About UC Berkeley Modems A special modem account (a login and password) is required for access to the campus modems. These accounts and passwords are often called "Home IP" accounts and passwords. You will have a ".berkeley.edu" computer name, which allows full access to UC Berkeley network services such as the UCB news server (news.berkeley.edu), the EECS instructional email server (imail.eecs.berkeley.edu) and any WEB sites that are restricted to UCB computers.

About Internet Service Providers These services often offer dialup networking (HomeIP), email accounts and WEB sites for a very good price. The hostname of your home computer will be assigned by the ISP, and it will be treated as a "stranger" by campus network servers (such as for newsgroups and email). You will have to use http://www.deja.com/ to read class-related newsgroups from home and use your ISPs email server for your outgoing "relay" host. Or, you can "ssh" into an Instructional UNIX server (such as cory.eecs), where you can use the newsgroup and email services without restrictions. For example, you can type "rn ucb.class.ee128" on a UNIX server to read that newsgroup.

1. Use campus Shared modem pool: 848-5298, 647-5117 (time limits, $20/year)
2. Use campus SHIPS modem pool: 848-1107 ($10/month)
3. Use Residence Hall network (free to Res Hall dwellers).
4. See Internet Service Provider (ISP) for a reference to commercial services that use modems (56K), high-speed ISDN, ADSL, cable modem, etc.

• Communication & Network Services
  About UCB campus modems, Home IP, Internet Service Providers, SHIP (Subscription Home IP Service)
• Connecting@Berkeley
  email, USENET, HomeIP software and services for UC Berkeley
• Exceed XWindows server (requires dialup networking, ie Home IP)
• SSH and Kerberos password security (requires dialup networking, ie Home IP)
• /share/b/pub/home-ip.help   troubleshooting tips

• Exceed   XWindows server
• SSH   password security
• MacOSX help
• Set Additional Passwords or Password-less Access
• UCB VPN   puts your remote computer on a virtual UCB network
• EECS VPN   VPN for non-Instructional EECS accounts
• file-transfers.html   for non-Instructional EECS accounts

