The Unix Support SSH CD


There are regular occurrences of account details for Cambridge University computer systems being captured when their legitimate users log in from remote locations using a system or a network which is in some way insecure. Typically such a user will be using a Telnet or FTP client, or the Unix commands rlogin or rsh.

As well as the possible effect of this on the owner of the account, it should be noted that an intruder intent on compromising the security of a Cambridge system is greatly assisted in getting system-level access to the machine by the acquisition of access to a user account.

An alternative and much more secure method of logging in to many Unix systems around the University is available: ssh provides an alternative to rlogin, rsh, rcp and telnet for accessing a machine at a remote location. When an ssh client is used all data (including passwords) is transmitted in an encrypted form so that it cannot be usefully intercepted.

Unix Support has produced a CD containing ssh clients for a wide variety of Unix systems and a client for Win32 systems and Macintoshes. The CD is intended for use by staff and students of the University who are visiting remote locations that do not offer ssh already but which allow users to access CDs and who wish to use their Cambridge accounts while they are away.

The CD is available to staff and students from Computing Service Reception free of charge. The current pressed version carries the volume title UCAM_SSH_CD_05.

Please note that this software is unsupported. It is certainly not supported by the Help Desk who have nothing to do with it. Unix Support cannot offer end-user support either; there are just too many varieties of system out there and we don't "do users" very well either. Unix Support will gratefully receive, however, informed comment on how to make future versions of the CD better.

CD Contents

The CD contains a directory for each type of operating system it supports. These in turn contain the ssh program (or its equivalent for MacOS and Win32).

To get at the client program for any supported Unix platform change to the relevant directory and run the ssh program found there. ssh can be though of (and used) in a manner akin to telnet, rlogin and rsh.

On a PC running MicroSoft Windows (NT or '9x) change to the Win32 directory and run the PuTTY program. It will present you with a window letting you select the host to contact and whether you want ssh enabled (warning: by default it is not). Then it will present a window running a telnet client (with encryption if you asked for it previously).

The CD also contains a file called known_hosts. This is a set of codes that lets the ssh program check that it is talking to the right Cambridge system. These are not secret passwords and can be widely spread, but certain cryptographic information about them is known only to the real machine they correspond to.

Because the number of Cambridge systems running the ssh server is always increasing it is quite possible that the system you are trying to connect to is not in the list. For this reason we make available the most up to date known hosts file that we can, in addition to the copy of the CD version.

Some of the text files come in three formats: "unix", "Windows" and "Macintosh". The difference is in the line termination characters only. The files are called, for example, README, README.TXT and README.MAC respectively.

Frequently Asked Questions

"Frequently" is a bit of an exaggeration. The CDs not been out long enough for there to have been any frequency to the questions yet. These are really the "questions asked more than once".

  1. Is it legal to use in country X?
    We are not lawyers; we cannot give legal opinions. We have not consulted lawyers; we cannot give anyone elses' legal opinions. For what it's worth the CD carries a file on the legality of the CD. You should read it.
  2. What about a version for platform X?
    We'd love to add more platforms that are likely to be used by Cambridge folk away from home. We need two things: (a) access over the network to a system of that platform where we can compile the program and (b) some information about what user-level access to the CD drive is provided. Mail us.

This page maintained by Unix Support.
Last modified: 2001-05-21 by RJD.

Change history:
2001-05-21: Change to refer to version 05.
2000-02-11: Change to refer to version 04.
2000-01-26: Added link to raw CD image.
1999-11-19: Change to refer to version 03.
1999-07-13: Original version.