Secure Remote Login
From a security perspective, the Internet is a hostile environment. In the absence of special precautions, it is prudent to expect that data transmissions can be monitored and possibly altered by third parties. Because Stanford's academic mission depends upon free communication, the campus network is largely open and should be considered as dangerous as the Internet.
The most important piece of information to protect when remotely logging in is your SUNet password. You should never type it unless you are certain it will be transmitted securely. Traditional "telnet" applications are completely insecure in this respect - any password you type could be read by anyone along the path from you to the destination system.
In order to safely communicate with Stanford's Unix systems across the campus or across the Internet we recommend using version 2 of the SSH protocol, which provides resistance to both eavesdropping and active attack.
SSHv2 clients are available for a variety of platforms.
For Windows, Stanford has a volume license for SecureCRT.
OpenSSH is available for most flavors of Unix and comes pre installed in most of them.
MacOS X comes with OpenSSH pre installed. You can run ssh from the command prompt in the Terminal application. Stanford also provides LelandSSH to assist MacOS users in establishing SSH sessions.
The original SSH protocol 1 has a number of serious flaws which could lead to a connection being intercepted. All up-to-date implementations of the SSH server support protocol 2, and the FarmShare systems will not accept connections with the older protcol.
The security of the SSH protocol ultimately depends upon trusting the validity of both the client's and the server's credentials. It is therefore vitally important for the user to verify that the server they are trying to contact has a public key that is correct and trusted. The host key fingerprint for the FarmShare cluster machines can be found in the FarmShare User Guide.