While connecting to Unix server over network using telnet both username and password are sent in clear text form. Your credentials may be intercepted.
All servers at FIT do support access using ssh (slogin). ssh program is complete replacement of telnet and provides secure encrypted connection to the server. Program ssh is available for Unix-like systems at http://www.openssh.com/. It is common part of present Linux and BSD systems. When connecting to faculty servers from Unix systems just use ssh or slogin.
ssh on Windows 7/8/10
PuttySee http://www.chiark.greenend.org.uk/~sgtatham/putty/. Putty package contains ssh, scp and sftp as well. Users of faculty network at FIT may find it on network drive Q:\netapp\putty. Putty may be used for remote access to faculty servers (port forwarding).
Example: Some NAT servers forward packets to different servers from different IP addresses.
This may cause problems with central authentication servers which includes CAS at FIT.
The problem may be solved by port forwarding in Putty, just add:
Change Settings → Connection - SSH - Tunnels → Source Port: 1234, Destination: IP address:443, check Local, Auto → click on Add.
Note: use IP address of destination server, DNS name cannot be used.
Now the web server may be accessed at local address localhost:1234. For other servers use different local ports (1235, 1236, etc.). Port mapping may be added during the established connection also but cannot be saved. Permanent port mapping can be configured using: Load session → configure mapping - see above → Save session.
You can install ssh from application store. There are several implementations, eg. Connectbot for Android and Termius for iOS. Just try and choose the one you like best.
WinSCP and SFTP
File transfer over network with FTP is not secure either since all communication including user credentials is transferred in clear text. Unix-like systems contain secure alternatives, scp and sftp. In Windows, you may use either free WinSCP or command line applications pscp and psftp from Putty package.
Setup RSA key for SSH authentication
How to set up SSH RSA keys for login between servers and PCs without typing password (other option is SSH agent):
On the machine from which you would like to login, you have to run
ssh-keygen. This will generate two files, private key in
$HOME/.ssh/id_rsa and public key in $HOME/.ssh/id_rsa.pub.
When asked for password, just type <ENTER> and do not input any
value! Keys are stored in your home directory and your are the only one
who can access them. More secure solution will be using SSH agent to save
keys, which will allow password-less login even if you have password on
In the next step, add content of $HOME/.ssh/id_rsa.pub into
the file $HOME/.ssh/authorized_keys on server, where you want to
login. With shared $HOME you can do this with (or copy the file id_rsa.pub to destination server):
scp ~/.ssh/id_rsa.pub login@remove_server: ssh login@remove_server mkdir ~/.ssh # if doesn't exist touch ~/.ssh/authorized_keys # if doesn't exist cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
- Repeat the last step for all servers that you want to access this way.
SMTP, IMAP4, POP3, Web
User credentials (name and password) is sent in clear text whenever you try to access mailbox, protected web page or submit mail. All these services now are able to communicate over secure encrypted channel SSL/TLS. Therefore you should always use secure version, to access mailbox over IMAP use SSL (port 993), mailbox over POP3 with SSL (port 995), web over HTTPS (port 443) and submit mail on port 587 with STARTTLS or port 465 with SSL.
Comments to this page should be sent to firstname.lastname@example.org