if you are on an EECS UNIX or MacOSX computer:	You can login to one of our UNIX servers using 'ssh'.   Enable X11 tunneling before you login so UNIX graphics programs can open windows on your local computer (usually 'ssh -X').   You can copy the files to other UNIX accounts using 'sftp', the SSH file transfer program, which comes with the SSH package.   See ssh.help for more information about SSH on UNIX. All EECS UNIX systems have 'ssh' and 'sftp'.   Sample usage (for user 'jdoe'): /usr/sww/bin/ssh jdoe@cory.eecs.berkeley.edu /usr/sww/bin/sftp jdoe@cory.eecs.berkeley.edu:public_html index.html-new On MacOSX, you can logon to one of our Windows servers using the Remote Desktop Connection client.   You can set it so that the disks on your local computer are connected to the logon session on our server. When you start your RDC program, type in the name of our Windows server, then select Options->Local Resources->Local devices and click on "disks", then on "Connect".   Your local disks will appear in the My Computer window on our server, and you can drag files to and from them. On other UNIX systems, you can copy files to a Windows account using the UNIX 'smbclient' command.   See samba.help for more information.   For example (for username 'jdoe'): /usr/sfw/bin/smbclient '\\fileservice\named' -U jdoe EECS You can copy files by emailing the files to yourself as attachments and downloading them from the email server to the computer (UNIX or Windows) where you read the email.   Instuctional accounts can logon to imail.eecs.berkeley.edu to read and post email. See "tar.help" "man tar" and "man uuencode" for methods of bundling UNIX files for delivery by email. You can copy files to removable media such as a ZIP, CD-RW or DVD-RW disk, a flash memory card or a USB memory stick.   See multimedia.help for the current location of these drives in the EECS Instructional labs.
if you are on a non-EECS UNIX or MacOSX computer:	You can login to one of our UNIX servers using 'ssh'.   Enable X11 tunneling before you login so UNIX graphics programs can open windows on your local computer (usually 'ssh -X').   You can copy the files to your EECS UNIX account using 'sftp', the SSH file transfer program, which comes with the SSH package.   Most Linux and MacOSX systems include SSH.   See ssh.help for more information about SSH on UNIX. On MacOSX, you can logon to one of our Windows servers using the Remote Desktop Connection client.   You can set it so that the disks on your local computer are connected to the logon session on our server. When you start your RDC program, type in the name of our Windows server, then select Options->Local Resources->Local devices and click on "disks", then on "Connect".   Your local disks will appear in the My Computer window on our server, and you can drag files to and from them. On other UNIX systems, there is no way to connect directly to an EECS Windows directory to access or copy files.   You cannot use 'smbclient' (see above), because the related network ports are blocked from off campus for security reasons. You can copy files by emailing the files to yourself as attachments and downloading them from the email server to the computer (UNIX or Windows) where you read the email.   Instuctional accounts can logon to imail.eecs.berkeley.edu to read and post email. See "tar.help" "man tar" and "man uuencode" for methods of bundling UNIX files for delivery by email. You can copy files to removable media such as a ZIP, CD-RW or DVD-RW disk, a flash memory card or a USB memory stick.   See multimedia.help for the current location of these drives in the EECS Instructional labs.
if you are on an EECS Windows computer:	You can login to one of our UNIX servers using the SSH Secure Shell.   Enable X11 tunneling before you login so UNIX graphics programs can open windows on your PC.   (Click on Tunnel X11 connections from the Edit\Settings\Tunneling screen.)   You can copy files to your EECS UNIX account using the SSH Secure File Transfer program, which comes with SSH Secure Shell.   After you login with SSH, select Window\New File Transfer to open a file transfer window. All EECS Windows systems have the SSH Secure Shell client.   You can locate the program from the Start\Programs menu.   Then click on Quick Connect to get started.   You can logon to one of our Windows servers using the Remote Desktop Connection client.   You can set it so that the disks on your local computer are connected to the logon session on our server. When you start your RDC program, type in the name of our Windows server, then select Options->Local Resources->Local devices and click on "disks", then on "Connect". Your local disks will appear in the My Computer window on our server, and you can drag files to and from them. You can copy files by emailing the files to yourself as attachments and downloading them from the email server to the computer (UNIX or Windows) where you read the email.   Instuctional accounts can logon to imail.eecs.berkeley.edu to read and post email. You can copy files to removable media such as a ZIP, CD-RW or DVD-RW disk, a flash memory card or a USB memory stick.   See multimedia.help for the current location of these drives in the EECS Instructional labs. You can connect to your UNIX home directory (the Instructional UNIX file server is "mamba").   If your username were 'jdoe', you would type this in the Windows Start->Run... text entry box: net use X: \\mamba\jdoe /user:eecs\jdoe You can connect to another EECS Windows directory (the Instructional Windows file server is "fileservice").   If your username were 'jdoe', you would type this in the Windows Start->Run... text entry box: net use Y: \\fileservice\named\jdoe /user:eecs\jdoe Here are examples of home directory paths for EECS Windows accounts: \\fileservice\named\jdoe   (Instructional named account) \\fileservice\ee20n\sp07\ee20n-ab     (Instructional class account) \\coeus\users\jdoe   (non-Instructional account) If you are prompted for a Username and Password, here is an example: Username: EECS\jdoe Password: [ Windows password for jdoe ] Note that Windows can remember only ONE user's permissions per file server, so if you try to connect to a second home directory on the same server, you will not be asked for another Username and Password.   Instead, you will be connected using the permissions of the first connection you made.   So it is likely that the second connection will not have full access permissions or will not be permitted at all.   The only way you can get full acess to the second home directory is to logout of Windows, login again and connect to that home directory first.
if you are on a non-EECS Windows computer:	You can login to one of our UNIX servers using the SSH Secure Shell.   Enable X11 tunneling before you login so UNIX graphics programs can open windows on your PC.   (Click on Tunnel X11 connections from the Edit\Settings\Tunneling screen.)   You can copy files to your EECS UNIX account using the SSH Secure File Transfer program, which comes with SSH Secure Shell.   After you login with SSH, select Window\New File Transfer to open a file transfer window. You can logon to one of our Windows servers using the Remote Desktop Connection client.   You can set it so that the disks on your local computer are connected to the logon session on our server. When you start your RDC program, type in the name of our Windows server, then select Options->Local Resources->Local devices and click on "disks", then on "Connect". Your local disks will appear in the My Computer window on our server, and you can drag files to and from them. You can copy files by emailing the files to yourself as attachments and downloading them from the email server to the computer (UNIX or Windows) where you read the email.   Instuctional accounts can logon to imail.eecs.berkeley.edu to read and post email. You can copy files to removable media such as a ZIP, CD-RW or DVD-RW disk, a flash memory card or a USB memory stick.   See multimedia.help for the current location of these drives in the EECS Instructional labs.

The easiest way is to logon to our WEB mail client at http://imail.eecs.berkeley.edu.

