Remote Connections to and from DAMTP

The Secure Shell (SSH) networking protocol should always be used for communications between DAMTP systems and external networks. SSH software encrypts traffic to prevent sensitive information, especially passwords, from being read by others, and can also ensure that the computer you are connecting to is not an imposter waiting to steal your login password or other confidential information.

Protocols such as telnet which transmit passwords in clear may not be used to connect to DAMTP systems because of the danger that someone snooping traffic on a insecure remote system may discover your password and then use your DAMTP account to cause mayhem. For the same reason you should never set a login password on a remote computer to be the same as your DAMTP password in case it gets discovered in a breach of security on the remote system.

Connecting to DAMTP from outside

• You must use ssh to connect to DAMTP from outside.
  The name of a computer to use is ssh.damtp.cam.ac.uk. Other computer names are given in the computer list table.
  We have provided some brief SSH information which includes information about the messages you may see when connecting to DAMTP via ssh and suggests some programs/binaries you could use.
  If you want to be able to run X applications on the host you are connecting to you may need to tell the ssh client. We also have some brief instructions on using X applications over ssh.

  If your ssh program asks you which port to use the answer is 22.

  Further notes related to ssh:

  • Web browsing via an ssh tunnel - a bit old (describes Mozilla) but should be still true for Firefox and Seamonkey.
  • Mapping files via an ssh tunnel - for Windows XP - for access to home directory etc.
  • Using Winscp to view DAMTP files remotely - describes an old version but is still fairly accurate.
  • Not allowed to connect by ssh - what to do if the site you are at doesn't allow outgoing ssh (port 22).
• Connect to Unix and Windows desktops in DAMTP from a Windows computer
• ftp (very limited access)
• Computing Service VPDN pilot service or (for example) setting up your home computer so its web-browser acts like its accessing sites from .cam.ac.uk meaning it can access those cam-only online journals.
  You need to apply for a password from the computing service for this service.
• A seperate page describes how to transfer your DAMTP files.

Connecting from DAMTP

To connect from DAMTP to a remote site using ssh:

    ssh remote-login-name@remotesite

If your computer is running an X server you can run X applications like emacs or xterm on the remote computer with:

    ssh -X remote-login-name@remotesite

This sets up a tunnel to carry the X display traffic securely over the Internet for display on your computer.

Newer versions of the ssh clients change -X to mean something sligthly different, and add a new option -Y which has the old behaviour. See the Openssh FAQ 3.13 for details.

Note that depending on the configuration of the ssh server at the remote site, X-forwarding may not be permitted at all.

If the remote site does not offer an SSH service you may be able to connect using the insecure telnet protocol:

	telnet -l remote-login-name remotesite

Though these days very few sites will permit telnet.