SSH 16 Apr 2001 The Multinet version 4.3 recently installed on the VMS machines supports SSH. SSH is like RSH but is more secure. All messages are encrypted (including any passwords that you might type). SLOGIN (which equivalent to rlogin and is the same as SSH with no command specified) is defined as an alias for SSH. There was no SFTP included in this version of Multinet. Some instutitions (and perhaps Steward Observatory someday) only allow SSH connections. And Steward Observatory is already blocking X11 packets coming outside its network. (X11 packets are used for things like the CLASS displays.) SSH maps X11 packets to its own port so they still get through. Like on Unix machines, SSH uses a subdirectory, SSH, in your home directory which used for some files it needs (such as KNOWN_HOSTS). (The subdirectory is created for you the first time you use SSH.) Each time you SSH to a machine, SSH checks for the machine in KNOWN_HOSTS. If it doesn't exist, it will add it plus its "fingerprint" to this file (and prompt you to be sure that this is OK). If you want to set up SSH so that you don't need to type a password, the following scheme is recommended: For each machine you will be using, run the ssh-keygen program. (On VMS you type MULTINET SSHKEYGEN. In Unix, just type ssh-keygen.) This generates two files in the SSH subdirectory: identity and identity.pub. Identity contains your private (encryption) key and identity.pub has your public key. After running this on each machine, concatenate the various identity.pub files and place the result in authorized_keys. in the SSH subdirectory of each machine. (Technically, authorized_keys doesn't need the identity.pub contents from the machine where it is stored, but it doesn't hurt and this way you can use the same authorized_keys file on all machines. And authorized_keys is only needed on the destination machines.) Note that in VMS, authorized_keys. is spelled with a period at the end, but there is no period in the corresponding Unix file name.