You can also use an email client such as Firefox, Outlook, Eudora, mutt or pine.   First, you have to configure it to logon to our server.

Here are instructions for configuring for CalMail and Imail:   http://istpub.berkeley.edu:4201/bcc/Spring2005/calmailsecurity.html

The CalMail instructions also work for Imail; just replace the server name calmail.berkeley.edu with imail.eecs.berkeley.edu in the instructions and use your EECS Instructional UNIX logon name and password.

There are many versions and options for setting this up, so it is not possible to list the procedure for each one.   But once you find out where to enter it (usually under a "Preferences" or "Options" menu or in a configuration file), here is the information that is needed for Imail:

Purpose:	Name:	Settings:
news server from on-campus; no password	news.berkeley.edu	not SSL, no logon required, not SPA, port 119
news server from off-campus; use CalNet ID	authnews.berkeley.edu	requires SSL, requires logon, not SPA, port 563
incoming email server	imail.eecs.berkeley.edu	IMAP, requires SSL, not SPA, port 993
incoming email account name	login@imail.eecs.berkeley.edu	"login" = your Instructional UNIX account name
outgoing mail server (ask your ISP)	typically it's just "mail"	typically it's POP, not SSL, port 25
outgoing email account name	you choose this	you configure this in your email client

1. ~yourlogin/mbox, if that file exists
2. ~yourlogin/Mail, if you have our standard .procmailrc file
3. somewhere else, if you configure it in your .procmailrc file

1. The error message "Error writing Fcc" is caused by inconsistent file locking under UNIX. You can often correct this by ending all of your active mail server connections and deleting these 2 files on UNIX:
   /var/mail/{yourlogin}.lock
   ~{yourlogin}/.Maillock
   

• Login to your Instructional UNIX account.
• At the UNIX command line, type (for example):
  echo "me@newaddress.edu" > .forward

We will keep forwarding your mail as long as the account has not been deleted from our disks (about a month after it expired).

• EECS InstCD   (class-related software for EECS students)
• Microsoft E-Academy   (Microsoft software for EECS students)
• Microsoft's Consolidated Campus Agreement (MCCA)   (Microsoft software for other UCB departments)
• Connecting@Berkeley   (Windows and MacOS software, for all UCB students)
• The Scholar's Workstation   (computer store in University Hall, for all UCB students)
• GNU+Cyngus+Windows = cygwin   (UNIX Programs for Win32, shareware)
• Java Development Kit(JDK) from Sun   (Windows and Solaris, shareware)

1. Don't use the telnet programs that come with Exceed, XDarwin, etc.
2. Login to UNIX using "ssh" with "Forward X11" enabled.
3. Start Exceed (PC) or XDarwin (Mac).   Be sure it allows access from the UNIX system.
4. Type "xterm" or etc in the UNIX window.   A window should pop up on your PC or Mac screen.

You need a program for reading and posting news. The Mozilla WEB broswer includes the "Thunderbird" program. In the Account Settings options, you would typically enter "news.berkeley.edu" in the news server (NNTP) settings. There is no login, password or encryption associated with access to the news news server. Mozilla Thunderbird has the advantage of working on all of the operating systems that are common in EECS: UNIX, MS Windows and MacOS.

On UNIX systems, there are several other news clients, including tin and pine. You can learn how to use them from their UNIX "man" pages.

The campus USENET newsgroup server is news.berkeley.edu.   Starting in August 2003, you can access this server from off-campus computers.   For instructions, go to http://www.net.berkeley.edu/usenet/aus/.   After configuring your email program, you will login to authnews.berkeley.edu using your CalNet ID.   (Note: CalNet passphrases that contain spaces will not work on authnews.berkeley.edu.)

For status reports about news.berkeley.edu and authnews.berkeley.edu, please see http://technical.ist.berkeley.edu/news.shtml and http://cns.berkeley.edu/cgi-bin/listnews.cgi?group=ucb.net.announce.

If you do not have a CalNet ID (such as students enrolled via UC Extension or the National Technical University CalView program) you can get around this restriction by using your EECS Instructional UNIX account:


1)	Use our password-protected WEB site:	http://inst.eecs.berkeley.edu/webnews proxy server; accesses news.berkeley.edu only. Requires an Instructional UNIX login/password.
2)	Login to a UNIX system on campus:	For example, you could "ssh" into "cory.eecs.berkeley.edu" and type "tin ucb.class.ee128" to read that newsgroup.
3)	Use ssh tunneling (credits to Jefferson):	If you're using ssh or putty to work from home, then you can have it tunnel your newsgroup request through whatever server you're logged into. You can read up on the help, but the quick summary is open up the properties, select the forward tab, make a new Local forwarding, set its source and destination ports to 119, and the destination host to news.berkeley.edu. Change your home newsgroup reader so it tries to read the newsgroup from 'localhost'. It will try to access your computer's news server port, which will be forwarded by SSH to [the news server] through whatever server you're connected to. Same method works with Uclink mail too (different ports and server, of course).

