2 Useful SSH Tricks to Improve Your System Security

A few days ago, Tavis wrote a great article on How to use SSH X-forwarding to Run Remote Apps. X forwarding is indeed a very handy feature of SSH, so I thought it would be a good time to expand on some of the other great uses for this excellent piece of software (and some related tools). Today, we’ll cover SCP and SSHFS.

To follow this guide, you’ll need the following:

– Client computer with openssh-client installed (for Windows, use Putty)
– Server computer with openssh-server installed (Available on any UNIX-style system)
– A working set of login credentials on the server

If you don’t have a computer with an SSH server, you can use the same PC as both client and server for the sake of trying all this out. If you do have a (Linux, Unix, BSD) computer available to act as server, make sure to install the OpenSSH server software. Debian and Ubuntu users can get this easily with

sudo apt-get install openssh-server

1. Using SSH to securely copy files

This is my second favorite use for SSH. When you install the OpenSSH client on your machine, it typically comes with a file copy tool called SCP (Secure Copy). This can be VERY useful as a way to not only send files to your friends (who have openssh-server running) but to do it in a completely encrypted way.

For example, a friend of mine in Michigan is a studio engineer. He mixes audio tracks for a recording studio. Sometimes, when he wants a second opinion, he’ll send me what he’s working on so I can give him my opinion. Now, since this is all copyrighted music which has not even been released to the public, he’s naturally reluctant to post it on a filesharing service or web site, and the files are often too large for email. Instead, we transfer using SCP.

The format for an scp command is:

scp filename user@remote-host:/where/to/save/it

So my friend, on the other side of the country, would enter something like

scp MyNewMix.wav nick@joshs-computer.com:/home/nick/mixes

This example is assuming my computer is accessible from joshs-computer.com and that he has a user account on it named nick. His file will be copied to my computer over a fully encrypted connection without having to be stored at some third-party website or email server.

2. Mount a network drive securely

Now here is my #1 favorite use of SSH. If you’re a Linux user, you’re probably familiar with mounting drives. You have a device like a cdrom drive (say, /dev/hdc for example), and to access it, you mount it to a directory such as /media/cdrom. Well you can use that same principle with a program called SSHFS to mount a filesystem over a network/internet and attach it to a directory on your computer.

SSHFS is not part of the standard openssh package. It’s a separately developed program that you’ll install independently using your normal package manager.

Let’s go back to the example with my friend at the studio. Perhaps he’s got several new mixes for me instead of just one, or perhaps we do this so often that using SCP to transfer back and forth starts to become a hassle. Well, if he’s got openssh-server installed and I have an account on his computer, I can mount his hard drive to any directory I wish. The command follows the structure:

sshfs user@remote-host:/what/I/want /where/to/put/it

So to connect to Nick’s computer I’d use something like:

sshfs josh@nicks-computer.com:/home/nick/mixes /home/josh/nicks-computer

That would make it so that any time I access the folder /home/josh/nicks-computer from my machine, it would actually connect to Nick’s computer over SSH and give me access to all those files just as if they were sitting in a normal directory on my computer. Any changes I make are made to the files on his computer, it’s completely transparent. I can use whatever audio software I like to work with the files, they are completely oblivious to the fact that they’re really reading the file from 2500 miles away.

A word of warning about SSHFS: since it’s reading the files over the internet instead of locally, combined with the encryption overhead, SSHFS can be SLOW. You probably wouldn’t want to use it to access files that need lots of speed or are constantly being read or written.

There are many great uses for SSH and related tools. I’d love to hear what other tricks you may have. SSH tunneling, for example, can be hugely beneficial for some people, but doing it justice would require an article of its own. Do you have any other tips to get the most out of SSH?