ssh
CDknown_hosts
filessh
CD There are regular occurrences of account details for Cambridge
University computer systems being captured when their legitimate users
log in from remote locations using a system or a network which is in
some way insecure. Typically such a user will be using a Telnet or FTP
client, or the Unix commands rlogin
or rsh
.
As well as the possible effect of this on the owner of the account, it should be noted that an intruder intent on compromising the security of a Cambridge system is greatly assisted in getting system-level access to the machine by the acquisition of access to a user account.
An alternative and much more secure method of logging in to many
Unix systems around the University is available: ssh
provides an alternative to rlogin
, rsh
,
rcp
and telnet
for accessing a machine at a
remote location. When an ssh
client is used all data
(including passwords) is transmitted in an encrypted form so that it
cannot be usefully intercepted.
Unix Support has produced a CD containing ssh
clients
for a wide variety of Unix systems and a client for Win32 systems and
Macintoshes. The CD is intended for use by staff and students of the
University who are visiting remote locations that do not offer
ssh
already but which allow users to access CDs and who
wish to use their Cambridge accounts while they are away.
The CD is available to staff and students from Computing Service Reception free of charge. The current pressed version carries the volume title UCAM_SSH_CD_05.
Please note that this software is unsupported. It is certainly not supported by the Help Desk who have nothing to do with it. Unix Support cannot offer end-user support either; there are just too many varieties of system out there and we don't "do users" very well either. Unix Support will gratefully receive, however, informed comment on how to make future versions of the CD better.
The CD contains a directory for each type of operating system it
supports. These in turn contain the ssh
program (or its
equivalent for MacOS and Win32).
To get at the client program for any supported Unix platform change
to the relevant directory and run the ssh
program found
there. ssh
can be though of (and used) in a manner akin
to telnet
, rlogin
and rsh
.
On a PC running MicroSoft Windows (NT or '9x) change to the
Win32
directory and run the PuTTY
program.
It will present you with a window letting you select the host to
contact and whether you want ssh enabled (warning: by default it is
not). Then it will present a window running a telnet client (with
encryption if you asked for it previously).
The CD also contains a file called known_hosts
. This is
a set of codes that lets the ssh
program check that it is
talking to the right Cambridge system. These are not secret
passwords and can be widely spread, but certain cryptographic
information about them is known only to the real machine they
correspond to.
Because the number of Cambridge systems running the
ssh
server is always increasing it is quite possible that
the system you are trying to connect to is not in the list. For this
reason we make available the most up to date known hosts file that we
can, in addition to the copy of the CD version.
Some of the text files come in three formats: "unix",
"Windows" and "Macintosh". The difference is in
the line termination characters only. The files are called, for
example, README
, README.TXT
and
README.MAC
respectively.
"Frequently" is a bit of an exaggeration. The CDs not been out long enough for there to have been any frequency to the questions yet. These are really the "questions asked more than once".
This page maintained by Unix Support.
Last modified: 2001-05-21 by RJD.
Change history:
2001-05-21: Change to refer to version 05.
2000-02-11: Change to refer to version 04.
2000-01-26: Added link to raw CD image.
1999-11-19: Change to refer to version 03.
1999-07-13: Original version.