Faculty of Information Technology, BUT

While connecting to Unix server over network using telnet both username and password are sent in clear text form. Your credentials may be intercepted.

ssh

All servers at FIT do support access using ssh (slogin). ssh program is complete replacement of telnet and provides secure encrypted connection to the server. Program ssh is available for Unix-like systems at http://www.openssh.com/. It is common part of present Linux and BSD systems. When connecting to faculty servers from Unix systems just use ssh or slogin.

ssh on Windows 7/8/10

Putty

See http://www.chiark.greenend.org.uk/~sgtatham/putty/. Putty package contains ssh, scp and sftp as well. Users of faculty network at FIT may find it on network drive Q:\netapp\putty. Putty may be used for remote access to faculty servers (port forwarding).

Example: Some NAT servers forward packets to different servers from different IP addresses. This may cause problems with central authentication servers which includes CAS at FIT. The problem may be solved by port forwarding in Putty, just add: Change Settings → Connection - SSH - Tunnels → Source Port: 1234, Destination: IP address:443, check Local, Auto → click on Add.
Note: use IP address of destination server, DNS name cannot be used.
Now the web server may be accessed at local address localhost:1234. For other servers use different local ports (1235, 1236, etc.). Port mapping may be added during the established connection also but cannot be saved. Permanent port mapping can be configured using: Load session → configure mapping - see above → Save session.

Android, iOS

You can install ssh from application store. There are several implementations, eg. Connectbot for Android and Termius for iOS. Just try and choose the one you like best.

WinSCP and SFTP

File transfer over network with FTP is not secure either since all communication including user credentials is transferred in clear text. Unix-like systems contain secure alternatives, scp and sftp. In Windows, you may use either free WinSCP or command line applications pscp and psftp from Putty package.

Setup RSA key for SSH authentication

How to set up SSH RSA keys for login between servers and PCs without typing password (other option is SSH agent):

  • On the machine from which you would like to login, you have to run ssh-keygen. This will generate two files, private key in $HOME/.ssh/id_rsa and public key in $HOME/.ssh/id_rsa.pub. When asked for password, just type <ENTER> and do not input any value! Keys are stored in your home directory and your are the only one who can access them. More secure solution will be using SSH agent to save keys, which will allow password-less login even if you have password on your key.
    ssh-keygen
    
  • In the next step, add content of $HOME/.ssh/id_rsa.pub into the file $HOME/.ssh/authorized_keys on server, where you want to login. With shared $HOME you can do this with (or copy the file id_rsa.pub to destination server):
    scp ~/.ssh/id_rsa.pub login@remove_server:
    ssh login@remove_server
    mkdir ~/.ssh     # if doesn't exist
    touch ~/.ssh/authorized_keys # if doesn't exist
    cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
    
  • Repeat the last step for all servers that you want to access this way.

SMTP, IMAP4, POP3, Web

User credentials (name and password) is sent in clear text whenever you try to access mailbox, protected web page or submit mail. All these services now are able to communicate over secure encrypted channel SSL/TLS. Therefore you should always use secure version, to access mailbox over IMAP use SSL (port 993), mailbox over POP3 with SSL (port 995), web over HTTPS (port 443) and submit mail on port 587 with STARTTLS or port 465 with SSL.

Back to guides

Comments to this page should be sent to lampa@fit.vutbr.cz

Back to top