Purpose:	Name:	Settings:
news server from on-campus; no password	news.berkeley.edu	not SSL, no logon required, not SPA, port 119
news server from off-campus; use CalNet ID	authnews.berkeley.edu	requires SSL, requires logon, not SPA, port 563
incoming email server	imail.eecs.berkeley.edu	IMAP, requires SSL, not SPA, port 993
incoming email account name	login@imail.eecs.berkeley.edu	"login" = your Instructional UNIX account name
outgoing mail server (ask your ISP)	typically it's just "mail"	typically it's POP, not SSL, port 25
outgoing email account name	you choose this	you configure this in your email client

The standard "ftp" command sends passwords in clear-text over the network. This is true of the UNIX-based versions as well as the Exceed "ftp" command on MS Windows and "fetch" on MacOS.
SafeTP is a secure version of "ftp" that you can use on UNIX and MS Windows systems.

Logins using Ssh:

Logins using Kerberos:

Ssh replaces the "telnet", "rlogin", "rsh" and "rcp" programs with ssh and scp. Ssh works with your existing Instructional UNIX account and password. You can download 'SSH' here (free) for use from home, for most types of computers. To use "ssh" and "scp" without a password between UNIX computers, see How Do I Copy Files Between Computers? above. For secure file transfers, use scp (UNIX-UNIX) or Samba (NT-UNIX). There is no Ssh "ftp" program. (see SafeTP.) To use "ssh" in the Instructional labs: UNIX: /usr/sww/bin/ssh, /usr/sww/bin/scp Type "man ssh" and "man scp" for usage. Win2K: "Start\Programs\SSH Secure Shell Client". For file transfers, select "New File Transfer" from the "Window" menu.

Kerberos requires a special user account and password on the departmental Kerberos server, and undergraduates typically do not get these accounts. Faculty, graduate students and staff who have Kerberos accounts can login to the EECS Instructional computers using Kerberos. See /share/b/pub/kerberos.help for usage. There is no Kerberos "ftp" program. Kerberos is typically not installed on NT systems in the the EECS labs.

Be sure that all links in your connection are secure before you type a password that you don't want to risk. If you "telnet" into one computer and use "ssh" from there, you risk this scenerio:

               unsecured               "secured"
       (home)-------------(computer1)--------------(computer2)
               (telnet)                  (ssh)
                  ^               
	          |
                  +- This is where a cracker could get anything 
		      you type to computer1 or computer2
      

Questions about SSH:	Answers:
1. Is the "pass phrase" like the password on a UNIX account? Does it need to be long, and with nonalphabetic characters etc.? What happens if someone guesses it?	1. Passphrase is like a password, which is used to enable increased security (it is not required). "ssh-keygen" creates it. The UNIX "man ssh-keygen" command says "The passphrase may be empty to indicate no passphrase (host keys must have empty passphrase), or it may be a string of arbitrary length. Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable..." If someone guesses it, they can login to your account and do bad things.
2. Suppose you work on more than two accounts (for example: my home Mac, my campus Mac, my hera account, from which I access a variety of other accounts). Will one key suffice for the various accounts that I use for initial login, or should I have different keys?	2. The SSH2 passphrase is stored in files in your .ssh2 subdirectory on UNIX, or in your UserKeys folder on Windows. The files could be unique in each account, or they could be copied (do it securely using scp!) to other accounts.
3. Every time I login with ssh, I get the message that hera is sending a previously unknown key (or some such thing). What's going on here, and what's the proper response?	3. If you answer "yes" to the question, ssh will add the key of the remote host (ie "hera") to your ~/.ssh2/hostkeys directory (UNIX) and you won't be asked again, unless they change the host key on hera (or someone is pretending to be hera on the network).

It seems that the F-Secure ssh program fails to allow you to set the alt keys to send the meta code. The Secure CRT product seems to do this better. Users who need this feature through F-Secure "ssh" can:

1. Login to their UNIX account with "ssh" and X11-forwarding.
2. Start the Exceed window manager on their local PC .
3. Run the UNIX "emacs" command, which will pop up emacs on the screen.