Athena Dialup Service -- SSH


SSH is a popular program used to securely connect between UNIX machines. It does not generally use Kerberos, although later versions include that as an option.

Generally, ssh involves users generating public/private key pairs and using them to authenticate: however, on the dialups, the sshd will ask you for your password instead. (The reason for this is that you need to get Kerberos tickets to be able to do things like read your files and incorporate your mail, and you can't get tickets without typing your password.)

To use ssh to connect to the dialups, just do:


      ssh athena.dialup.mit.edu

If your username on the machine you're connecting from is not the same as your Athena username, you'll need to use the -l option:

      ssh athena.dialup.mit.edu -l cmvest

The first time you connect, ssh will tell you:

      Host key not found from the list of known hosts.
      Are you sure you want to continue connecting (yes/no)? 

Type `yes'. It will respond:

      Host 'athena.dialup.mit.edu' added to the list of known hosts.
      cmvest's password:

Type your password now. (ssh always encrypts your connection, so it's safe to type it here.)

If you connect to x.dialup, it will arrange to have your X connection go through the encrypted ssh connection so that you can securely run X applications remotely. (If you connect to a non-X dialup, your client will probably try to negotiate this option anyway, and print an error when the dialup doesn't allow it to.)

For secure file transfer, use scp, which works like rcp:


      scp localfilename athena.dialup.mit.edu:/path/to/remotefilename
or
      scp athena.dialup.mit.edu:/path/to/remotefilename localfilename

or, if you need to specify a different username:

      scp cmvest@athena.dialup.mit.edu:/path/to/remotefilename localfilename


What if I can't install an ssh client on my machine

You can use MindTerm SSH to connect to athena.dialup.mit.edu securely, if your browser includes Java support (please use this page instead if you are using Netscape on a Macintosh.) You should use Netscape version 4.06 or higher for best results.


Where can I get ssh?

Refer to http://web.mit.edu/dialup/www/ssh.html for more information about ssh resources and programs available at MIT.


I'm incredibly paranoid! How do I know that someone isn't spoofing me into accepting the wrong host key the first time I connect?

Theoretically, someone could trick you into accepting a false key the first time you try to connect to one of the dialups, and use this to capture your password. The odds of this are extremely, extremely low, but in case you're concerned about it, here is a copy of the athena.dialup.mit.edu host keys, PGP-signed by Jeff Schiller:

-----BEGIN PGP SIGNED MESSAGE-----


This is the athena.dialup.mit.edu SSHv1 host public key:

1024 37
14088305932920843407789351869516705915084642102630137532195696800210308602133469521248445359465443702761477155937867988583555702801060812686354288484834763065943147677609
7116014879970972936032594697538636115052070611479504904315814116329123600621850783241923355319871906852673596174823275218894872497349538929

This is the SSHv2 DSA host public key:

ssh-dss
AAAAB3NzaC1kc3MAAACBAMLQjts009AqETUvRt3qgslba6ZhyapD0Syeen28buDgmyb9PN8sn51UjGjmIOVS/ZACWLxF00DmbIpETh1p3yKxDR+YhziWQaMqavW3XfI10gmEIpbM6DmeuEKjydoze9hoBQmm5Bw41CtchGM/vG
7PtOgDcuuvzEAH3RgWABLHAAAAFQDPZurGgeNz4VtcsmJabz36a1xzpQAAAIAEkwydnOcqkLh43+fe4PvZRcicycEsvfHg4SBpDdF9t+q7+VqPUO5kq2kZn5Ad+W/nN7yiJK6qwzpGKVE8HukpSm7LBLxXA8gZ+IwzEVRDMv5r
kX13BsJAacL9f7dfip1C5MpL0kcD9XiwF1JeG2sIPsiiA+c1EZty7bRgcFxe2QAAAIBEYkNTazJzw133jfi+hZB/37Nb0D8qlAC6KS4NaUuZhN1f6Q5CeRz9i+PV8dEH0ui3jhpfwzwGtxXipzJrD4NpzW7x50UWyC9Zf8JEtj
qlN8sVYvhDMTqFRrsgHsg9Lk+r+Rfy4+KBP31tWRQoWwck3IoeEyq9aXfgF+0ci0F4ww==

This is the SSHv2 RSA host public key:

ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAyIC4b705cYi5ppJuGvojY1Ux7zbWDUjAXBEPjpXY9uK2FqYLDNGL0wnSOD2l55M8GX+3Ks3/eJVvQFegOt3tzZRkfi52TPAE0FRF/zbi7nnODNSf/kHhuwQwHJCTAhDIujhgXAgscIIY/t
vllVyCrKEuWRAk58c5zAM4juS+MlM=


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUBPWqjmsUtR20Nv5BtAQF/QwP+NN3H6TcVNsCYtjDxPHsLFS2L8G2rUcr8
gS8Ce7sL4ykvLtBjyzXRUVW0rYNlNQ4qMCl5rK4Xh2SyPJmAwWtNpwbHL9bR/k70
57rB9eaQ/siDQApX/v44fNnQ7aQp9gytarpty4xds18dSlsy82+dW2syb4hvUpG0
ZNy2sIZ9Dvg=
=fSBu
-----END PGP SIGNATURE-----



bug-dialup@mit.edu

This page last updated: $Date: 2005/06/18 07:13:19 $ GMT by $Author: jweiss $.