Using SSH instead of telnet

Introduction

Many people are accustomed to using the legacy telnet protocol for connecting to UNIX servers, especially the campus "main" server (aka "suma3"). The problem with telnet is that it was designed during a different age in computing, when users and systems were trusted implicitly as part of a community of computer users. Information was transmitted "in the clear" across networks as there was no need to worry about that information being used maliciously. Examples of the infomation transmitted across the network in this way are: usernames, passwords, document text and email content.

Sadly, the days of implicit trust have passed and now the computing environment is a potentially dangerous place. Some users target others in order to gain information about them, or to be destructive or mailicious. Another method of information transfer across networks is required.

SSH, the "secure shell"

Telnet is now referred to as an insecure method of network connection. In 1995 a new method called SSH (secure shell) was released. This became the new standard in network connection protocols and was the basis for the current open-source system released in 1999. SSH replaces telnet, as well as the less common RSH (remote shell) and rlogin (remote login) methods.

Telnet is now only used as a network diagnostics tool by systems administrators. It should not be used for any other reason. IT Services do not approve the use of telnet for connecting to servers.

Pre-requisite to using SSH

In order to use SSH instead of telnet, you need to install an SSH client. All operating systems other than those from Microsoft Corporation come pre-installed with an SSH client based on OpenSSH. Users of the Windows operating system family should install a client which suits their needs. For many this is PuTTY, so called because you use it to "make windows work" and TTY has always been used as short-hand for a terminal.

PuTTYmay be obtained for free from the developer's website: http://www.chiark.greenend.org.uk/
~sgtatham/putty/. The download page contains a link for a "windows-style installer" which will be the best choice for almost everyone.

Using PuTTY instead of telnet

There are two main ways of using PuTTY instead of telnet: from a command prompt, or from the PuTTY program. Each method is described below.

Method 1: The command prompt

Run the following from a Windows command prompt (aka a DOS prompt if using Windows 95/98/Me).

"c:\program files\putty\putty.exe" -ssh campus_username@campus_servername.rdg.ac.uk

If using Windows 2000/XP, you may enter your username as %username% and it will automatically enter yours for you. For example, to connect to main:

"c:\program files\putty\putty.exe" -ssh %

username%@main.rdg.ac.uk

Note that this will only work if you're logged in to your Windows 2000/XP PC with your campus username.

If you connect to a particular server regularly, with the same username, you could place the above command line in a Windows batch file so that you don't need type the above again. Simply run your batch file instead.

Method 2: The PuTTY program

Run the PuTTY program from your start menu. A window like this will appear (the section of interest is highlighted):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PuTTY will default to telnet for the connection protocol so after typing in your hostname select the SSH option and then press the Open button. The port number is changed for you automatically when you select SSH. If this is to be a regular session you can enter a session name in the box below (for example "Connection to main") and press Save.

The SSH connection

Once you've connected to your server by either of the methods above, a security alert message will appear the first time you make an SSH connection similar to this:

 

 

 

 

 

 

 

 

This is no cause for alarm until the second time you see it for a particular server from a particular client. All it means is that your locally installed PuTTY has never seen this server's security key, so either you've never used PuTTY on this particular client to connect to this server before or the server's key has changed since you last connected. In the latter case, you should contact the adminstrator who runs the server you're connecting to (typically its-help@reading.ac.uk) as its security may have been compromised. Server security keys are seldom changed.

After you've accepted the connection, a black window will appear prompting you for your username and password:

Once authenticated you may continue to work as normal, just as if you were connected via telnet. The only difference is that now the information you are transmitted across the network is encrypted and can not be observed without extraordinary effort.