[SSH]Safe terminal access

While connecting to Unix server over network using telnet or ftp both username and password are sent in clear text form. Your credentials may be intercepted. This is a real problem. Anyone can connect to Ethernet type network and monitor traffic. Even switched network doesn't prevent this threat. The same applies when connecting over Internet. The sniffing device may be present anywhere on the route from the source to the destination network.

ssh

All servers at FIT do support access using ssh (slogin). ssh program is complete replacement of telnet and provides secure encrypted connection to the server. Program ssh is available for Unix-like systems at http://www.openssh.org/. It is common part of present Linux and BSD systems. When connecting to faculty servers from Unix systems just use ssh or slogin.

ssh on Windows 7/8/10

Putty

See http://www.chiark.greenend.org.uk/~sgtatham/putty/. Putty package contains ssh, scp and sftp as well. Users of faculty network at FIT may find it on network drive Q:\netapp\putty. Putty may be used for remote access to faculty servers (port forwarding).

Example: Some NAT servers forward packets to different servers from different IP adresses. This may cause problems with central authentication servers which includes CAS at FIT. The problem may be solved by port forwarding in Putty, just add: Change Settings -> Connection - SSH - Tunnels -> Source Port: 1234, Destination: IP address:443, check Local, Auto -> click on Add.
Note: use IP address of destination server, DNS name cannot be used.
Now the web server may be accessed at local address localhost:1234. For other servers use different local ports (1235, 1236, etc.). Port mapping may be added during the established connection also but cannot be saved. Permanent port mapping can be configured using: Load session -> configure mapping - see above -> Save session.

Android, iOS

You can install ssh in mobile oprations systems from application store. There are several implementations, eg. Connectbot for Android and Termius for iOS. Just try and choose the one you like best.

Some other possibilities

Some other Windows ssh applications are described at http://wiht.link/ssh-putty.

WinSCP and SFTP

File transfer over network with FTP is not secure either since all communication including user credetials is transfered in clear text. Unix-like systems contain secure alternatives, scp and sftp. In Windows you may use either free WinSCP or commandline applications pscp and psftp from Putty package.

IMAP4, POP3, Web, SMTP

User credentials (name and password) is sent in clear text whenever you try to access mailbox, protected web page or submit mail. All these services now are able to communicate over secure encrypted channel SSL. Therefore you should always use secure version, to access mailbox over IMAP use SSL (port 993), mailbox over POP3 with SSL (port 995), web over HTTPS (port 443) and submit mail on port 587 with STARTTLS or port 465 with SSL.

Back to Importatn information and guides

Your IPv4 address: 54.156.39.245
Switch to IPv6 connection

DNSSEC [dnssec]