Using ECF from Home

Here are some quick instructions for working on ECF from home.

Telnet

You shouldn't use telnet anymore. Telnet is very insecure because your password is typed over the internet in unencrypted form, so any eavesdroppers (and, yes, there are many) between your home and school can capture your password. There are packet sniffer programs created to do this. Telnet access to ECF will be turned off very soon.

SSH

SSH FAQ The preferred way to access ECF is via ssh. What ssh does is it first establishes a secure, encrypted communication channel between your computer and ECF. Anything you type, including passwords, will be encrypted before they are sent over the Internet. How can this be done without ever typing a password? It works using a public-key cryptosystem. With this encryption model, you must be able to trust that the other computer is actually ECF and not an imposter. Once you establish this trust, the two computers exchange public keys, which are specially computed, nearly-random numbers. Like their name implies, public keys can be given away freely without fear of losing security. Each computer also has a private key, which should be held as a closely guarded secret. The public and private keys act as an encryption/decryption pair: you encrypt with either one, and can only decrypt the message with the other. If your computer encrypts messages with the skule.ecf public key, only skule.ecf can decrypt it. Therefore, it is essential that you get the public key from skule.ecf and not an imposter the first time.

On your first connection, your ssh program should ask if you wish to add the ECF computer as a known host. It is important for you to say yes. This way you will be warned if an imposter ever tries to take its place -- its key will not be in your list of known hosts. It is possible that skule.ecf generates a new public/private key pair, such as when the operating system gets reinstalled. When this happens, it may appear like there is an imposter, because the new keys aren't part of your known hosts. This should be infrequent, and you will likely get adequate warning from ECF staff when these events occur.

Neither Windows nor Red Hat Linux (before release 7.0) come with ssh, so you'll have to install them yourself.

SSH for Windows

Under windows, I prefer to use the TeraTerm terminal program with an ssh add-on. There is also a command-line version containing scp, which is included below.

Command-line ssh/scp for Windows 95/98/NT

(note: this text was taken and modified from http://www.orie.cornell.edu/~nedwards/externalaccess.html#winscp)

To install scp for Windows 95/98/NT, the following files must be download from the web:

ssh-1.2.14-win32bin.zip. Another location for this is <URL:ftp://ftp.net.ohio-state.edu/pub/security/ssh/contrib/>.
An unzip program, such as pkunzip.

To install scp for Windows 95/98/NT:

Copy ssh-1.2.14-win32bin.zip and pkunzip.exe to C:\WINDOWS or C:\WINNT as appropriate.
Start an MSDOS command prompt.
At the command prompt, unzip the archive to the C:\WINDOWS directory:
- cd c:\windows
- pkunzip ssh-1.2.14-win32bin.zip

To use scp for Windows 95/98/NT:

Start an MSDOS command prompt.
The scp program needs to have a home directory it can write to. This can be C:\ or somewhere else. I'll assume C:\
Set the home directory variable: set HOME=C:\
Use scp as follows:
scp filename.java user@skule.ecf.utoronto.ca:filename.java

SSH for Linux

Under Linux, you'll have to download an ssh package and install it. You probably want an ssh1 package, not an ssh2 package. Here is one ssh package, available for a variety of UNIX variants:

openssh

Using SSH

SSH uses TCP/IP port 22 to communicate, don't change this. You will provide it with the name of a computer you wish to communicate with, such as skule.ecf.utoronto.ca or p43.ecf.utoronto.ca. If you have trouble opening up a session to the ECF Linux computers, try going to skule.ecf first.

Once you are connected to an ECF computer, you can use ssh on the command line to connect to other ECF computers. When you are done, you should type ``exit'' to end that session. This will bring you back to skule.ecf and ends the ssh program.

skule.ecf% ssh p43
[.... long login message deleted...]
p43.ecf% exit
exit
Connection to p43 closed.
skule.ecf%

You can start other programs on another computer using ssh, or you can even copy files back and forth from your home computer. Try running the command ``hostname'' on p9.ecf:

p43.ecf% hostname
p43.ecf
p43.ecf% ssh p9 hostname
p9.ecf
p43.ecf%

You can also try copying a file using ``scp'', or secure copy. If you are on your home computer running Linux, try this:

computer.home% scp user@skule.ecf.utoronto.ca:/share/copy/aps105/Hello.java Hello.java
user@skule.ecf's password: 
Hello.java           100% |************************************************|   100       00:00    
computer.home% ls
Hello.java
computer.home%