Notes on the conversion to secure services
Notes on the conversion to secure services
As previously announced,
telnet access and the "r-commands" have been disabled to
hosts administered by LCSR.
As we move to secure services on the LCSR machines, the following
notes should be helpful to users looking for hints.
SSH
First, where to get replacement software for
telnet
and the r-commands
(rlogin,
rsh,
and
(rcp).
RUCS has documented where to get SSH for various platforms at
http://www.nbcs.rutgers.edu/ssh/index.php3
Usage
Old command | New command |
telnet hostname | ssh hostname |
rlogin hostname | ssh hostname |
rsh hostname [command] | ssh hostname [command] |
rcp filespec hostname: | scp filespec hostname: |
We have arranged
ssh
to work within clusters without the need for a password.
It also works between clusters based on a
trust hierarchy.
xrsh replacement alias
xrsh,
a shell script for running an
xterm
on a remote machine is based on
rsh
and will not work without it.
A simple replacement alias can be placed in your
.cshrc:
alias xssh '(xterm -s -title "\!*" -e ssh \!* &)'
MAIL environment variable
Due to a bug in the
sshd
we are currently running on our Solaris machines, the
MAIL
environment variable us being set to
/var/mail//username
(note the extra
"/"
there).
This confuses some mail readers.
The following code in
.login
will repair this:
setenv MAIL `echo $MAIL | sed 's;//;/;'`
PATH environment variable
The
PATH
environment variable is hardcoded into the
sshd
binary.
Previously, we supplied your default path through a system
configuration file.
Some directories which were added to your path before are therefore
not in your path when you
ssh
in.
They are
/usr/local/X11R5/bin
(where some old X related software lives),
/opt/SUNWspro/bin
(where Sun compilers live),
/usr/local/gnu/bin
(where GNU software lives),
/usr/ccs/bin
(where
make
lives), and
/usr/ucb
(where some old commands such as
whoami
live).
You probably want to add some of these to your path in
.login.
(See
"Setting up your path"
for details on how to do this.)
Public key access
Aside from host based access between designated clusters, there is a
mechanism for password-less access to the
faculty
and
research
clusters.
It is a slightly modified version of public key authentication
available with regular SSH distributions (we control the keypairs),
and is described at
http://www.cs.rutgers.edu/~watrous/publickey-auth.html
This has been tested on the research cluster and will go into effect
on the faculty cluster on or about June 1.
This page last updated June 3, 2004.