i For Business Event Logo

Bookmark and Share
RSS

Recent Posts

Eight Reasons to Embrace SSH

August 29, 2017

In my previous post, I gave a brief introduction to the concept of a shell and focused on SSH connectivity. Often, when we think of a command-entry interface to our IBM i system, we think of a 5250 emulator. Perhaps we also know QSHELL as an interface to run open source or other commands in the root (/) or /QOpenSys filesystems.

Today, I’d like to convince you to also embrace SSH, another way to run commands on IBM i. SSH stands for “Secure SHell.” Especially for open source technologies, an SSH terminal emulator is a better option than QSHELL. I’ve been convinced for a while. In fact, I found this graphic from a Python presentation I did two years ago:

slash_qsh.jpg


Today, I hope to convince you also. So, let’s take a look at eight reasons to ditch QSHELL and embrace SSH!

It’s Easy
Getting started with SSH is really simple. For server-side setup, all you need is the 5733-SC1 product installed. This product delivers OpenSSL and OpenSSH, both of which are open source projects. Once the product is installed, start the OpenSSH server job by running the following command:
  • STRTCPSVR *SSHD
Once the server job is running, you just need an SSH client on your workstation. Mac and Linux users most likely already have one around. For Windows users, there are several options, including PuTTY, the openssh package as part of the Cygwin project, and the Linux Subsystem for Windows. For most of these clients, you can connect an SSH terminal by running “ssh user@system” from the command line. PuTTY allows configuration and launching from a graphical user interface.

Remember, if you have insights or questions, feel free to bring them to the IBM i Open Source community. Follow the links on the right-hand side of this page to find us on Ryver, LinkedIn, or Twitter.

It’s Secure
As you might guess from the name (“Secure SHell”), SSH implements an industry-accepted, secure protocol. All the data is encrypted. Also, SSH doesn’t require certificate management, instead relying on a trusted set of known hosts to verify the identity of the server. It’s easy to add a server to the “known hosts” list: the client will ask when you first connect to a system.  

It Has Great Features
What about usability? SSH wins there, too. In my previous post, I discussed some of the shells available to you (and how to set your preferred shell). Each of these shells has its own set of usability features. I’d like to discuss some of my favorite features of my preferred shell, bash!

Tab Completion
When traversing the filesystem with common commands like “cd,” “ls,” and others, bash allows for file and directory names to be auto-completed. Say, for instance, I want to change my current directory to /QOpenSys. I can start by typing “/QOp”:

cd_QO.jpg


And then press the [tab] key:

cd_QOpenSys.jpg

Since there’s only one directory matching what I’ve already entered (“/QOp”), it completes the name. This can be a huge time-saver for those who spend a lot of time on the command line.

Up/Down
On 5250 interfaces, we’ve grown accustomed to the PF9 key, which will recall previous commands. A similar function exists in bash. Just use the up and down arrow keys to recall and cycle through previous commands. Since the up and down arrows let you cycle through previous commands in two directions, it is an upgrade from PF9.

Persistent History
Even better, bash stores your history across sessions. So, when you first connect, the up arrow will even get you to some of the commands you ran in a previous session!

Command Search
Yet another way to find previous commands is to use the reverse search function in bash. Just press <ctrl+r> at the prompt. This enters into reverse search mode:

ctrl_R.jpg

Type in a search term, and bash will find previous commands containing the text of interest. In this example, I remembered I ran a command that had something to do with keys:

ctrl_R_results.jpg

Many More…
One can do lots of other neat tricks in bash as well. Some other keystrokes that are handy for the command-line guru might be:
  • Home key or <ctrl>+a: goes to the beginning of the line
  • End key or <ctrl>+e: goes to the end of the line
  • <ctrl>+w: clears the previous word/token
  • <alt>+d: clears the next word/token
  • <ctrl>+k: clear the line after the cursor
  • <ctrl>-u: clear the line before the cursor
It’s also extensible. If you’re an advanced user, you can create custom keymappings, tailor your prompt text, and much more.

