CSCS Home Page UM Home Page



research > lab > docs > security



Security on CSCS computers

Because of attempted break-ins, we are limiting access to the CSCS computers to secure access methods only. The problem with unsecure methods of access is that they transmit passwords unencrypted. For example, when someone uses telnet to connect to a CSCS computer, that persons login and password are transmitted in regular, readable ascii text over the entire path from the users remote computer to the CSCS computers. Thus anyone with just a few "hacking" skills on any computer on that path through the internet can capture that login and password and thus be able to use it to gain unauthorized use of CSCS computers. Worse, hackers will usually use such a login for hacking into other, more sensitive computer sites.

In particular, this means rather than allowing access via telnet, we will require users to access the CSCS computers via Secure Shell (ssh). Secure Shell implementations also include ways to transfer files securely, using the scp (secure copy) command and also a secure FTP program ( sftp ). (Normal ftp also transmits logins and passwords in clear text, so we will be blocking ftp access to CSCS computers.) There are many ssh implementations, some free and some commercial. The following pages contain instructions on how to obtain free ssh/scp/sftp for Windows-based computers. Note that RedHat Linux version 7.X or higher includes openssh by default.

Secure access and file transfer from Linux machines.

Secure access and file transfer from Windows machines.

Secure access and file transfer from Mac machines.

NOTE: If you try to ssh into one of our machines, and get a message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@WARNING: HOST IDENTIFICATION HAS CHANGED!@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /users/marosen/.ssh/known_hosts to get rid of this message.
Agent forwarding is disabled to avoid attacks by corrupted servers.
X11 forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)?

Please type 'no' (don't connect) and then remove the known_hosts from your .ssh directory on the machine from which you are connecting.
To do this, in your home directory, type: 

cd .ssh

rm known_hosts
then, try connecting again via ssh.

NOTE: As of 26 November 2000 we will not allow telnet nor ftp access from any computers outside the CSCS lab.

NOTE: The links above have instructions for specific versions to download. Please make sure you use the latest version as anything before the latest version may be vulnerable to security problems.

For tips and recommendations for security on personal computers, check out our personal computing page.


Updated September 1, 2005

CSCS Home | Research | Education | Positions | People | Events | Online Resources | Contact Info | Giving | SiteMap


© 2005 Center for the Study of Complex Systems
Website by Aaron L Bramson
URL: www.cscs.umich.edu