The Computer Systems Lab is transitioning from insecure remote access (such as telnet and ftp, which transmit passwords over the network without encryption) to only allowing secure remote access. This document describes that transition and the steps users need to take in order to continue to remotely access CSL facilities.
Several other computing facilities on campus are undertaking a similar transition.
Regular telnet and ftp connections transmit your password over the net in "plaintext" -- your password is not encrypted or protected in any way. It is possible for others to eavesdrop on the network and capture your username and password.
With your username and password, they can then easily use your account, reading or changing your files, electronic mail, etc.
The CSL supports two packages to provide secure remote access: Kerberos and SSH. Both use strong cryptography to protect your passwords and other data. Kerberos telnet and Kerberos-authenticated POP (the Post Office Protocol, for retrieving email from a server) are the default within the CSL network, but are difficult to install and configure at home. Therefore, we are recommending SSH (instead of kerberos) for use from home and other sites.
In addition, we have established the computer route66.cs.wisc.edu as a remote-access host for users who need secure POP connections to pop.cs.wisc.edu or secure FTP connections.
Note: Due to faculty concerns regarding the transition, this schedule has been suspended pending discussion by the faculty. The Computer Systems Lab continues to strongly encourage the use of SSH.
Because we know that users will need some time to download and install the SSH software, we have devised the following transition strategy: