SSH ("Secure Shell") Terminal Clients and Orion

Login Security Issues on Orion

As you are aware, computer security is an ongoing concern at Loyola and in the Internet world at large. A major area of concern involves the theft of unencrypted passwords & login I.D.'s passed openly to Orion during the login process. These can be used by "hackers" to gain unauthorized access to Orion & possibly cause malicious damage to Loyola's or someone else's servers or data, or even bring down Orion. For this reason, as of Wednesday, April 16, 2003, Orion administration will no longer allow the use of TELNET, an unsecure method to connect and login to the ORION server.

Information for Windows and Macintosh users about how to connect to Orion securely is explained below.

What You Have To Do

Formerly, plain Telnet (unencrypted, "clear text") terminal sessions connected to Orion thru port 23. After the change, this port will be unavailable (closed), and users will have to use a terminal-session client which supports the SSH ("Secure SHell") method of LoginID/password/session encryption and connects thru (SSH) port 22.

Three Workstation Scenarios:

Case 1: You are a Windows user on-campus, and have access to the "Loyola Software"(Windows) applications.

• From the "Start" button in the lower left corner, click on "Loyola Software", "Internet Tools", "SSH Telnet Client".
• After the program has started, click on "Quick Connect".
• "Host Name" should be "orion.it.luc.edu".
• "User Name" should be your username (Orion ID).
• "Port Number" should be "22".
• "Authentication Method" should be "Password".
• Click on "Connect".
• If a "Host ID" message appears, stating that you are connecting to Orion for the first time & Orion has identified itself, click on "Yes" to save Orion's "host key" in SSH/Telnet's database of encryption keys.
• Provide your Orion password when prompted and click "OK".
• When you are finished:
  • Be sure to exit Orion first by entering "exit" at the Orion prompt until the session closes.
  • Only then should you exit the SSH/Telnet program itself. This insures that you are truly logged off Orion.

You will have to install an SSH/Telnet terminal client for your Orion session. While there are others available, we recommend "PuTTY", a free program, which is secure and easy to use.

After you have saved the downloaded program, click on the "Start" button in the lower left corner, click on "Run", and select the PuTTY installer as the program to be installed. Accept the defaults (unless you decline the desktop icon, or the PuTTY "Start Menu" group creation under the "Start" button).

When PuTTY is installed (Basic Instructions for Use):

• Start the PuTTY program. In the center of the panel, highlight (click on) "Default Settings".
• At the top, click on the "SSH" button as the "Protocol". Note that the "Port" number changed from "23" to "22".
• "Host Name" should be "orion.it.luc.edu".
• Click on the "Open" button to connect to the server.
• IF you get a "PuTTY Security Alert", stating that the server's (Orion's) encryption key has not been saved in PuTTY's key database, click on "Yes" to save Orion's "host key" in PuTTY's database of encryption keys.
• At this point, a terminal session screen should open on the Orion server. Provide your Orion login I.D. & password when prompted.
• When you are finished:
  Keep entering "exit" at the Orion prompt until the session closes. This will terminate BOTH the Orion session AND the PuTTY program on your workstation.

For Mac OS X:

You have 2 options:

• The simplest, least-involved option is to open the "Terminal" application in the "Utilities" folder in OS X, and then run the "ssh" program (distributed as part of Mac OS X) from within the terminal window by entering:
  
  ssh [yourorionid]@orion.it.luc.edu
  The "man"[ual] pages for the ssh program should be available in the OS X terminal session. To read them, enter the command:
  
  man ssh
  Once in the manual pages, the spacebar key pages forward, "b" pages backward, "h" shows the help page, & "q" quits the manual pages.
• Start the "Classic" Mac OS, which will run as a program "under" Mac OS X. Then, within "Classic", you can run the "MacSSH" program, described below.

For Mac OS 7.5.1 or higher:

You will have to install an SSH/Telnet terminal client for your Orion session. While there are others available, we recommend "MacSSH", a free program, which looks to be one of the most mature of its type.

System Requirements for MacSSH are:
Operating System: System 7.5.1 or higher.
Memory: 32MB Ram.

For ALL Macintosh Users:

• The first time you log onto Orion, you will get a message stating that its encryption (security) key "has never been seen before" by your workstation (or "is not found in your workstation's 'known-hosts' file"), and do "you want to trust it" (or accept this key as authentic, and from Orion)? Depending on your SSH client, either click on the "Accept and Save" button, or enter "yes" to save Orion's "host key" in your workstation's database of encryption keys.
• When you are finished:
  Keep entering "exit" at the Orion prompt until the session closes. This will terminate BOTH the Orion session AND the SSH program in the terminal window on your workstation.

Resources:

• Orion's SSH ("Secure SHell") resources page.
• PuTTY's download page.
• MacSSH's homepage.
• SSH FAQ ("Frequently Asked Questions") webpage.
• Orion's homepage.

If you have any questions, comments or suggestions regarding this document (or any other issue related to Orion), feel free to contact us via email at admin@orion.luc.edu.