Remote Access with Responsibility
There are many occassions on which it may be useful to access computers here remotely. Herewith some of the things to consider, given the rise of hacking and the ease with which a lax attitude to security can affect the whole Group, Department or University. Remote simply means `not TCM'. Colleges are certainly remote!
The Problem
An account on a UNIX machine is all a hacker needs to launch attacks on other machines. A user account on most UNIX machines is all a half-competent hacker needs to break root's account (and everyone else's) and monitor all local network traffic too. It is generally better if this does not happen.
A user id and password is all that a hacker needs, and whilst most protocols encrypt these, if the machine on which you are working is compromised, then there is nothing you can do to prevent passwords being lost: all keystrokes can be intercepted before they even reach the application which might encrypt them. Insecure networks can be used reasonably by encrypting all traffic.
The bottom line...
...placed near the top.
If you do do something insecure with your password, do change it as
soon as possible afterwards, to reduce the time any malicious person
has in which to use it. If you realy cannot bear the thought of
discarding the password you have been using for the past decade (and I
sincerely hope this is
Now a consideration of email, logins and file transfer.
If one's only need for remote access is email, there are many solutions.
Don't
A conference is a holiday afterall, and one should not pretend otherwise...
Use Webmail
For you would never use the same password for your TCM account and a webmail account, would you?
Use a Free Commerical Email Account
Various providers offer free accounts which can be used in a semi-disposable fashion.
Login access (text only)
Use ssh
A responsible institution will both provide ssh clients and keep its network secure, an irresponsible institution will do neither...
Ssh is freely available for UNIX, Windows and MacOS, and maybe other things too. It is installed by default on UNIX and MacOS X, for Windows PuTTY exists and can be downloaded and run without administrator access (as can all decent Windows software).
If using ssh over an ancient modem, or a 3G link, one should compress the data first, as the modem will be unable to compress the encrypted data. Under UNIX, `ssh -C' achieves this, and similarly for scp.
If using ssh over home broadband, or other things with NATing routers which drop idle connections, if you find idle ssh sessions simply lock up after about five minutes of idleness, you may wish to try
ssh -o 'ServerAliveInterval 240' -C [user@host]This should fix the issue by creating a small exchange of data every four minutes.
If this works, you may wish to place that option in your ssh configuration file. For UNIX that is probably ~/.ssh/config.
Login access (X11)
Use ssh
Trivial from a UNIX machine or MacOS X 10.5 and later. From a Windows machine one also needs an X server. Whilst I have no access to a Windows machine to experiment, I hear good reports of MobaXterm.
For more frequent access, e.g. from a home computer, it might be worth investigating VNC - it is generally faster than ssh.
File transfer
Use sftp
Supported by all TCM's computers, and clients are as common as ssh clients. Various GUIs exist, but the command line approach of put, get, cd and lcd will be familiar to all over the age of about thirty five, since it is the same as the older, and much less secure or even reliable, ftp program.
Use scp
As widely supported as ssh, but a slightly less friendly interface than sftp. On the other hand, it handles recursive transfers better than most ftps, and is, of course, encrypted being based on ssh. The syntax is simplyscp [-r] source destinationwhere -r asks for recursive copying of subdirectories and the syntax for specifying a remote source or destination is
[userid@]machine.name:path/relative/to/home/directoryor
[userid@]machine.name:/path/relative/to/root/directoryIt is essentially an obvious extension to the syntax of cp.
Anonymous Downloads
Use http (i.e. your public_html directory and a WWW browser). We don't automatically generate indices of files in the public_html directory, so files are hard to access unless one knows there names.