Quick Info DoIT Home Forms Forwarding your e-mail Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Technical Support Documentation

SSH Client 3.2.9 for Microsoft Windows

---

Table of Contents

What is SSH? What is SFTP?
Installation
Secure Shell Client
Secure File Transfer Client
ID Changed Warning
More Information

---

What is SSH? What is SFTP?

SSH (Secure Shell Protocol) is a secure replacement for telnet and is used to open a terminal session on a remote host (i.e., a remote computer). SFTP (Secure File Transfer Protocol) is a secure replacement for FTP and is used to transfer files between your computer and a remote computer. The SSH Client for Microsoft Windows provides both SSH and SFTP connections to a remote host. The advantages of SSH/SFTP over telnet/FTP are:

1. All information transmitted between your computer and the host is encrypted.  This protects your password during login as well as information transmitted after logging in.

2. If available, you can use a publicly published "fingerprint"  for a host's "key" to verify the host's identity.

---

Installing SSH Client 3.2.9 for Microsoft Windows

1. Download SSH  from http://www.sfsu.edu/~doit/helpdesk/wdevapp.htm.  Be sure to remember where you saved it. Once downloaded, double click on the SSHSecureShellClient-3.2.9.exe icon to begin installation.
    
2. Click Next at the Welcome window.
3. Click Next at the License Agreement window after reading the license agreement.  This is a non-commercial version of the SSH Client and it is licensed for non-commercial use only.
4. Click Next to accept the default settings at the Choose Destination Folder window.
5. Click Next to accept the default settings at the Select Program Folder window.
6. Click Next to install all components in the Select Components window.
7. The Setup Status window will show you the progress of your installation then will be replaced by the Setup Complete window.
8. Click Finish in the Setup Complete window.

TOP OF PAGE

---

Using the Secure Shell Client to Connect to a Remote Host (replaces telnet)

1. Start the SSH Secure Shell Client by selecting Start > (All) Programs > SSH Secure Shell > Secure Shell Client.
2. Use the menus to start your connection by selecting File > Connect.
3. A Connect to Remote Host window will appear.
   
   
4. Fill in the name of the computer you want to connect to in the Host Name: field.  For example, apollo.sfsu.edu is an on-campus host you can connect to using your SFSU account name and password..
5. Fill in your account name in the User Name:  field.  When connecting to apollo.sfsu.edu (or libra.sfsu.edu) your account name is the same as your SFSU e-mail account name.  For example, if your e-mail address is MyAccount@sfsu.edu your account name would be MyAccount.
6. Click Connect.
7. If this is the first time you connect to a particular host using either the SSH or SFTP client, you will receive a Host Identification message informing you that an encryption key for the remote machine is being created. Do NOT click on any of the buttons yet!
   
   The fingerprint for the host public key will be displayed and will look similar to:
   
   xumel-pepib-dyzaf-bidom-zopyh-kodab-bevik-codur-fofat-tanuz-byxax
   
   If you are connecting to apollo.sfsu.edu, libra.sfsu.edu, online.sfsu.edu, or www.sfsu.edu, browse to SSH/SFTP Fingerprints for DOIT Supported Hosts to verify that the fingerprint matches one of the fingerprints published for the host you are connecting to. Read the sections What does it mean if the Fingerprints Don't Match? and What if the fingerprints matched originally but now they don't?
   • If the fingerprints do NOT match, click the Cancel button to cancel your connection. Call 415-338-1420 and ask for the Consultant On Duty or fill out a Help Desk Service Request. Mismatched fingerprints might mean that your connection has been compromised.
   • If the fingerprints DO match, click the Yes button to continue making your connection.
     
     
8. You will be prompted for your password. Enter it then click OK.
   
   
9. An Add Profile window will appear after a successful Quick Connect.  If you select it quickly (it disappears after a few seconds if you don't) you can create a profile for the host you are connecting to.  The profile will contain both the host name and account name you entered.  If you connect to multiple hosts, or have more than one account on a single host, you should create profile names that reflect this information.  You should not use spaces in profile names but may use hyphens or underscores.  This avoids conflicts between profiles.
   
   When you want to connect to this host in the future you can do so by selecting File > Profiles > Profile Name (e.g. File > Profiles > apollo-YourAccount).
    
10. Once you are logged in you can use your SSH session just as you would a telnet session.  When you are finished, log out then close the SSH client using File > Exit.

TOP OF PAGE

---

Using the Secure File Transfer Client to Transfer Files to a Remote Host (replaces FTP)

The Secure File Transfer Client is a direct replacement for FTP applications. You can use it to transfer files to your account on apollo or libra in order to create and maintain a web site, or anything else that requires you to transfer files between your computer and a remote host.

1. Start the SSH Secure File Transfer Client by selecting Start > (All) Programs > SSH Secure Shell > Secure File Transfer Client.
2. Use the menus to start your connection by selecting File > Connect.
3. A Connect to Remote Host window will appear.
   