It Works Much Better With Open Source
Generally speaking, open-source software expects its output to be handled by a full-featured terminal, namely a Unix terminal. Your SSH client is a Unix terminal emulator, so it handles this output properly. A 5250 emulator is not a terminal emulator, and therefore is deficient in this regard. One simple demonstration of such is text formatting. In this example, I run the Node package manager (npm) command in an SSH terminal:

npm_install_ssh_1.jpg

It gives me some colors, highlighting, and even a text-based progress bar to show its status. When it’s done, I get some nicely-formatted output with some warnings (I ran npm from a directory that isn’t a Node.js project. We’ll talk about this in a future blog post):

npm_install_ssh_2.jpg

That’s pretty user-friendly, right? What happens if I try to run this in a 5250 emulator?

npm_install_qp2term.jpg

Why so ugly? In short, the 5250 emulator doesn’t know how to handle the control characters used to handle cursor positioning, formatting, etc. It works, but the SSH experience is significantly more usable.
Plus, QSH won’t even work for some things! Here, I just run the ‘node’ command to enter the Node.js REPL (read, eval, print loop) interface:

node_qsh.jpg

You can get this to function by manipulating an environment variable (QIBM_MULTI_THREADED) and restarting the QSHELL interface. But, why bother? It works without issue in an SSH terminal.

Because we’re emulating a terminal, there are many more advanced things that can be done. For instance, here’s a terminal-based debugger (pudb) for Python:  

pudb_putty.jpg

If you’re looking for something less productive, but more fun, you can play with curl, which is shipped with 5733-OPS option 7. Here, I check Rochester, Minnesota’s weather forecast for today, using the wttr.in service, from my IBM i system:

curl_wttr.jpg


It’s Well-Known
When you use an SSH terminal, you’re using industry-standard technology. Practically the entire Linux community has relied on a terminal to perform tasks. Plus, as mentioned earlier, it’s readily available on MacOS and Windows and most other operating systems. Simply put, this technology is becoming a common element of a techie’s skill set. Even someone unfamiliar with IBM i can be given an SSH terminal and be proficient right away.

It Allows for Password-Free Login
Much like other interfaces, SSH supports password-based authentication. SSH also allows for key-based authentication. The steps to do this are fairly simple:
  1. On the client, generate a public/private key pair. PuTTY ships a PuTTYgen utility to do this. For other clients, use the “ssh-keygen” command that comes with OpenSSH. This will generate a public key and a private key. Keep your private key safe and do not share it.
  2. Send the public key file from your PC to the server (/home/yourprofile directory in the IFS)
  3. On the server, add the contents of the public key to the file  ~/.ssh/authorized_keys. The command will be something like “cat id_rsa.pub >> ~/.ssh/authorized_keys”
Once these steps are done, you no longer need your password to log in. It’s secure and convenient!

It’s Free
This probably goes without saying, but the SSH support on both the server and client is free. No licenses to buy. No ads. Just free!

It’s More Than Just a Terminal
In today’s discussion, I’ve focused on using SSH for terminal access to IBM i. It should be noted, however, that the capabilities of SSH go far beyond that. Running an SSH server on IBM i enables many utilities that can make your life easier. Here are just a few things you can do:
  • Transfer files with the scp or sftp utilities (part of OpenSSH), or tools that are built on top of them. One of my favorites is WinSCP, an open source SFTP client , among other things (I recommend “Explorer mode”). There are also mobile apps that can access the IBM i filesystem and edit files using SSH.
  • Synchronize files, find differences, or implement speedy incremental backups with the mightyand versatile rsync tool.
  • Host a git repository on IBM i. When doing so, SSH is the preferred way for a git client to access that repository.
To Sum it up…
SSH is a fantastic alternative to the tried-and-true 5250 interfaces for accessing a shell (or the filesystem). Today, I provided eight of my own reasons. If you find yourself in QSHELL, browsing directories or running open source programs, I employ you to consider an alternative. When you do, you’ll probably have other things to add to this list!

Posted August 29, 2017 | Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus