Connecting to the Lab from Outside

  • Installing a ssh Client on Windows
  • Installing a ssh Client on a MacIntosh


    • There are several ways of connecting to the labs' Unix computers from the outside world.  To protect our systems from attack these access points must be restricted.  Historically most connections over the Internet have been made using the programs telnet and ftp.  Both of these programs have very serious weaknesses both in their design and in their implementation on a number of particular computer systems, include unfortunately Silicon Graphics computers.

    You cannot use either telnet nor ftp to connect to the lab Unix computers from anywhere.

    The method of access we do support is a protocol called Secure SHell (ssh) and Secure File Transfer Protocol (sftp).  These are widely available protocols, but certainly are not as easily available as the older methods.  In the ssh protocol (and sftp is built upon ssh) each computer has a public and a private key.  Data to be sent to the remote computer is encrypted by that computer's public key.  To be understood the communication stream must be decoded using the private key.  Since only the true destination computer knows the private key no one on the Internet can watch the data flow.  When you log on using ssh your username and password are sent over the network in encrypted form and are safe.  The only problem is that the sending computer must know the receiving computer's public key.  The first time you connect to the remote computer it will send its public key and you will be asked if you want to trust it.  You probably do.

    You don't need to know the whys of all this stuff.  All you have to know is that you should use ssh to connect to our computers, that you will have to accept the public key of our computer the first time, and you will still have to enter your username and password.

    ssh has an alternative scheme of personal public/private keys along with a "pass phrase".  If you send your password you don't need to send a pass phrase.  In most cases the pass phrase stuff is not useful and it will not be discussed further.

    On the remote system you will need an "ssh client".  On Unix systems this will be called "ssh".  Just type "ssh" and the name of the remote computer and away you go.  If you are on a Windows or MacIntosh computer you will need a particular piece of software.
     

    Installing an ssh Client on Windows

    The University has a site license for a Windows ssh client.  You can download it from ftp://public.uoregon.edu/software/Network Software/Secure/SSHWinClient-3.0.0.exe.  This is an installation program and will show you a dialog box when you fire it up.  Accepting the defaults will probably work in all cases.
     

    Installing an ssh Client on a MacIntosh

    1. Use a web browser to go to www.macssh.com.  Click on the link to download either MacSSH_PPC.sit.hqx (for PowerMacs) or MacSSH_68k.sit.hqx (for older Macs).
    2. Open the folder named MacSSH PPC or MacSSH 68k and double click on the MacSSH application.
    3. Select Edit Favorites under the Favorites menu.  Click on <Default>, then click on the Change button.
    4. Under the General tab in the dialog box that appears, enter your favorite Host Name (e.g., iron.uoregon.edu).
    5. Under the Security tab, select ssh2 for the protocol.  Do not enter a username or password.
    6. Under the SSH2 tab, select 3DES for encryption, SHA1 for authorization, and <none> for compression.  Make sure that "Never trust unknown host key" is not checked.
    7. At this point, you should be able to connect by giving a username and password when you select Open Connection under the File menu.