Who We Are
Computer Group Student Executives
Teaching Assistantships
Finishing Up
Computer Resources
Computers and Network Accounts
Keeping Informed
Running Jobs
Useful Software Available to Graduate Students
What To Do When You Need Some (Computer) Help?
Other Resources
Access Cards and Keys
Lab Security
Phone Numbers
Surface Mail and E-mail
Other Information
International Student Information

Security and Secure Shell (ssh)

A firewall protects the lab computers; for this reason nothing else than ssh connections (scp and sftp fit into that) are allowed from outside the department. Moreover, you can't reach directly your computer from the outside world: you have to go through either anubis, bastet, halfdome, isis, ra or zeep. The Secure Shell (SSH) is becoming the standard for remote logins and file transfer across the Internet. It encrypts all the connections, and provides a high level of protection against hacker attacks. SSH includes secure remote logins, secure file transfers, secure tunneling of X11 traffic, and secure access to e-mail over the Internet. Read the man pages for ssh and scp.

Running ssh isis.eecg from a local xterm will login a user into isis.eecg across a secure connection and forward the users X11 parameters. An X11 application can be then started on isis.eecg with no further setup (you may need to use 'ssh -X' to enable X11 forwarding when you establish your connection in the first place).

SSH protects against (from the README):

  • IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside.

  • IP source routing, where a host can pretend that an IP packet comes from another, trusted host.

  • DNS spoofing, where an attacker forges name server records

  • Interception of cleartext passwords and other data by intermediate hosts

  • Manipulation of data by people in control of intermediate hosts

  • Attacks based on listening to X authentication data and spoofed connection to the X11 server In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypt or play back the traffic, or hijack the connection.

A good source of information about using and installing SSH on various platforms is located here.

Please visit Dan Astoorian's excellent SSH resource page at: .

EECG graduate admin
Last updated June 2004