Notes on the conversion to secure services

Notes on the conversion to secure services

As previously announced, telnet access and the "r-commands" have been disabled to hosts administered by LCSR.

As we move to secure services on the LCSR machines, the following notes should be helpful to users looking for hints.

SSH

First, where to get replacement software for telnet and the r-commands (rlogin, rsh, and (rcp). RUCS has documented where to get SSH for various platforms at
  http://www.nbcs.rutgers.edu/ssh/index.php3

Usage

Old commandNew command
telnet hostnamessh hostname
rlogin hostnamessh hostname
rsh hostname [command]ssh hostname [command]
rcp filespec hostname:scp filespec hostname:
We have arranged ssh to work within clusters without the need for a password. It also works between clusters based on a trust hierarchy.

xrsh replacement alias

xrsh, a shell script for running an xterm on a remote machine is based on rsh and will not work without it. A simple replacement alias can be placed in your .cshrc:
	alias	xssh	'(xterm -s -title "\!*" -e ssh \!* &)'

MAIL environment variable

Due to a bug in the sshd we are currently running on our Solaris machines, the MAIL environment variable us being set to /var/mail//username (note the extra "/" there). This confuses some mail readers. The following code in .login will repair this:
	setenv MAIL `echo $MAIL | sed 's;//;/;'`

PATH environment variable

The PATH environment variable is hardcoded into the sshd binary. Previously, we supplied your default path through a system configuration file. Some directories which were added to your path before are therefore not in your path when you ssh in. They are /usr/local/X11R5/bin (where some old X related software lives), /opt/SUNWspro/bin (where Sun compilers live), /usr/local/gnu/bin (where GNU software lives), /usr/ccs/bin (where make lives), and /usr/ucb (where some old commands such as whoami live). You probably want to add some of these to your path in .login. (See "Setting up your path" for details on how to do this.)

Public key access

Aside from host based access between designated clusters, there is a mechanism for password-less access to the faculty and research clusters. It is a slightly modified version of public key authentication available with regular SSH distributions (we control the keypairs), and is described at
    http://www.cs.rutgers.edu/~watrous/publickey-auth.html
This has been tested on the research cluster and will go into effect on the faculty cluster on or about June 1.
This page last updated June 3, 2004.