From http://www.openssh.org/

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.

The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.

The first things to do with SSH is to replace insecure network communications with secure options. The first to go is telnet. Telnet is a program that allows you terminal access to a machine across the network. The problem is that telnet passes user authentication in the clear. The direct replacement for telnet is ssh.

The next common communcations problem is file transfer, normally ftp. To replace ftp use sftp instead. If you have ever used rcp, SSH has an equivalent in scp.

When you start using SSH you find yourself always entering passwords to access remote hosts. Wouldn't it be nice to enter your password once and be able to access all of your remote resources? You can by using a combination of keys, ssh-agent and your authorized_keys file on the remote host.

To start to use ssh-keygen to create a unique public / private key pair for your ssh use. Once you have a key pair generated you will want to copy the public portion of your key to the remote hosts you access and add that key to the authorized_keys file in the ~./ssh subdirectory.

You need to run ssh-agent so you can provide your ssh credentials to the ssh suite. I normally run it as part of my profile script.

[ -z "$SSH_AUTH_SOCK" ] && eval `ssh-agent`

Finally you unlock your ssh key and provide it to the ssh agent. Use ssh-add to do this.

Note for the truely paranoid. If you are working on a shared system that you do not trust, do not use ssh-agent. It is quite possible for a superuser to assume your identity and your ssh keys once they have been unlocked. I guess if you are that paranoid, then you wouldn't be creating any ssh keys on that system anyway.

I have a backup of data from one location to an off site storage server. On each server there is an account that has limited access to just the data in question.

More information on using ssh port forwarding can be found at:

http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Port_Forwarding.html
http://www.securityfocus.com/infocus/1816

If you are stuck in MS Windows land or haven't yet made the jump to a free operating system (aka Linux or BSD Unix) or an enlightened operating system like Mac OS X, you still have options open for you.

A suite of utilities collectively know as PuTTY are available from http://www.chiark.greenend.org.uk/~sgtatham/putty/

PuTTY provides to Windows all of the ssh functionality.

In case you didn't already know, if you are running Mac OS X you have all of the ssh components built in.