8 Reasons to Embrace SSH
Jesse Gorzinski seeks to convince you to embrace SSH, another way to run commands on IBM i.
By Jesse Gorzinski08/29/2017
Today, I’d like to convince you to also embrace SSH, another way to run commands on IBM i. SSH stands for “Secure SHell.” Especially for open source technologies, an SSH terminal emulator is a better option than QSHELL. I’ve been convinced for a while. In fact, I found this graphic from a Python presentation I did two years ago:
Today, I hope to convince you also. So, let’s take a look at eight reasons to ditch QSHELL and embrace SSH!
It’s EasyGetting started with SSH is really simple. For server-side setup, all you need is the 5733-SC1 product installed. This product delivers OpenSSL and OpenSSH, both of which are open source projects. Once the product is installed, start the OpenSSH server job by running the following command:
- STRTCPSVR *SSHD
Remember, if you have insights or questions, feel free to bring them to the IBM i Open Source community. Follow the links on the right-hand side of this page to find us on Ryver, LinkedIn, or Twitter.
It’s SecureAs you might guess from the name (“Secure SHell”), SSH implements an industry-accepted, secure protocol. All the data is encrypted. Also, SSH doesn’t require certificate management, instead relying on a trusted set of known hosts to verify the identity of the server. It’s easy to add a server to the “known hosts” list: the client will ask when you first connect to a system.
It Has Great FeaturesWhat about usability? SSH wins there, too. In my previous post, I discussed some of the shells available to you (and how to set your preferred shell). Each of these shells has its own set of usability features. I’d like to discuss some of my favorite features of my preferred shell, bash!
Tab CompletionWhen traversing the filesystem with common commands like “cd,” “ls,” and others, bash allows for file and directory names to be auto-completed. Say, for instance, I want to change my current directory to /QOpenSys. I can start by typing “/QOp”:
And then press the [tab] key:
Since there’s only one directory matching what I’ve already entered (“/QOp”), it completes the name. This can be a huge time-saver for those who spend a lot of time on the command line.
Up/DownOn 5250 interfaces, we’ve grown accustomed to the PF9 key, which will recall previous commands. A similar function exists in bash. Just use the up and down arrow keys to recall and cycle through previous commands. Since the up and down arrows let you cycle through previous commands in two directions, it is an upgrade from PF9.
Persistent HistoryEven better, bash stores your history across sessions. So, when you first connect, the up arrow will even get you to some of the commands you ran in a previous session!
Command SearchYet another way to find previous commands is to use the reverse search function in bash. Just press <ctrl+r> at the prompt. This enters into reverse search mode:
Type in a search term, and bash will find previous commands containing the text of interest. In this example, I remembered I ran a command that had something to do with keys:
Many More…One can do lots of other neat tricks in bash as well. Some other keystrokes that are handy for the command-line guru might be:
- Home key or <ctrl>+a: goes to the beginning of the line
- End key or <ctrl>+e: goes to the end of the line
- <ctrl>+w: clears the previous word/token
- <alt>+d: clears the next word/token
- <ctrl>+k: clear the line after the cursor
- <ctrl>-u: clear the line before the cursor
It Works Much Better With Open SourceGenerally speaking, open-source software expects its output to be handled by a full-featured terminal, namely a Unix terminal. Your SSH client is a Unix terminal emulator, so it handles this output properly. A 5250 emulator is not a terminal emulator, and therefore is deficient in this regard. One simple demonstration of such is text formatting. In this example, I run the Node package manager (npm) command in an SSH terminal:
It gives me some colors, highlighting, and even a text-based progress bar to show its status. When it’s done, I get some nicely-formatted output with some warnings (I ran npm from a directory that isn’t a Node.js project. We’ll talk about this in a future blog post):
That’s pretty user-friendly, right? What happens if I try to run this in a 5250 emulator?
Why so ugly? In short, the 5250 emulator doesn’t know how to handle the control characters used to handle cursor positioning, formatting, etc. It works, but the SSH experience is significantly more usable.
Plus, QSH won’t even work for some things! Here, I just run the ‘node’ command to enter the Node.js REPL (read, eval, print loop) interface:
You can get this to function by manipulating an environment variable (QIBM_MULTI_THREADED) and restarting the QSHELL interface. But, why bother? It works without issue in an SSH terminal.
Because we’re emulating a terminal, there are many more advanced things that can be done. For instance, here’s a terminal-based debugger (pudb) for Python:
If you’re looking for something less productive, but more fun, you can play with curl, which is shipped with 5733-OPS option 7. Here, I check Rochester, Minnesota’s weather forecast for today, using the wttr.in service, from my IBM i system:
It’s Well-KnownWhen you use an SSH terminal, you’re using industry-standard technology. Practically the entire Linux community has relied on a terminal to perform tasks. Plus, as mentioned earlier, it’s readily available on MacOS and Windows and most other operating systems. Simply put, this technology is becoming a common element of a techie’s skill set. Even someone unfamiliar with IBM i can be given an SSH terminal and be proficient right away.
It Allows for Password-Free LoginMuch like other interfaces, SSH supports password-based authentication. SSH also allows for key-based authentication. The steps to do this are fairly simple:
- On the client, generate a public/private key pair. PuTTY ships a PuTTYgen utility to do this. For other clients, use the “ssh-keygen” command that comes with OpenSSH. This will generate a public key and a private key. Keep your private key safe and do not share it.
- Send the public key file from your PC to the server (/home/yourprofile directory in the IFS)
- On the server, add the contents of the public key to the file ~/.ssh/authorized_keys. The command will be something like “cat id_rsa.pub >> ~/.ssh/authorized_keys”
It’s FreeThis probably goes without saying, but the SSH support on both the server and client is free. No licenses to buy. No ads. Just free!
It’s More Than Just a TerminalIn today’s discussion, I’ve focused on using SSH for terminal access to IBM i. It should be noted, however, that the capabilities of SSH go far beyond that. Running an SSH server on IBM i enables many utilities that can make your life easier. Here are just a few things you can do:
- Transfer files with the scp or sftp utilities (part of OpenSSH), or tools that are built on top of them. One of my favorites is WinSCP, an open source SFTP client , among other things (I recommend “Explorer mode”). There are also mobile apps that can access the IBM i filesystem and edit files using SSH.
- Synchronize files, find differences, or implement speedy incremental backups with the mightyand versatile rsync tool.
- Host a git repository on IBM i. When doing so, SSH is the preferred way for a git client to access that repository.
To Sum it up…SSH is a fantastic alternative to the tried-and-true 5250 interfaces for accessing a shell (or the filesystem). Today, I provided eight of my own reasons. If you find yourself in QSHELL, browsing directories or running open source programs, I employ you to consider an alternative. When you do, you’ll probably have other things to add to this list!
Jesse Gorzinski is the business architect of open source technologies.