Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices.
Used primarily on Linux and Unix based systems to access shell accounts and X11 applications, SSH was designed as a replacement for TELNET and other insecure remote shells, which sent information, notably passwords, in plaintext, leaving them open to interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH comes installed on Apple computers running OS X.
Machines in EIT that support SSH sessions:
- shell.seasad.wustl.edu - Linux server for Engineering student academic use
- ssh.seas.wustl.edu - Research and class server for Engineering
To start the SSH connection, select Quick Connect. Enter the Host Name you want to connect to and your User Name. In the next pop-up window enter your Password.
Users of Cloud Cluster may want to have X11 applications displayed on their desktop. You will need to set up the following:
- X11 tunneling
- X11 server on your desktop (cygwin (free) or Exceed).
EIT runs a monitoring daemon on every publically-accessible SSH host that will deny IP addresses if that IP address generates too many bad logins. This reduces the chances for random account lockouts, denial of service attacks and brute-force password guessing.
If a host begins to deny an IP address after entering an incorrect username or password too many times, please use the VPN, which will give you an internal IP address that is automatically whitelisted by the daemon. You may also receive an IP address from your Internet service provider that has already been blocked due to a previous user having a malware-infected machine. The IP block will time out after a period of days. If VPN use is impossible, EIT can temporarily whitelist the IP address.
An alternative to using passwords is to setup SSH keys. SSH keys are authenticated locally via a passphrase, then the keys are used to log you in to other systems that you have placed your public key on.
EIT regrets any inconvenience these security measures may cause. SSH attacks are now a common attack vector on the Internet and EIT recommends firewalling SSH and using the VPN exclusively for all hosts in Engineering. This daemon is not run on firewalled hosts.