 |
Departments | Computing Division | Fermilab at Work | Fermilab Home Strong Authentication Manual | Strong Authentication Project | Fermilab Computer Security _____________________________________________________________________________________________________ Computing Division |
New Kerberos-Lite for Windows! Go to ftp://ftp.fnal.gov/pub/fnal-kerberos-clientonly/current/. The ZIP file there includes the kx509 and kxlist program and the Get-Cert.CMD script which is used to obtain KCA certificates based on a Kerberos ticket. Send questions to nightwatch@fnal.gov.
The WRQ® Reflection software (documented in the Strong Authentication Manual) allows you to access Kerberized and non-Kerberized nodes from a Windows system, but it does not provide access to ssh-only nodes. In order to connect to an ssh-only system you will need to install ssh software on your PC.
The recommended ssh software is the F-Secure® SSH Client. The TOC group can provide this software, coordinating bulk orders for a pricing advantage and chargeback for non-CD customers. No training, customization or other support is offered.
Other ssh software options include (not provided/supported by TOC) is the Tera Term Pro® freeware product, and PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/). Also see http://www.sorted.org/~chris/ssh/ for a list.
Please take a few minutes to read the following ssh-related "Guidelines for Users". These were taken from the Fermilab Computer Security home page:
The PCS group supports the F-Secure® SSH Client software product. PCS has limited licenses for this product and makes it available on an as-needed basis. Contact John Bellendir (johnnyb@fnal.gov) to request a copy. Or see Mark Kaletka's information at http://www.fnal.gov/cd/security/UserGuide/winssh.htm (note that the URL for the company has changed to www.fsecure.com, although datafellows still works). Make sure you get v1.1; Fermilab does not support v2.0! Also see "How to set up and use ftp with ssh on Win32".
Tera Term (Pro)® is a free software terminal emulator (communication program) for Windows® that includes ssh . It supports VT100 emulation, telnet connection, serial port connection, and so on. It is not supported by the PC Support group at Fermilab.
The Tera Term home page
is at
http://hp.vector.co.jp/authors/VA002416/teraterm.html . From this
page you need to download and install two programs:
Tera Term Pro and
TTSSH .
For NT (or 95), download
"Tera Term Pro ver. 2.3 for Windows 95/NT" (filename ttermp23.zip ). Then scroll down a little further on that
page and follow the link for "TTSSH: An SSH Extension to Teraterm by
Robert O'Callahan". Go down about 60% of that page to the "How to
Obtain and Install TTSSH" paragraph. Click on "Download the TTSSH
software package."
On your PC, first unzip the
Tera Term file
ttermp23.zip . Then unzip the
TTSSH file into the same directory in which you installed
Tera Term .
To use
TTSSH to log onto an unKerberized node
via an encrypted connection, just run Ttssh.exe . It
displays a screen for establishing an
ssh connection. Enter the host name and check
SSH (telnet is the default). Then click
OK . You will be presented with a logon screen. Enter your user name
and password. Check Use plain password to log in
(this is the default), and click OK . You're in!