CCRMA: Remote access to CCRMA computers

Remote access to CCRMA computers
This document attempts for explain current options for remote access to computer resources at ccrma. When there are safer alternatives you will see the phrases "please don't use telnet" and "please don't use ftp" repeated over and over. Both protocols are highly insecure and will eventually be disabled. Both the login name and the password are sent out as plain text over the network. That means that anywhere in between the computer you are using and the host you are connecting to someone might be listening to the network packets going by using a "sniffer" and will be able to see your password. This not only compromises your account but the whole ccrma environment as well. A cybercriminal that steals you password will use your account to try to find security vulnerabilities that can only be exploited locally (by the way, when you login always pay attention to the message that tells you where did you last login from and immediately report any anomalies).

In a nutshell: you can use two protocols to securely connect to ccrma-gate. The ssh package can be used to login (through slogin), execute remote commands (through ssh) or transfer files (through scp). Kerberos authentication can also be used to create a secure and encrypted telnet session to ccrma-gate.

To access a ccrma computer...
... from CCRMA
... from CCARH
... from other computer clusters at Stanford
... from a personal computer at Stanford
... from a personal computer somewhere in the world

To CCRMA from within CCRMA
All unix based ccrma hosts have the ssh package installed. If you want to login remotely from one ccrma host to another you should use slogin. To copy files from one ccrma host to another use scp. Please do not use telnet or rlogin to login remotely, or ftp to transfer files.

To CCRMA from the CCARH computer clusters
All linux ccarh hosts have the ssh package installed (thanks to Craig). Use slogin ccrma-gate to login remotely and scp to transfer files to and from ccrma machines. If your ccarh account and your ccrma account have different names, you will need to say "slogin -l account ccrma-gate", where account is your ccrma login name; or "scp account@ccrma-gate:somepath ." to copy a file from "somepath" in ccrma-gate to the current directory in the ccarh host. Please don't use telnet or rlogin to login remotely, or ftp to transfer files.

To CCRMA from other computer clusters at Stanford
Please don't use telnet or rlogin to login remotely, or ftp to transfer files. Here are the options you have available to do both:

login through kerberos
If you are connected to a Stanford machine through the kerberos authentication system you should be able to securely login to ccrma-gate by saying "ktelnet ccrma-gate". You will not need to enter your ccrma account name or password and your kerberos and afs tickets will be automatically forwarded to ccrma-gate (please remember to "kdestroy" them before logging out of ccrma-gate). The authentication dialog is encrypted as well as the session itself, so nobody will be able to eavesdrop by listening to the network traffic.

IMPORTANT: for kerberos logins to work at CCRMA you have to create a file in your CCRMA home directory named ".klogin". It should have one line containing the text "account@IR.STANFORD.EDU" where account is your leland id (which might be different from your ccrma login name).

CAVEATS: Samson for Windows (part of the PcStanford package) authenticates correctly through kerberos but does not seem to negotiate encryption correctly with the current version of the software installed in ccrma-gate. That means your password will be secure but your session will not be encrypted. Any sensitive information (like another password) that you type can be eavesdropped. MacSamson (part of the MacStanford package) has been observed to sometimes incorrectly negotiate the initial authentication, turning the terminal window into a random character generator. I have not been able to reproduce this behavior, your mileage may vary.

login and file transfer through ssh
All Sweet Hall clusters have the ssh package installed. You can safely login to ccrma-gate using slogin or copy files using scp. If your leland ID and your ccrma login name are different you will need to say "slogin -l account ccrma-gate", where account is your ccrma login name; or "scp account@ccrma-gate:somepath ." to copy a file from "somepath" in ccrma-gate to the current directory in the current host. Please don't use telnet or rlogin to login remotely, or ftp to transfer files.

To CCRMA from a personal computer at Stanford
from a Mac
If you have MacStanford installed and you have a leland ID you can use MacLeland to get kerberos tickets and then use MacSamson to create an encrypted telnet session to ccrma-gate. This is in no way different than, let's say, a secure login to a Sweet Hall host.

from Windows
If you have PcStanford installed and you have a leland ID you can use PcLeland to get kerberos tickets and then use Samson for Windows to create an encrypted telnet session to ccrma-gate. This is in no way different than, let's say, a secure login to a Sweet Hall host.

from Linux
Get and install the ssh package. You will be able to use slogin to connect to ccrma-gate and scp to transfer files. Please don't use telnet or rlogin to login remotely, or ftp to transfer files.

To CCRMA from a personal computer somewhere in the world
from a Mac, with a Leland ID
If you have MacStanford installed you can use MacLeland to get kerberos tickets and then use MacSamson to create a secure encrypted telnet session to ccrma-gate.

from a Mac, no Leland ID
Nifty Telnet has a version that includes the ssh protocol. Regretfully you can only use it legally if you live outside the USA. If that's the case you can use it to securely connect to ccrma-gate.

from Windows, with a Leland ID
If you have PcStanford installed you can use PcLeland to get kerberos tickets and then use Samson to create an encrypted telnet session to ccrma-gate.

from Windows, no Leland ID
TeraTerm Pro has a freely available ssh extension that can be used to securely connect to ccrma-gate. Follow the directions and of course make sure that you select "ssh" as the connection protocol.