Edmund A. Hajim  School of Engineering and Applied Sciences

Secure Shell within HSEAS

We strongly recommend that all HSEAS members begin using Secure Shell technology for connections to HSEAS hosts, both internally and externally.

Telnet, rlogin, ftp, rsh and rcp all connect in the clear - any password you enter is passed over the network in clear text, and all transactions between your computer and the computer to which you are connecting are passed in clear text. There is no guarantee that these transactions are not being observed.

In addition, telnet especially has proven to be a problematic and weak protocol. There are frequent exploits discovered that permit unscrupulous individuals to make use of those security holes to comppromise individual accounts and even to gain root/administrator control of a host.

Like many UR departments (and other non-UR sites) we are considering disabling telnet access on all systems within HSEAS. Initially, we will disable telnet from hosts outside of the UR. This may not be possible for all hosts, so those hosts without access control will simply have telnet service turned off.

Secure Shell software is available in both commerical and freeware packages. Some operating systems, such as Linux and MacOS X have secure shell programs available either by default or as an install-time optional package. The recommended package for Windows is a package called Putty which is available from the programmer or locally. Note the local version may be a bit older than what the programmer is offering. Macintosh users (prior to MacOS X) can use MacSSH which again is available from the developer or locally

We also have some local usage documentation available for both Windows and for MacOS hosts.

Last modifed: Thursday, 07-Apr-2011 09:24:35 EDT