SSH on OCCS

Access to OCCS

Interactive Shell | File Copying | E-mail

Problem:

Telnet, FTP, POP3, IMAP and rsh/rlogin all send your username and password over the internet/network in clear text. If someone wants to get your username/password badly enough, they can listen and record them, or if you are connection from the internet, anyone between your ISP and OCCS can record them. Once a cracker has a single username/password combination they can log onto OCCS and proceed to do nefarious things, including but not limited to:

tampering with your files/mail

get encrypted passwords of other users

gather information about OCCS and the network around it to try to gain access to other machines.

even if you really don't care about your files or account, you should take precautions with your account so that the machine and network are at less risk from inside hackers--these are the responsibilites of having an account on OCCS.

Solution:

There are multiple means of accessing OCCS via secure, encrypted channels.
Secure Shell (ssh) is the only means of logging into OCCS for an interactive shell.
For remote file transfering, Secure FTP (SFTP) is available, as well as Secure Copying (scp).
For remote mail access both POP3 and IMAP are available over SSL encryptions.
Also web-based mail is available over a secure web server at https://occs.cs .oberlin.edu/mail
These secure methods of accessing OCCS are the recommended ones, and may soon be the only methods of access.

SSH client software:

Java Applet: Start MindTerm v.1

Windows
- PuTTY
- TeraTerm has X forwarding to your local machine (SSH version 1 only)
  unzip to your program files and make a shortcut to the ttssh.exe program
- ssh.com has clients available for download--just select the mirror site you want and download.

Macintosh (Classic)
- NiftyTelnet SSH/SCP 1.1r3 (SSH version 1 only)
- MacSSH 2.1fc1 PPC; MacSSH 2.1fc1 68K (SSH version 2 only)

Unix
- Source code:
  - OpenSSH 3.4p1
  - OpenSSL 0.9.6g (needed to build OpenSSH)
- Many recent Linux and BSD distributions, (including Mac OS X) include SSH software (often OpenSSH) by default.
- ssh.com has clients available for download--just go to the store and download the Non-Commercial version.

Secure File Copying / Secure FTP ing:

Windows
- WinSCP: a Secure Copy (scp(1)) program for Windows implemented with PuTTY
- local copy of WinSCP
- PSFTP A SFTP command-line client
- PSCP A Secure Copy command-line client
Macintosh (Classic)
- NiftyTelnet SSH/SCP Allows basic Secure file transfers.
- local copy of NiftyTelnet

Secure remote e-mail reading (IMAP/POP3 over SSL):

OCCS has Secure IMAP (Internet Message Access Protocol) and POP3 (Post Office Protocol v3) access available over SSL encryption on ports 993 and 995, respectively. This allows you to check your email from a remote client without sending your password in the clear-text across the internet. Many popular browsers support this: Eurdora, Netscape/ Mozilla mail, pine, mutt, OS X's Mail, Outlook, Outlook Express, and more. To get this working (very basically) you just need to specify that you want to connect securely to the mail server for pop/imap (not smtp). If you have questions or problems connecting, feel free to email me.

Information about IMAP: Everything you wanted to know about IMAP.