College of Science
 Facilities @ Computer Science

• Computer Science
• About Us
• People
• Academic Programs
• Research
• News
• Calendar
• External Relations
• Resources
• Campus Map
• Facilities
• General Overview
• Conference Rooms
• Instructional Labs
• Remote Access
• Facilities Staff
• Emergency Support >>
• Systems Status
• ITAP Facilities >>
• FTP Server
• Help Pages
• Lawson Building
• Policies
• Strategic Plan
• Computer Sciences
  305 N. University Street
  West Lafayette, IN 47907
  Phone: (765) 494-6010
• Corrections & Updates

Remote access to CS Facilities

This information is intended for those with authorized access to CS Department Facilities only.

• Remote Shell Access
• Remote E-mail Access
• Remote Share Access

Please see 2004 ITaP restrictions for remote access to campus.

Please see 2002 CS restrictions for remote access to CS machines.

Remote Shell Access

NOTE (21 Feb 2005): There is a security vulnerability with versions of PuTTY prior to release 0.57. If you are using PuTTY, you should update to release 0.57 or later. The links below are for PuTTY 0.60

The CS Department UNIX systems accept remote shell access to authorized users via SSH. When configured and used properly it should provide reasonable authentication and security. Our servers support SSH1 and SSH2, but strongly recommend SSH2.

Most modern UNIX systems have SSH installed or freely available on the internet. Free Windows and Classic MacOS clients are less common. We make a couple available on this page as a convenience for our users.

NOTE: If you are a Purdue University faculty, staff or student, you can also get Purdue University Site Licensed Software from https://engineering.purdue.edu/PULS/. SSH and SFTP clients are available there.

Windows Client

A good freeware SSH2 (and SSH1) Windows client is Simon Tatham's PuTTY suite of programs. If you want only the SSH client, you can save putty.exe to your local disk and run it. Use one of the following scripts to add the appropriate registry entries to set SSH2 as the default protocol (recommended).

• Windows XP with IMAP, POP, NNTP and SMTP port forwarding
• Window 9x & NT with IMAP, POP, NNTP and SMTP port forwarding
• Windows XP, no port forwarding
• Windows 9x & NT, no port forwarding

(You should use the "port forwarding" script unless you do not have a firewall configured for your home machine or you know it will cause a conflict)

If you want the whole suite, you can download the ZIP file that contains PuTTY, PSCP, PSFTP, etc. along with documentation. Extract the contents into a directory of your choice, run the registry script (above) and then run the desired program.

PuTTY saves host keys in the Windows registry and does not use host keys stored in a file. However, we do make our our public host keys file available for manual verification. You can also get the public key fingerprints.

Classic MacOS Client

NOTE: MacOS X includes full SSH1 and SSH2 software. You should not need any additional software.

MacSSH is available from www.macssh.com. We have local downloads of MacSSH 68k.sit and MacSSH PPC.sit. If you need .hqx files, go to http://www.macssh.com to download them. MacSSH only provides SSH2 support. If you need SSH1 (for other sites), consider Jonas Walldén's NiftyTelnet 1.1 SSH r3.

Remote E-Mail Access

The CS Department UNIX systems now support SSL connections to the IMAP server. To use secure connections, you must configure the IMAP settings to use a "secure connection" (SSL). The actual method varies by program. If you need assistance with this, please check on SSL Email Client Configuration page or contact Facilities Software Staff.

Because we are not an official certification authority, we generated a "self-signed" certificate for each system. This means some browsers and mail programs are less willing to accept it. If this is the case with your program, you must go through the process of accepting the certificate the first time it is used for a secure IMAP connection. It also means you have to trust that the certificate is from our server.

To help provide verification of the server identity, you can get the server certificate fingerprint. You should compare this information with the certificate information provided by your browser or mail application during the acceptance operation.

NOTE: Microsoft Outlook does not like to accept self-signed certificates. Internet Explorer, however, has a mechanism to accept the certificate. If you are using Outlook, you need to first have IE install the certificate. You can do this by using IE to visit https://host:993 (where host is your CS mail server). You will not actually see anything, but will be prompted to view and install the certificate. Once you have done this, Outlook will then accept the certificate.

NOTE2: Under Microsoft Vista, IE must be running with administrator privileges to install the certificate. If it is not running with administrator privileges, you will not be given the opportunity to install the certificate. The certificate must be installed in the Trusted Root Certification Authorities store.

We also support SSL connections to our POP3 servers. Older browsers may not support SSL POP3 connections. If your browser or mail application does not support SSL, you can use SSH to tunnel a secure connection.

Remote Share Access

Access to CS SMB shares (served by Windows machines or Samba servers on UNIX machines) is only possible through a campus VPN connection or SSH tunneling. Visit the Purdue VPN Interface page for information on setting up a VPN connection with a Windows machine. For instructions on using SSH to tunnel SMB mounts with Linux, see our UNIX FAQ.

---

Facilities Software Staff