The programs ssh, slogin and scp function as drop-in replacements for rsh, rlogin and rcp. They differ in that your connection is encrypted. This means that the information you type, including your password, cannot be intercepted as it travels across the network.
"So what? I don't care if people can see what I'm typing." This may be true, but if an eavesdropper captures your password, he'll be able to login to your account. At a minimum he can delete your files, read your mail, and send mail under your name. In the worst case he can leverage his limited access to interfere with the system as a whole, possibly causing harm to other users.
Method A) From a unix system, just type ssh instead of telnet.
e.g., ssh kfesg.lbl.gov, or ssh -l differentusername kfesg.lbl.gov
Read "man ssh" if you run into any problems.
In addition, you should use scp in place of ftp. The syntax of scp is similar to that of rcp. Read "man scp" for details.
example 1, scp ~/src/*.c kfesg.lbl.gov:~/linux-src
will copy all .c files from the src subdirectory of your home directory to the linux-src subdirectory on the SGI system. Note that the linux-src directory must already exist on the remote system.
example 2, scp -r jdanders@kfesg:~/* /scratch-local/my-SGI-home-directory
recursively copies everything from my home directory on kfesg to a subdirectory of the local linux scratch directory. Note that I specified my username on the SGI because it's different than on the current system. Normally you won't have to to that. Again, note that the target directory, /scratch-local/my-SGI-home-directory, must already exist.
If ssh and scpare not installed on a unix machine you use, ask the system manager to install them.
From a Mac or Windows PC, if the client is installed there should be an icon or Start menu option labeled F-Secure SSH. If not, see below.
Method B) You need a public and a private key. You make the key on the machine that you are logging in from (the client). You run the command
ssh-keygen
This will ask for a "pass phrase". Do not use your password, but rather some phrase that you can remember (it can be quite long) It will make two files in your $HOME/.ssh/ directory called identity and identity.pub. Neither of these should be readable by anyone but you. (Make sure that you have this right). Login to the remote machine (server) and put the identity.pub into a file called authorized_keys in the directory $HOME/.ssh/ using ftp. Do not move identity to the server. If you want to login from more than one client, you must append each client's public key to the server's authorized_keys file. You then connect from the client to the server using the command ssh instead of telnet. You will then be challenged for the passphrase. If this fails it will ask for your password. In this method, a cracker needs both your private key (which is why the file should not be readable by anyone but you) and the "pass phrase".
The Mac and Windows SSH clients are commercial products, but the lab owns a site license. For information see the Lab's website to download the software. Please note that this page is only accessible from within LBL, nonetheless lab employees are entitled to install the software on their home computers.