Learning to Live Without

Telnet and FTP













Terry Gliedt
$Date: 2002/02/07 21:03:39 $
$Revision: 1.5 $







Who Is Affected ?


 

  • All Users of SPH Unix Systems

    • From Your Office at UMICH

    • Working from Home

    • Using a Laptop on a Trip

    • Using a Machine from Some Other Location

      • While Visiting Some Place

      • FUSIONeers at NIH, USC etc.






What's Going On ?


 

  • Remove From SPH Unix Systems

    • Ability to TELNET into SPH Systems

    • Ability to FTP into SPH Systems





    • You may continue to telnet/ftp from SPH Systems

    • This does not affect UMICH users using EXCEED to access an SPH system.






Why ?


 

  • Make SPH Systems More Secure

    • Telnet and FTP send password in clear text which can be sniffed

    • Goal to remove clear text passwords outside SPH


When ?


 

  • Around mid-March

  • We can influence conversion date






How ?


 

  • Stop Using TELNET and FTP Now

  • Start Using SSH, SCP and SFTP


What Software is Available ?


 
  • On Unix, use 'ssh' and 'scp'

    • Exist on all UMICH Unix systems

    • Supports X11 tunneling

    • Non-UMICH Unix users, contact your local support

  • PUTTY

    • Small - can fit on a diskette. Good candidate if on trip.

    • Slightly sparten, no real install

    • Does not support X11 tunneling

    • Get from putty.zip and unzip

  • SSH Secure Shell

    • University License

    • Normal Windows Install Process

    • Supports X11 tunneling

    • Normal Windows Install Process. Get SSHWinClient and run

  • SFTP

    • Graphical FTP(many choices)

    • One available with SSHWinClient


Screen Shots - Unix





#    Copy file from compute11 to my machine
~> scp compute11:/group/boehnke/fusion/tpg/test.file .
The authenticity of host 'compute11.sph.umich.edu (141.211.50.128)'
can't be established.
RSA1 keu fingerprint is 76:a6:c4:c1:6f:19:0f:1a:29:18:fb:cb:56:cb:86.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'compute11.sph.umich.edu,141.211.50.128'
(RSA1) to the list of known hosts.
tpg@compute11.sph.umich.edu's password:
test file            100% |*****************************|   734       00:00

#    Copy file from my machine to compute11 
compute11:~> scp test.file compute11:/group/boehnke/fusion/tpg/test.file .
tpg@compute11.sph.umich.edu's password:
test file            100% |*****************************|   734       00:00

#    Copy a directory to compute11 
~> scp -r test compute11:/group/boehnke/fusion/tpg/test
family.ldif          100% |*****************************| 11885       00:00    
mailinglist.ldif     100% |*****************************|  2789       00:00    
tpg.ldif             100% |*****************************| 23893       00:00    
bookmarks.html       100% |*****************************| 29319       00:00    
business.ldif        100% |*****************************|   557       00:00    
reference.ldif       100% |*****************************|  4741       00:00    
umich.ldif           100% |*****************************|  8970       00:00    

#    Run X-based programs on compute11, display on your machine
compute11:~> xterm &




#    Issue command run on compute11
~> ssh compute11 ls -R /group/boehnke/fusion/tpg/test
tpg@compute11.sph.umich.edu's password: 
/group/boehnke/fusion/tpg/test:
test/

/group/boehnke/fusion/tpg/test/test:
t/
t1/

/group/boehnke/fusion/tpg/test/test/t:
bookmarks.html
business.ldif
reference.ldif
umich.ldif

/group/boehnke/fusion/tpg/test/test/t1:
family.ldif
mailinglist.ldif
tpg.ldif


#    Secure telnet to compute11
~> ssh compute11
tpg@compute11.sph.umich.edu's password: 
Last login: Wed Feb  6 14:06:57 2002 from compute11.sph.u
Sun Microsystems Inc.   SunOS 5.7       Generic October 1998

Important information about SPH UNIX systems for new users
                   ---> http://www.sph.umich.edu/phisa/tech/unix/new_user.html

Which UNIX machines should you use?
                   ---> http://www.sph.umich.edu/phisa/tech/unix/machines.html

UNIX Software List and Manuals
     Solaris 8     ---> http://www.sph.umich.edu/phisa/tech/unix/software8.html
     Solaris 7     ---> http://www.sph.umich.edu/phisa/tech/unix/software7.html

All SPH Online Network and Computing Documention
                   ---> http://www.sph.umich.edu/phisa/tech/docs.html

Need to ask a question or report a problem? Send email to sph.help@umich.edu
~>


Screen Shots - PUTTY


PUTTY Setup

Double click on 'putty.exe' and see this screen. You can set all sorts of things like host, unipname, fonts and colors and save these as a 'session'. This can be a little tricky as you must select the various settings using the tree on the left to navigate and then before doing anything, return to this screen and select the SAVE button. Don't forget to set the Protocol on this screen.

Once you have your sessions saved, when this screen appears, just double click the session and you're off!



PUTTY Fingerprint

The first time you attempt to connect to a machine, you'll be notified this machine has not been seen before and told the 'fingerprint' of the machine. In some very secure world someone might pay attention to this. We won't. Answer 'yes'.





PUTTY SSH Session

This should look pretty familar. If you did not set the uniqname field in the session, you'll be prompted for a userid and then something like this. If you look carefully, you'll notice this is not the same prompt as a normal telnet login. That's your hint you are using SSH.




Screen Shots - SSH Secure Shell


SSS Icons



After installing SSH Secure Shell, you should see these icons on your desktop.

SSS Start







After double clicking on SSH Secure Shell Client this is what you'll see. Select Quick Connect or Profiles to start a session.

SSS Quick Connect

Quick Connect allows you to specify the host and uniqname, but does not save anything.

SSS Profile

Selecting Profiles provides you a mechanism to set the host, uniqname, fonts, size etc. and then save the values.



SSS X11 Tunneling

On the Tunneling tab, you will find a checkbox to enable Tunnel X11 connections. Check this if you want to be able to use X11 applications (xterm, nedit etc.) in a secure mode (e.g. all X11 packets are sent via the encrypted SSH session which means no one can sniff them). You may not want to use this from home if your Internet connection is slow (<= 56kbps).



SSS Fingerprint

The first time you attempt to connect to a machine, you'll be notified this machine has not been seen before and told the 'fingerprint' of the machine. In some very secure world someone might pay attention to this. We won't. Answer 'yes'.




Screen Shots - SSS SFTP


SSS FTP You may bring up SFTP in two ways.

  1. If you are already logged in using SSH Secure Shell Client, select the New File Tranfer Window icon.
  2. If you are not using SSH Secure Shell Client, double click on the SSH Secure File Transfer icon and go through a login process very similar to the SSS Shell Client.

Once logged in, you'll see this. To down load a file to your Windows machine, rightclick on the file, select Download and go from there. To Upload a file, from the menu select Operation and then Upload.