Best Practices

Secure Shell (ssh) protocol replaces Telnet

Interactive login sessions into the University’s central UNIX computer systems are being upgraded to use secure protocols that support encryption.  Older protocols such as telnet and rlogin that transmit information across networks in “clear-text” (unencrypted) format have been associated with a high risk for eavesdropping activities.  Network devices that can intercept or simply “watch” information as it traverses a network can easily gather user identifier and password information, leaving user accounts susceptible to compromise.  (In fact, all clear-text session information can be gathered in this manner.)

The University has purchased a site license for the SecureCRT client, which supports the ssh (secure shell) protocol to provide encrypted interactive login sessions to UNIX systems.  The SecureCRT client is Windows-based, and operates the same as standard telnet clients to provide interactive logins, once session encryption keys have been exchanged.  

Macintosh machines can use the shareware NiftyTelnet 1.1 SSH r3 program (which also includes secure copy support) or use MacSSH for PowerMacintosh.

See the SSH Information Center for complete instructions for use of these programs.

Telnet and rlogin capability were disabled on all central UNIX systems on January 7, 2002.  The secure shell (ssh) service must be used to access UNIX-based systems for an interactive terminal session.   Note:  Web browsers and application-specific clients (i.e., PeopleTools) are *not* affected by this change.

The SecureCRT client can be obtained at the ITS software download site, located at http://helpdesk.its.uiowa.edu/software/ Installation and use instructions for the program are available with the installer at the download area.

For UNIX systems, use the “ssh remote.system.name” or “slogin remote.system.name” command in place of the “telnet remote.system.name” or “rlogin remote.system.name” command to create a session.  The first time a remote host is accessed, you must reply ‘yes’ to accept the remote hosts’ encryption key.   Note: The ssh service must be installed on your local UNIX host.  It can be obtained at http://www.ssh.com/  (UNIX-based secure shell licenses are FREE for University users.)  

For assistance, please contact the ITS Help Desk at its-helpdesk@uiowa.edu or call 384-HELP.

NOTE: Resources are available for a (free) secure shell service for Windows servers.  (This provides an encrypted command line interface into Windows systems for remote administration purposes.)  Please check out the following links for more information:   

• http://www.cygwin.com/

• http://web.mit.edu/pismere/ssh/ssh-port.html

• http://www.networksimplicity.com/openssh/

• http://tech.erdelynet.com/cygwin-sshd.asp

• http://www.certaintysolutions.com/tech-advice/ssh_on_nt.html

• http://www.lexa.ru/sos/

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.