3.3. Using the `sftp` Utility

The sftp utility can be used to open a secure, interactive FTP session. In its design, it is similar to ftp except that it uses a secure, encrypted connection.

To connect to a remote system, use a command in the following form:

sftp username@hostname

For example, to log in to a remote machine named penguin.example.com with USER as a user name, type:

~]$ sftp USER@penguin.example.com
USER@penguin.example.com's password:
Connected to penguin.example.com.
sftp>

After you enter the correct password, you will be presented with a prompt. The sftp utility accepts a set of commands similar to those used by ftp (see Table 12.3, “A selection of available sftp commands”).

Table 12.3. A selection of available sftp commands

Command	Description
`ls` [directory]	List the content of a remote directory. If none is supplied, a current working directory is used by default.
`cd` directory	Change the remote working directory to directory.
`mkdir` directory	Create a remote directory.
`rmdir` path	Remove a remote directory.
`put` localfile [remotefile]	Transfer localfile to a remote machine.
`get` remotefile [localfile]	Transfer remotefile from a remote machine.

For a complete list of available commands, see the sftp(1) manual page.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

12.3. OpenSSH Clients

12.3.1. Using the ssh Utility

12.3.2. Using the `scp` Utility

12.3.3. Using the `sftp` Utility

Where did the comment section go?

12.3. OpenSSH Clients

12.3.1. Using the ssh Utility

12.3.2. Using the scp Utility

12.3.3. Using the sftp Utility

Where did the comment section go?

12.3.2. Using the `scp` Utility

12.3.3. Using the `sftp` Utility