How do I use ssh?

First, you need to get and install ssh on your client workstation, plus it must be installed on the remote system you wish to connect to. You can do this for your own account, or your system administrator can install it for the entire system.

Once installed, there are several ways you can use ssh, each with varying steps you must go through first.

The most basic use of ssh is transparent when compared with the standard Berkeley "r" utilities. In fact, a system administrator can install ssh on both client and remote server workstations and users who connect using rlogin server will see no difference whatsoever, nor will they need to know anything new. This kind of use gets you the most basic protection of encrypted sessions from systems with ssh installed, usually with a fall back capability to the old (and less secure) Berkeley methods if the other system does not support ssh.

If you wish to make security tighter, you can stop using .rhosts and /etc/hosts.equiv files (or disable the Berkeley utilities altogether) and only allow passwordless connections with ssh keys.

Each system has its own public/private key pair that identifies it to other systems. A client system's public key can be placed in a server system's /etc/ssh_known_hosts file to allow the server to authenticate the client by a key exchange dialog.

If the client host's public key (from the /etc/ssh_host_key.pub file) is found in the in the server's /etc/ssh_known_hosts file, and you place the host name in your own .rhosts or .shosts file, you get the same passwordless connection behavior as the standard Berkeley "r" utilities. If the client's key is not found, ssh will prompt you for the password on the server and will transmit this password -- in encrypted form, rather than plain text -- to the server for authenticating your login. This method involves the system administrator, who must place the client's public keys in the server's /etc/ssh_known_hosts file. There is another way to use ssh that doesn't require the administrator's intervention.

Each user account also has a public and private key that identifies that user account. You get this key when you run the ssh-keygen program. It creates a directory called $HOME/.ssh and puts the keys in there. You can now take your public key, found in the $HOME/.ssh/identity.pub file and place it on the server in your $HOME/.ssh/authorized_keys file. Once you have done this, even though the server doesn't know the key of the client workstation, it does now know your key and will allow the login to your account without a password.

To use the X Window System protocol tunneling (if enabled), you only need to log in successfully and ssh will create a DISPLAY environment variable for you that points to a proxy X server on the server system, which passes X protocol traffic to the real X server on the client system. You can start running X client programs as soon as you get a shell prompt.

source: washington.edu