OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security.

OpenSSH is developed as part of the security conscious OpenBSD project, which is led by Theo de Raadt. The project's development is funded via donations.


Compute Systems Invocation Version(s)
Red Hat Linux (64-bit) % /usr/bin/ssh
% /usr/bin/scp
% /usr/bin/sftp
% /usr/bin/sshd
% /usr/bin/ssh-keygen
% /usr/bin/ssh-agent
% /usr/bin/ssh-add
% /usr/bin/ssh-keyscan
4.3 (default)


  1. Access Control.

    Auth Files

    The CSE ssh install is configured to ignore the rsh .rhosts file and instead use a file called .shosts. This has the advantage of allowing the user to have different access policies for an unencrypted rsh login and an encrypted ssh login. If you want to have the exact same policies for both tools, you can just symlink .shosts to .rhosts:

    % ln -s .rhosts .shosts

    In addition to .shosts, ssh allows you to tell the remote machine who can login using the public key pair that you generated earlier. The keys that can login to the machine are listed in a file called ~/.ssh/authorized_keys on the remote machine. If you only have one public key pair, you can generate the authorized_keys file by copying your public key file (called ~/.ssh/ by default):

    % cp ~/.ssh/ ~/.ssh/authorized_keys
    % scp ~/.ssh/authorized_keys remotemachine:.ssh

    Once the keys are in place, it will no longer prompt you for a password, but instead prompt you for your passphrase to "unlock" the keys.

    One of the main advantages to using the passphrase is that you can provide the same level of convenience as the .shosts file without having to know what machines you will be coming from. This is particularly handy for dynamic host assignments like dialins and DHCP clients. This feature is called the ssh agent.


  3. % man ssh