SSH (Secure Shell) first and foremost is a secure replacement for the r* programs (rlogin, rsh, rcp, rexec). The reason it is secure is because it uses all kinds of encryption type tomfoolery so that clear text is never sent over a network, it uses RSA keys to authenticate the user to the server and it also uses RSA keys to authenticate the server to the user.

I am making the assumption that you're using the Unix version of ssh (seeing as this is written for the consumption of the Irish Linux Users Group and that windows SSH is both commercial and crap I think it's valid)

Download yourself a copy of the latest ssh at ftp://ftp.cs.hut.fi/pub/ssh/ to begin with (version 1.2.26 as of this writing). After untarring the package type:

./configure
make
make install

If you get adventurous and try sshing to other servers, be warned that you'll be told that the host key is not found from the list of known hosts. This is the public key found in the host's /etc/ssh_host_key.pub file. If you continue to connect, this key will be added to your $HOME/.ssh/known_hosts file. The rationale behind this is that if somebody else ever masquerades as this host, the host key would be different to the entry in known_hosts and ssh will instantly notice and tell you so. The ssh package comes with a script called make-ssh-known-hosts which looks up all the hosts in a DNS domain and adds their host keys to the /etc/ssh_known_hosts file which is also checked by ssh.

The programs themselves:

ssh reads $HOME/.ssh/config and the global configuration file /etc/ssh_config when it starts up. Yet again read the man page for details, most of it is pretty straight forward except for the TCP forwarding options -L and -R. This assumes that you can login to a remote host via ssh. If so then you can use ssh as a secure channel to access unencrypted remote network services such as ftp or pop (it's also a handy way of getting around firewalls).
example:

ssh -L 12345:poo.smooch:21 poo.smooch

ssh-keygen is the program used for generating RSA key pairs. Run ssh-keygen -f /etc/ssh_host_key -N '' if you need to generate new /etc/ssh_host_key and /etc/ssh_host_key.pub files (make install generates these for you by default). Running ssh-keygen on it's own you are asked for a passphrase, this can allegedly be any length you want and it is the passphrase you use to login to a host if you enable RSA authentication in the sshd configuration file. It generates two files, $HOME/.ssh/identity and $HOME/.ssh/identity.pub. These are your default RSA identity keys (you can create different identities by running ssh-keygen -f identity_file then use them by running ssh -i identity_file host). Appending identity.pub to $HOME/.ssh/authorized_keys of any account on any computer allows you the luxury of logging into that account with your RSA passphrase. It also has the added security that somebody must also possess your identity file before the passphrase would work. Another cool thing with authorized_keys is that you can prepend options to the start of a public key so that if somebody logs into an account with the corresponding passphrase and identity file, those options can do things like allow connections only from certain hosts, deny certain types of ssh forwardings, set environment variables or just execute certain commands.
example:

from="localhost",command="echo potatoes" 1024 37 
1508741801398651929640224012546
535610929088627123641067454302800019367830331042978392793032882068267356835208
5596452813266000213480475567422647179234364246663801261753180562216515773813903
5417432487556956228238884121546196774730626451213382495086778016310334685244396
958654066227875380523910928543591111215801 root@poo.smooch

ssh-agent is a daemon that stores a user's authentication keys and passphrase so that when that user runs ssh, ssh-agent automatically does the RSA authentication for that user saving him the bother of entering the password himself. What you do is run ssh-agent with an arbitrary command (usually a shell) as it's argument. Now command and all its' child ssh sessions can be automatically authenticated by ssh-agent, but ssh-agent authenticates nothing by default . You need to run ssh-add [file] where file contains a private identity key such as those generated by ssh-keygen ($HOME/.ssh/identity is the default if no files are specified). You'll be asked to enter the passphrase for that private key. From now on, any ssh session that uses that identity will be automatically authenticated. You can add as many identities as you like, ssh-add -l lists the ones currently loaded in ssh-agent.

scp is the ssh version of rcp which lets you copy a file to a remote host
example:

scp $HOME/.ssh/identity plop@poo.smooch:.ssh/identity

slogin is just a symlink to ssh

1. go to www.replay.com or ftp.replay.com for lots of info on encryption and security etc. but ESP. ssh rpms for redhat ssh-clients-XXXXX.rpm ssh-server-XXXXX.rpm etc.
2. Teraterm Pro is a windows terminal emulator. Useful for telnetting to unix boxen from win95 etc. It has a SSH version called TTSSH which means that you can telnet to a secure linux box from win95 securely.
3. I may at some stage in the future, explain the procedure involved in turning a default redhat box into a completely secure (as possible anyway) box.
   ie.
   1. Upgrading packages re errata
   2. Installing ssh bits
   3. Editing inetd.conf to strip out unnecessary bits.
4. ftp://ftp.netsoc.ucd.ie/pub/computing/ssh has free win32 & win16 ssh clients, together with the cryptography .DLLs needed for using them.

• This tutorial by plop@redbrick.dcu.ie
• Addemdums 1-3 by David Lane
• Addendum 4 by Niall Murphy