This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
>From: "Corcoran, William T" <address@hidden> >Organization: Missouri State >Keywords: 200508291349.j7TDnujo003962 McIDAS ADDE Hi Bill, re: I can't SSH (Secure Shell) to your machine >Don't know ssh. Don't have any firewalls of which I am aware. I would be suprised if there wasn't a firewall somewhere along the line. As far as SSH, if you don't have SSH access to your machine, how do you login from outside of the campus domain? Telent? If yes on telnet, all I can say is OUCH since telnet is a giant security hole! It is very likely that your campus IT group has implemented a firewall that limits access to your subnet. I say this because I am unable to: - telnet in - SSH in - ping your machine >Can't find anything on ssh on my machine. No service listed at 22 (21 >and 23 yes, even I know telnet). OK. >Inted.conf has nothing to start listed >for ssh. This is an old AIX 4.3 machine. OK. My system administrator is not here today, so I don't know if SSH (sshd) was available with AIX 4.3. I know that it was available _for_ AIX 4.3 because our old (and tired) AIX 4.3 machine is running it. >Is that how you used to access our machines? We limit logons to SSH, and we use one time passwords that are generated using a CryptoCard. We also have pretty much all other services locked down/out. Hackers are continually trying to break in to machines anymore, so it is unacceptable to not have one's machine firewalled. This is why I think that your campus IT group must be doing this for the campus network. >Sorry for being a Neanderthal. :-) No worries. Cheers, Tom -- NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us. >From address@hidden Fri Nov 11 16:03:21 2005 Well, this will get more embarrassing by the moment but let's press on. The only thing of substance is: At the time you were probably trying to get on our machine, I had networking screwed up. I couldn't ping or traceroute your machines either. We have since rebooted and all is back to where we were before...no mcidas, but at least back with ping and traceroute giving correct results. As far as the rest of it goes, yeah, we're real open. From our Networking Services page: We have blocked the following ports for security and virus vulnerability reasons: 135 - 139 MS File and Print Sharing 445 MS File and Print Sharing 593 MS File and Print Sharing 1311 Dell vulnerability 1433 -1434 SQL 3389 MS Remote Desktop Protocol 4444 MS File Sharing Vulnerability Any problems, I am sure, are with cumulus, not with firewalls beyond. Oddly enough, in searching for ssh or sshd, I found a hack with eggdrop, and all the files, under /usr/lib/boot/ with eggdrop IRC bots crap had ssh in it...so I guess they were using that too. Anyway, I guess I'll just keep throwing darts at my networking. Let ya know when I find something. Bill