   
4. Fill in the name of the computer you want to connect to in the Host Name: field.  As an example, apollo.sfsu.edu has been entered in the image above.
5. Fill in your account name in the User Name:  field.  If you are connecting to apollo.sfsu.edu or libra.sfsu.edu your account name is the same as your SFSU e-mail account name.  For example, for the e-mail address MyAccount@sfsu.edu the account name would be MyAccount.
6. Click Connect.
7. If this is the first time you connect to a particular host using either the SSH or SFTP client, you will receive a Host Identification message informing you that an encryption key for the remote machine is being created. Do NOT click on any of the buttons yet!
   
   The fingerprint for the host public key will be displayed and will look similar to:
   
   xumel-pepib-dyzaf-bidom-zopyh-kodab-bevik-codur-fofat-tanuz-byxax
   
   Browse to SSH/SFTP Fingerprints for DOIT Supported Hosts to verify that the fingerprint matches one of the fingerprints published for the host you are connecting to, in this case for apollo.sfsu.edu. Read the sections What does it mean if the Fingerprints Don't Match? and What if the fingerprints matched originally but now they don't?
   • If the fingerprints do NOT match, click the Cancel button to cancel your connection. Call 415-338-1420 and ask for the Consultant On Duty or fill out a Help Desk Service Request. Mismatched fingerprints might mean that your connection has been compromised.
   
   
8. You will be prompted for your password. Enter it and click OK.
   
   
9. An Add Profile window will appear after a successful Quick Connect.  If you select it quickly (it disappears after a few seconds if you don't ) you can create a profile for the host you just connected to.  The profile will contain both the host name and account name you just entered.  If you connect to multiple hosts, or have more than one account on a single host, you should create profile names that reflect this information.  Do not use spaces in profile names.  This avoids conflicts between profile settings.
   
   To make a connection using a profile select File > Profiles > Profile Name (e.g. MyAccountAtApollo).
    
10. Once you are logged in the main SSH Secure File Transfer window will open. The left pane displays files and folders on your computer and the right pane displays files and folders on the remote host..
    
    
11. Uploading files and folders.
    1. Determine the correct File Transfer Mode.  Pure text files must be transferred in ASCII mode, all other files must be transferred in Binary mode.  For example, web page files (.htm or .html) are pure text and must be transferred in ASCII mode.  Graphic files for your web pages (.gif or .jpg) must be transferred as binary files.  You can explicitly set which mode to use before starting a file transfer or you can use the Autoselect mode and let the program try to determine the correct mode.
    2. Set the transfer mode for the files you are about to transfer: Select Operation > File Transfer Mode > (choose from) ASCII, Binary, or AutoSelect.
    3. Select the files and folders you want to upload from the left pane (your local computer).  Unless you are in AutoSelect mode don't mix text and binary files.  Like using Windows Explorer, you can use shift-click to select a block of files and folders, and you can use ctrl-click to add and remove individual files or folders from your selection.
    4. Select  Operation > Upload.
12. Downloading files and folders.
    1. Select the transfer mode.
    2. Select files and folders to be downloaded from the right pane (the remote computer).
    3. Select Operations > Download .
13. When you have completed transferring files end your session by selecting File > Disconnect.
14. When prompted to disconnect click Yes.

TOP OF PAGE

---

What if the Host Identification has Changed?

After accepting a key for a host, you may be warned on a subsequest connection that the host identification has changed. This happens if the key on the host is not the same as the key you previously stored for that host.

The most common cause is that the encryption key on the host has been changed, but it is possible that you are the victim of a man-in-the-middle-attack. Browse to SSH/SFTP Fingerprints for DOIT Supported Hosts and refresh the page to verify that the fingerprints listed there have been updated and that one of them matches the fingerprint displayed in the warning.

• If you DON'T find a matching fingerprint click the No button to cancel your connection. Call 415-338-1420 and ask for the Consultant On Duty or fill out a Help Desk Service Request. Mismatched fingerprints might mean that your connection has been compomised.

If you find that there is a new fingerprint listed that matches the fingerprint in the warning you may safely continue with the connection.

1. Click on the Yes button to continue with the connection.
2. You will be notified again that the host identification has changed. If you have verified that the fingerprint in the previous warning is listed at SSH/SFTP Fingerprints for DOIT Supported Hosts you should click Yes to save the new host key to your computer and continue with the connection. If you proceeded from the original warning screen without checking that the fingerprint is valid you should click Cancel.
   
   There is a third option, the No button, that lets you continue with the connection but not save the key. Generally you should not choose this option.

TOP OF PAGE

---

More Information About the Non-commercial Version of SSH Secure Shell

This is a non-commercial version of SSH Secure Shell.   It is free for personal and University use only.  Being free, it has a few limitations:

1. It does not include PKI and PKCS #11 functionality.  This means it can only make connections using an account name and password combination for authentication.
2. SSH Communications Security does not provide support to individuals.  For on-line support see their  non-commercial support page and the version 3.2.3  online manual.  You can also download the manual and the version 3.2.9 release notes in Acrobat Reader format (.pdf) from their documentation download page.
3. It is not legal to use the non-commercial version for commercial purposes.  You can read the full license agreement, with all legal restrictions described, at SSH's Non-Commercial License page.  You are agreeing to this license as part of the installation!

TOP OF PAGE

---

HOME

---

Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us

---

Last Modified: 18 Dec 2008
doit@sfsu.edu