Accessing Universe (Cosmos and Eric)

1. SSH, SCP and SFTP

Cosmos and Eric should be accessed via SSH, SCP and SFTP. SSH and friends are a protocol suite of network connectivity tools that encrypt all traffic, including passwords, in order to eliminate eavesdropping, connection hijacking, and other network-level attacks.

SSH, SCP and SFTP clients may be freely downloaded from the Internet (see details below) for both MS Windows and Unix (Solaris and Linux), though most (all?) Linux distributions comes with an SSH client already installed.

SSH, or the Secure Shell, is roughly-speaking, encrypted Telnet, i.e., offers a secure method of logging on to a remote machine; SCP and SFTP offer secure methods of copying files to and from remote machines, SFTP being similar in functionality and usage to the more familiar FTP.

Accessing Universe: To access Universe (Cosmos and Eric), a recent client which supports the keyboard-interactive mode of authentication will be necessary (and this must be selected as the preferred method, or at least on the list of methods attempted). Clients not supporting this mode will not be able to authenticate.
Using X-Windows (eXceed, XFree86) With SSH: See below.

For each client mentioned below, the number is given of a version which is known to authenticate to Cosmos and Eric successfully; it is expected that later versions will also work.

1.1. Solaris and Linux

There are two SSH (and SCP/SFTP) clients which are in common use: that from SSH Communications Security and the OpenSSH client. Both are simple but effective command-line utilities.

1.1.1. SSH Communications Security (v3.2)

This client is available for free download from www.ssh.com (follow the links to: Download, Secure Shell for Workstations, Non-commerical downloads): the source is available so that binaries can be compiled up for Linux and Solaris (experience shows that the source builds with no problems using GCC via the usual three steps, ./configure, make and make install).

Authentication Method

The default authentication configuration may need to be changed (either to prevent authentication attempts by a method which will fail, or to ensure that the correct method is attempted). The configuration is usually contained within /etc/ssh2/ssh2_config --- change this

    AllowedAuthentications   publickey,password

(or similar) to this

    AllowedAuthentications   publickey,keyboard-interactive,password

Usage for `ssh`

    local_prompt> ssh <remotehost> -l <username_on_remotehost>

for example

    powell> ssh cosmos.umist.ac.uk -l mnopqrs1
    PAM authentication
    Password: 
    Last login: Tue Dec 10 2002 09:50:52 from powell.csu.umist.
    ...
    ...
    cosmos>

The first time you connect via ssh you may see something like this:

    The authenticity of host 'cosmos (130.88.99.10)' can't be established.
    DSA key fingerprint is 1f:eb:8b:2a:6c:38:04:30:ea:b9:e2:12:db:53:d9:7c.
    Are you sure you want to continue connecting (yes/no)?

Assuming you believe that you have truly connected to cosmos, then answer yes! You will not see this question again.

Usage for `scp`

    local_prompt> scp <file_to_send> <[email protected]>:<remote_path>/<remote_filename>

for example

    talby> scp printtest.txt.ps [email protected]:tmp
    warning: Need basic cursor movement capability, using vt100
    .
    .
    Keyboard-interactive:
    PAM authentication
    Password: 
    printtest.txt.ps               |   15kB |  15.4 kB/s | TOC: 00:00:01 | 100%
    talby>

Usage for `sftp`

    local_prompt> sftp <[email protected]><remotehost>

For example:

    talby> sftp [email protected] 
    Warning: Need basic cursor movement capability, using vt100
    .
    .
    Keyboard-interactive:
    PAM authentication
    Password: 
    sftp>

Once authenticated, sftp behaves, from the user point of view, just like any other FTP client.

The first time you connect you may see something like this:

    ...Host key not found from database.
    Key fingerprint:
    xilim-dukat-focam-havac-curuf-fosur-nyvac-bedef-rugys-zaler-byxex
    You can get a public key's fingerprint by running
    % ssh-keygen -F publickey.pub
    on the keyfile.
    Are you sure you want to continue connecting (yes/no)?

Responding with yes results in the

    Host key saved to /home/isd/.ssh2/hostkeys/key_22_cosmos.umist.ac.uk.pub
    host key for cosmos.umist.ac.uk, accepted by isd Thu Mar 20 2003 13:19:44

You will not see this again.

1.1.2. OpenSSH (v3.1p1-6)

This client is available for free download from www.openssh.org: binaries in RPM format are available for Linux; in addition the source is available so that binaries can be compiled up for Solaris. Binaries are also available from the RedHat site and its mirrors. Solaris binaries are available from sunfreeware.com.

Usage is as for the SSH Communications Security client.

The configuration is usually contained within /etc/ssh/ssh_config. According to the man page, the default authentication methods are, in order, hostbased, publickey, keyboard-interactive and password. Should the client initially attempt authentication by a method which fails, or fail to authenticate, edit the configuration file to change the defaults to include keyboard-interactive is tried and tried before failing methods, e.g:

    Host *
	ForwardX11 yes
        PreferredAuthentications publickey,keyboard-interactive

For more information see the man pages at the OpenSSH website.

1.2. MS Windows

1.2.1. SSH Communications Security (v3.2)

This client is available for free download from www.ssh.com. The default configured authentication method will fail --- choose keyboard-interactive.

1.2.2. PuTTY (v0.52 beta)

This client is available from free download from www.chiark.greenend.org.uk. The default configured authentication method will fail --- choose keyboard-interactive

...cont's

next...

About this document:

Produced from the SGML: /home/isd/public_html/_cosmeric/_accessing_cosmos/_reml_grp/index.reml
On: 5/7/2004 at 13:45:40
Options: reml2 -i noindex -l long -o html -p multiple