How to download the F-Secure clients (SSH1 or SSH2)
You need to get "F-Secure SSH Tunnel & Terminal Client" for Windows or Macintosh These directions refer to the Windows version. I am hoping the Macintosh version is similar. After typing in your personal information you will be given the choice to download either version 2.0 or 1.1.
Version 2.0 will only work when the Unix server you will be connecting to is running the version 2 SSH server. The Mathematics department server is now running version 2. Although the download page implies that version 1 is for Windows 3.1 and version 2 is for Windows95/NT etc, version 1 also works on Windows95/NT machines. Data Fellows recommend that you download both if you will be connecting to different sites (that possibly run different versions of the server).
Ask the download to "Save" on your disk the two packages. SSH1 comes in a zipped package that you have to click on to unzip and install. During the installation ignore all the references to passphrases etc and simply accept the defaults.
SSH2 comes in a self-extracting application that again you have to click on to install. It then requires a reboot.
How to configure your applications to run securely through SSH2
After your machine is rebooted, go to Start / Programs /F-Secure SSH2 / F-Secure SSH2 You will then you get the Properties Dialog, where you need to give your server's IP address and your username. The default port that the server is using to accept ssh connections is 22.
Clicking OK should enable you to connect to the server through an ssh session (much like a telnet or rlogin session).
To be able to use ftp, netscape, and mailtools securely, you need to make all those clients talk to their corresponding server processes (ftpd, httpd, imap, pop) through Port 22 above. When your password is transmitted through this port it is encrypted and cannot be copied by any of the so called "sniffer" programs "listening" for typed passwords (a common door for break-ins).
Click on Properties/Tunneling/Local Tunneling/Add/ A dialog called "Forwarded Connection" will come up.
Source Port is the port that your application uses in your computer. The default port numbers are
25 for sendmail
21 for ftp
80 for http
110 for pop clients
143 for imap clients
Destination Host is the IP address or name of the server you are trying to reach. This would be 128.42.62.24 for the math server.
Destination Port is the port that the service you are trying to reach is listening to at the destination. The default port numbers are
25 for sendmail
21 for ftp
80 for http
110 for pop clients
143 for imap clients
Application to start is the application you are trying to encrypt. This would be (respectively)
the ftp program executable (such as WS-ftple etc)
the browser (netscape executable, explorer etc)
the pop mailtool (such as eudora, outlook, messenger when configured for pop service)
the imap mailtol (any of the mail tools configured for imap service).
You may omitt the application definition, as I will explain below.
There are two ways to configure your applications
You may choose to add all the forwarded ports WITHOUT specifying the application for each, then click OK and from the File menu click on Save as. Choose a name, say math_connection. To use one of those ports securely, for example to ftp securely, you will then need to follow this process: Start F-Secure, open Session "math_connection" and login to math. Then you can start your ftp tool, that will now be running in a secure mode. IT IS IMPORTANT to remember that you must ask ftp to connect to localhost NOT to math.rice.edu. (For the ftp application you must also make sure you have client that supports Passive mode; please see the note below).
In the same manner, localhost should be declared as your mail server, smtp server, pop server etc.
Alternatively, you may choose to add one port only AND specify the associated application, then click OK and Save this session as something specific to the application. For example, if you added port 21 and specified the executable of WS_FTP LE as the application, you may call it "mysecureftp". From now on, when you start ssh2, and choose from File to Open Session File "mysecureftp", you will beasked to login and then WS_FTP will be started for you and connect to the destination host.
Important notes on configuring ftp
First, your ftp client must support "Passive mode". For example, WS-FTPLE has a "Passive Mode" button in the Advanced tab of its Session Properties. Have "Passive transfers" checked.
Second, you must configure the session to connect to localhost (not, say, to math.rice.edu. WS-FTPLE will talk to local port 21, which will forward to math's port 21 through the secure ssh port 22. Now math will think your connection is local to it, and will allow it).
|
The Department | People | Seminars & Events | Courses & Programs | Graduate Study | Undergraduate Study | VIGRE | Resources & Projects | Links |
||
 |
 |
|