Transition To Secure Remote Access

The Computer Systems Lab transitioned from insecure remote access (such as telnet and ftp, which transmit passwords over the network without encryption) to only allowing secure remote access. This document describes that transition and the steps users need to take in order to continue to remotely access CSL facilities.

Several other computing facilities on campus are undertaking a similar transition.

Introduction

Regular telnet and ftp connections transmit your password over the net in "plaintext" -- your password is not encrypted or protected in any way. It is possible for others to eavesdrop on the network and capture your username and password.

With your username and password, they can then easily use your account, reading or changing your files, electronic mail, etc.

The CSL supports two packages to provide secure remote access: Kerberos and SSH. Both use strong cryptography to protect your passwords and other data. Kerberos telnet and Kerberos-authenticated POP (the Post Office Protocol, for retrieving email from a server) are the default within the CSL network, but are difficult to install and configure at home. Therefore, we are recommending SSH (instead of kerberos) for use from home and other sites.

Getting Started With SSH

• For instructions on downloading, installed and using SSH on computers at other sites (including at home), please see: SshHowTo.
• For answers to frequently asked questions about using SSH with CSL computers, please see: SshFAQs

Transition Strategy And Key Dates

All plain-text telnet and FTP have been disabled.