WebMail
WebMail

Using PuTTY


Introduction

To start, you might be wondering what PuTTY is. You can think of it as a replacement for 'telnet'. You probably are used to using 'telnet' to connect to EngSoc or CHAT or some other host. This has probably done you fine, so you're thinking, "Why should I switch?"

The reasons are two-fold. Firstly, you don't realize it, but whenever you login to EngSoc, or whatever, using 'telnet' you are sending your password over the Internet for all to see. This is not a good idea. (Incidentally, every time you use FTP the same thing happens. Everyone can see your password!) And, secondly, you are probably using the version of 'telnet' that comes with Windows 9x/NT/2k/XP and it sucks. In the mid-1980's most computers on the market began displaying colour. Have you ever seen any colour in one of your 'telnet' sessions? PuTTY offers you the full colour experience. Do yourself a favour and step out of the 1980's.

Getting It

First off you need to download it. Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/latest/x86/putty.exe and do whatever you have to to get that file onto your machine. Put it someplace handy, you'll be using it all the time. Then run the thing. (Double-click on the icon or run it from a command line or something.)

Using It

You'll be presented with a screen something like this:

The hostname you want to connect to will probably be 'engsoc.carleton.ca' or 'engsoc.org' or 'engsoc.com' (HINT: they're all technically the same!). The circled part of the image is the key here though. CLICK ON THE RADIO BUTTON LABELLED 'SSH'. This will change the port to '22' as in the image above. The red arrow points to the port thing.

Prince Users

Some of you might want or need to use Prince for SSH connections to EngSoc. If, for example, you connect to Carleton via dialup to one of the CCS modem pools you can telnet to Prince and use SSH to have a semi-secure connection to EngSoc or other hosts. From the shell on Prince you can do:

    {prince:1} ssh -l matt engsoc.org

You can replace 'matt' with your username and 'engsoc.org' with the host you'd like to connect to. If you were wondering, the dash 'l' stands for 'login' (I believe). If it is your first time connecting to a particular host, SSH will ask you if you are sure (because you have to accept its host key). To this you will answer 'yes'. That's y, e, s, and not 'y'. Then you will be prompted for your password. Incidentally, this is the way you'll use SSH on any UNIX system (including EngSoc).

Advanced

For you advanced users, you can do what is called "Storing the Session". In the field labelled 'Stored Sessions' you can put some string of text like "EngSoc" and then click on 'Save'. Then, next time you load up PuTTY all you need to do is double click on 'EngSoc' and you'll be dumped right into a login thing.

For you even more advanced users, you can take a look at what PuTTY has to offer in the tabbed panes listed at the top of the image above.

Politics and the SSH Protocol

If you understand why we use SSH, you can skip the rest. Surprisingly, some people still ask questions about SSH so we have included the explaination below.

There have been some questions about why we all of a sudden chose to switch to SSH. (PuTTY is merely a SSH client.) The most obvious reason is the added security of SSH compared to telnet. As explained briefly above, SSH is an encrypted protocol and this means that rather than send your account name and password (and everything else that happens in your telnet session) over the wire in plain-text, SSH sends the data in encrypted form.

While you may not be worried about sending your information in plain-text, you should be. The software equivalent of a your typical wire tap (think alligator clips and the like) is freely available and quite easy to use. It only takes one unscrupulous admin or malicious user somewhere on the network for everything in one of your telnet sessions to be saved for later perusal, passwords and all.

Sound far fetched? What can I say, other than that it happens all the time. There are people right now trying to 'sniff' your cable modem or other connection to the Internet for the sole purpose of stealing your account information. As administrators of a large system, we are worried about having a huge number of compromised accounts and would rather not deal with the problems that would cause.

Why have we not mentioned this before? Well we didn't have time before. It wasn't worth the time to try to convert every stubborn user and to explain the virtues of using SSH rather than telnet. Eventually a user's account was compromised and we had to spend dozens of man-hours locating and repairing the damage. We'd rather not do this since we are students too and have a very finite amount of time to deal with these things.

I hope this answers why we'd rather you didn't use telnet. Maybe this will help some realize that just because a program, like telnet, is shipped with every system under the sun (read: shipped with Windows) doesn't mean that it is actually any good. I find it curious that people cling to an old protocol like this for no good reason.

What if it's impossible for me to use SSH? Well, this is unlikely. If you are using a CCS administered machine it probably doesn't have an SSH client installed so you'll be forced into downloading PuTTY or using telnet. Initially we will only turn off telnet for hosts that are off campus so this should not be a problem. We won't turn off telnet for on campus hosts until a suitable client has been installed on the machines in the labs.

NOTE: You can use the Java SSH client if no suitable client is available on the PC you're using.

A little rant...

Some people still ask questions about the sudden need for security. There was always_ a need for security. We're simply improving it. If you don't understand any of what has been explained, just understand that this is all in your best interests. Surprisingly, some people have explained to us that EngSoc wasn't for any important work and it didn't matter about security. Well, if that is the case then don't worry, nobody's forcing you to keep logging in.