Sometimes "ssh", like other utilities, can be upgraded or installed only to have accounts picking up the wrong versions of either "ssh", "scp", "ssh-keygen" or the other associated utilities. To verify that we are getting the right versions from the right locations, you should perform the following.
Typing "ssh", without any options or hostnames, at the workstation prompt, should provide output similar to this:
[WOMBATNET:/home/wombat]
$ ssh
Usage: ssh [options] host [command]
Options:
-l user Log in using this user name.
-n Redirect input from /dev/null.
-F config Config file (default: ~/.ssh/config).
-A Enable authentication agent forwarding.
-a Disable authentication agent forwarding (default).
-X Enable X11 connection forwarding.
-x Disable X11 connection forwarding (default).
-i file Identity for public key authentication (default: ~/.ssh/identity)
-t Tty; allocate a tty even if command is given.
-T Do not allocate a tty.
-v Verbose; display verbose debugging messages.
Multiple -v increases verbosity.
-V Display version number only.
-P Don't allocate a privileged port.
-q Quiet; don't display any warning messages.
-f Fork into background after authentication.
-e char Set escape character; ``none'' = disable (default: ~).
-c cipher Select encryption algorithm
-m macs Specify MAC algorithms for protocol version 2.
-p port Connect to this port. Server must be on the same port.
-L listen-port:host:port Forward local port to remote address
-R listen-port:host:port Forward remote port to local address
These cause ssh to listen for connections on a port, and
forward them to the other side by connecting to host:port.
-D port Enable dynamic application-level port forwarding.
-C Enable compression.
-N Do not execute a shell or command.
-g Allow remote hosts to connect to forwarded ports.
-1 Force protocol version 1.
-2 Force protocol version 2.
-4 Use IPv4 only.
-6 Use IPv6 only.
-o 'option' Process the option as if it was read from a configuration file.
-s Invoke command (mandatory) as SSH2 subsystem.
-b addr Local IP address.
The above output confirms that "ssh" is installed on your workstation and will provide a quick overview, in the case of the OpenSSH client software, of the possible options that may be used on the command line.
Next, it would be useful to determine the state of the other utilities associated with "ssh", so we need to find out where the binaries are installed. We can do this by typing "where" or "whence", depending on our shell:
[WOMBATNET:/home/wombat]
$ whence ssh
/usr/bin/ssh
The above tells us that we should look in "/usr/bin" for "ssh" and the associated executables:
[WOMBATNET:/home/wombat]
$ cd /usr/bin
[WOMBATNET:/usr/bin]
$ ls -al s*
-rwxr-xr-x 1 root sys 26048 Jun 26 15:08 scp
-rwxr-xr-x 1 root sys 46892 Jun 26 15:08 sftp
lrwxr-xr-x 1 root sys 3 Jun 26 15:08 slogin -> ssh
-rwxr-xr-x 1 root sys 228700 Jun 26 15:08 ssh
-rwxr-xr-x 1 root sys 43120 Jun 26 15:08 ssh-agent
-rwxr-xr-x 1 root sys 80592 Jun 26 15:08 ssh-keygen
-rwxr-xr-x 1 root sys 146908 Jun 26 15:08 ssh-keyscan
The above file listing was trimmed down to show only the "ssh" binary and all of the associated utilities that we are interested in. As you can see from the above, the date/time stamp is the same on each one of these files. This confirms, at least in principle, that they were all installed at the same time. You may want to verify that you are picking up the other commands in the same place by using a "whence" or "where" as we did with the "ssh" command. If for some reason the dates are not the same between the files on your system, you should check with your local support staff.
[WOMBATNET:/usr/bin]
$ cd ~
[WOMBATNET:/home/wombat]
$ whence scp sftp ssh-agent ssh-keygen ssh-keyscan
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
The above proves that all of the utilities appear to be from the same release as well.
It would also be useful to know the precise version of "ssh". Type "ssh -V" at the command prompt:
[WOMBATNET:/home/wombat]
$ ssh -V
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
Record the version information, as it can be important for troubleshooting.
Given all of the above we now know that all of the "ssh" client software is from the same release, given the date/time stamp information and that we are executing all of the software from the same location.
If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.