Athena Dialup Service -- SSH (original) (raw)
Please note: Effective Thursday, June 13, 2019, Duo two-factor authentication will be required for SSH access to the Athena Dialup servers
SSH access to the Athena Dialups is intended for interactive user sessions and is not intended for automated / unattended integration with Athena services such as AFS and Moira. If you require automated integration with Athena services, please contact the IS&T Service Desk for assistance.
SSH is a popular program used to securely connect between machines. Modern versions are capable of using Kerberos to authenticate.
Generally, ssh involves users generating public/private key pairs and using them to authenticate: however, on the dialups, the sshd will ask you for your password instead. (The reason for this is that you need to get Kerberos tickets to be able to do things like read your files and incorporate your mail, and you can't get tickets without typing your password.)
To use ssh to connect to the dialups, just do:
ssh athena.dialup.mit.eduIf your username on the machine you're connecting from is not the same as your Athena username, you'll need to use the -l option:
ssh athena.dialup.mit.edu -l cmvestThe first time you connect, ssh will tell you:
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? Type `yes'. It will respond:
Host 'athena.dialup.mit.edu' added to the list of known hosts.
cmvest's password:Type your password now. (ssh always encrypts your connection, so it's safe to type it here.)
For secure file transfer, use scp, which works like rcp:
scp localfilename athena.dialup.mit.edu:/path/to/remotefilenameor scp athena.dialup.mit.edu:/path/to/remotefilename localfilename
or, if you need to specify a different username:
scp cmvest@athena.dialup.mit.edu:/path/to/remotefilename localfilenameWhat if I can't install an ssh client on my machine
You can use shellinabox to connect to athena.dialup.mit.edu securely.
I'm paranoid! How do I know that someone isn't spoofing me into accepting the wrong host key the first time I connect?
Theoretically, someone could trick you into accepting a false key the first time you try to connect to one of the dialups, and use this to capture your password. The odds of this are low, but in case you're concerned about it, here are the fingerprints for the SSH keys in use on the dialup.mit.edu servers.
| Key Type | SHA256 Fingerprint | MD5 Fingerprint |
|---|---|---|
| ED25519 | ihCKzJhwUV5PjiiVJb+zMg6ZC7lQ9qgRZ9aFnqNBVVI | |
| ECDSA | vdKTKsJEHKZ3MrhAVpgSkhih3ddcNBYSdDpObAosTpQ | 98:98:11:5b:bc:70:9d:a5:65:85:5a:20:89:c8:94:c3 |
| RSA | HJmsF6v3cBT4RXj2JnB8TRXo7OZ5gaI7+TKf/1/0wq0 | 99:d8:44:46:3a:e8:ce:19:af:0a:cc:58:d1:b3:71:c2 |
| DSA | 0QreoWIjFYjjkbFMAdRrWbFYSzT1z/ygRS3Py6FGeIE | 87:ec:d9:ea:9d:29:fd:27:3c:b5:c6:87:c2:e4:46:50 |
This page last updated: Date:2019/06/0719:55:41Date: 2019/06/07 19:55:41 Date:2019/06/0719:55:41 GMT by Author:zacheissAuthor: zacheiss Author:zacheiss.