IT Services



The GNU/Linux service


Contents

OUCS provides a general-purpose computer running Debian GNU/Linux. This service is available to University members who have an Oxford account. However, people with card holder and virtual access University card status do not qualify for the Linux service.

The service is accessed using your Oxford username and password on secure login to linux.ox.ac.uk. A wide range of software is provided, but does not include any commercial programs. There is no mail delivery to the system, but mail clients like pine and mutt can be used to talk to Nexus. Personal web filestore can be accessed.

Before using a linux.ox.ac.uk account for the first time, it needs to be activated. To do this, visit the web-based account management interface and choose Activate shell account.



1. Security and the Linux service

For security reasons it is not possible to use telnet and standard ftp to access the Linux service. Instead you must use secure access, which ensures that traffic (especially passwords) is encrypted. Client programs are available for most computer platforms and installation and use of some of them is described in the client section.

Please note that following a security advisory regarding a weakness in cryptographic key generation issued on 13th May 2008, the SSH keys and therefore the key fingerprints were changed. You may need to explicitly permit your ssh client to connect to the ssh server after verifying the fingerprints. When accessing the shell service, you should verify the SSH fingerprints presented by your client against the following:

          RSA1 2048 42:a4:91:3e:4c:d6:37:d9:2c:92:f8:63:8e:8e:d1:44
          RSA 2048 12:05:75:ee:73:a7:6d:3d:27:f3:fd:32:c7:5d:9b:09
          DSA 1024 83:62:92:01:52:c6:d1:ed:f4:99:40:6a:e8:2f:95:e2
        

or if you are using the commercial SSH client:

          RSA1 2048 xilof-gikil-guvut-kisan-memyl-vikec-lahap-fabuv-rudil-hakic-gixax
          RSA 2048 xuden-sisas-kidum-dikul-socol-lepiv-gutyn-kizob-darif-zuset-tuxux
          DSA 1024 xenar-parit-lebud-bihyg-dopof-tudad-saryv-capal-kinug-musup-vixux
        

N.B. You can copy files to and from the system using scp or Secure FTP; implementations of SCP and SFTP are included with PuTTY and with SSH Secure Shell (see clients section for details).



2. Client software to access the Linux service

There are various ways in which you can access the Linux Service securely. These are outlined below and each method links to further information on how to setup and configure clients.

SSH Secure Shell Clients for Windows
There are several clients available for you to connect to the Linux Service:

N.B. Putty is a command line program that can be used to to access the Linux service on computers running Windows 95, 98, ME, NT, 2000, XP and Vista. You can download this from: http://mirror.ox.ac.uk/sites/www.chiark.greenend.org.uk/~sgtatham/putty/. For details on how to install and configure the program see: PuTTY command line client

The University has a site license for a commercial SSH Windows client, called SSH Secure Shell, which is available free of charge to members of the University. This can be downloaded from the OUCS registration service. The SSH Secure Shell client is particularly useful if you need to be able to transfer files and want a Windows-style program.

SSH Secure Shell Clients for MacIntosh
Mac OSX users have a choice of using the built-in Unix commands. For more information type man sftp from the Terminal screen. For more user-friendly interfaces there is:
  • Nifty Telnet: Free, but you need to use the 'classic' environment.

Where you just need to transfer files securely then the following programs are currently recommended:

Secure FTP Programs with guides available:

Other Programs

  • Transmit: Commercial software.
  • Interarchy: Commercial software. This is more of a webmaster tool than a quick end-user client.
.
Exceed
If you wish to use Exceed (an X terminal emulator) to access the service, again you will only be able to connect using secure methods. The most straight-forward way to do this is to obtain the Hummingbird Connectivity Security Pack, which is available on CD from the Computing Services Shop. To install the Hummingbird Connectivity Security Pack, Exceed version 7.1, 7.1.1 or 8.0 must already be installed on your computer. Note that the Security pack does not install any programs itself, but adds the ability to connect securely to some components of the Exceed suite of programs. Once you have installed the Security Pack, you can then configure Exceed.

See Exceed Configuration for more details.

Access from machines where you cannot install software
If you cannot find SSH software installed, it is possible to run PuTTY in situations where you cannot install programs, eg in an internet cafe. Start Internet Explorer or Opera (It doesn't work from Netcape) and visit putty.exe directly. If prompted, choose Open rather than download; putty should then start. Select ssh, type in linux.ox.ac.uk press Open and you are in.

A detailed catalogue of other implementations can be found at http://linuxmafia.com/ssh/.



3. Web filestore

New accounts have public_html and cgi symlinks automatically created when both web and shell accounts have been activated. These accounts can also be viewed on the web within 15 minutes of their creation.

For users with older accounts, you can still see your personal web pages and CGI scripts at /web/users/$USER. If you prefer to access web files via public_html in your home directory, you can use symbolic links to reproduce this behaviour. The command makeweblinks will do the trick for you.

Instructions on activation are given in the section on web space and addresses



4. Software installed

There are many software packages installed on the GNU/Linux system. See the Software Packages Listing for more details.



5. Printing

Department or college printers which are networked can be accessed using the rlpr (remote off-line print) package. For example, if the Wizardry Department had a printer called magic, you could print to it using the command

 $ rlpr -Hmagic.wizard.ox.ac.uk <filename> 

If you create a .rlprrc file in your home directory containing:

 magic.wizard.ox.ac.uk: magicone 
You could print to it using:
            $ rlpr -Pmagicone <filename> 
See the rlpr (1) and rlprrc (5) manual pages for full details, and consult your local IT support to see whether your local printer is networked and can be accessed in this way.



6. Frequently-asked questions

Is this Unix?
Informally, yes. Legally, no. This service is running Debian GNU/Linux, an open-source and free alternative to Unix. In practice, all the standard Unix commands and facilities behave identically under Linux.
Is there some temporary space for big files?
Yes, you can create files in $TMPDIR, but they are not guarenteed to still exist after you log out. This facility is for files you need during your current session, not for temporary storage over several days. Files will also be deleted when they get to be a week old, so their life time is per-session or 7 days, whichever is shortest. In summary, if you logout and login again, you cannot rely on the contents of the temporary directory still being there. Note also that the temporary directory depends on which node you log into; if you log in twice, you may not be on the same machine for both sessions.
What shells are available?
The default login shell is bash, the Bourne Again Shell. If you prefer to use C Shell, tcsh is available. To invoke this for a single session, type
exec tcsh
To set this as your default shell for future logins, use the web-based account management interface.
FTP doesn't seem to work - what can I do ?
FTP has two modes - active and passive. Due to the firewall in front of the linux server, active FTP doesn't work. Thus to use FTP you have to use passive mode, to do this run ftp -p or pftp
Can I print to a remote printer?
You can send print jobs to a remote lpd server (line printer daemon) using the rlpr command. See the rlpr manual page for full details and examples. Please contact your local IT support staff for information about printers and print servers in your college or department.