Plain telnet and ftp service on pangea ends July 16, 2007.

June 25, 2007

The insecure, plain text versions of the network connection services telnet and ftp will be disabled on the School of Earth Sciences server, pangea, on July 16, 2007. The secure alternatives ssh and scp or sftp must be used instead, starting on July 16. Although ftp logins with normal pangea accounts will end, the anonymous ftp service will continue on pangea. It can be used to distribute and receive files with outside colleagues.

Switch to an ssh client program, such as the Stanford site-licensed SecureCRT program for Windows Vista/XP/2000, or the LelandSSH graphical front-end to the built-in command-line ssh program on Mac OS X, to make command-line logins to run programs on pangea. The old Samson program should also continue to work if you login to pangea with your SUNet ID name and SUNet password.

To transfer files to and from pangea, switch to an scp or sftp program, such as the Stanford site-licensed SecureFX program for Windows Vista/XP/2000, or the Fetch program (version 5 or later) for Mac OS X. Make sure that these programs are setup to connect via the sftp protocol, not the old plain ftp protocol. Pangea home directories, plus certain other disks such as /scr1, will also continue to be available as network file shares, when connecting from the Stanford network only, using Windows or Mac OS X computers.

Programs used to maintain web sites, such as Dreamweaver, are often configured by default to use the plain ftp protocol to upload or download files. They will stop working when connecting to pangea after July 16, unless you change the configuration to use the sftp protocol. Dreamweaver versions prior to 2004 must be upgraded to get sftp support.

Why is this happening? Telnet and ftp were the original Internet programs for remote logins and file transfers on the network. They date from a time when the Internet was a friendly place consisting mostly of research computers, so they happily send your login password, and all your data, over the network in plain text. Today, this is a serious security risk. A hacker who has compromised a computer or router in the network path can potentially capture passwords from telnet and ftp connections. The ssh and sftp programs are the secure replacements. They are now widely available and there is no good reason to allow continued insecure connections with the older protocols.

Note that connections to telnet and ftp services on computers in Earth Sciences other than pangea were already blocked from outside our network by the network firewall that was implemented on May 30, 2007.

Comments or Questions?