Skip to main content

Remote access using SSH and SCP

Many Linux and Unix systems are accessible using ssh, rsync, scp, sftp and other tools. Remote access can be used to retrieve files, and to run commands with access to your AFS home directory.

SSH is the preferred access method since it is secure and available for all platforms. We recommend using Kerberized SSH (GSSAPI), where no password leaves your local machine.

After configuring SSH (in ~/.ssh/config or the equivalent), you can connect to the shell server for your affiliation. In most Unix-like operating systems, this can be done using

kinit -f username@KTH.SE
ssh student-shell # or faculty-shell staff-shell affiliate-shell…

Note: All examples use username and student-shell – replace this with your KTH username (without, and the server you are connecting to.

Note on host keys

Using GSSAPIKeyExchange you will not get prompts like

The authenticity of host '' can't be established.
ECDSA key fingerprint is SHA256:kU4+41LFakE+D/D/FPPo2faB+/QjNtyemz/xAJfx+4E.
Are you sure you want to continue connecting (yes/no)?

username@student-shell's password:

Instead, Kerberos authentication is used both to confirm server identity (instead of host keys), and to authenticate you (instead of a password).

However, if you cannot use GSSAPI (or like ssh in macOS, cannot use GSSAPIKeyExchange), you need to use host keys. The list of public shell servers  provides host keys for all servers.