Security

We strongly recommend that you use only secure network connections to access your account(s) on remote machines. Many Stanford computers will not accept insecure connections over which your password travels unencrypted. Most Stanford computers accept ssh connections.

If you use a version of SSH that supports port forwarding, you can run X Windows applications securely on your computer.

Obtaining Secure Connection Software

Note that there are two SSH protocols: SSH1 and SSH2. The client programs below may support one or both of these. All of the systems in the Computer Science Department support SSH2, but many other Stanford systems do not. (The following programs are free, or have been licensed by Stanford for use by faculty, staff and students. There are commercial implementations of SSH that can be purchased.)

Windows

MacOS/Linux/UNIX

Note that MacOS, all Linux distributions,and many other UNIXes, come with OpenSSH, so you don't need to download additional software in order to use SSH, SCP, or SFTP.

  • OpenSSH, (SSH1 and SSH2) for Unix based systems.

Lab Specific Information

Special notes and lab-specific notes that you may need to know in order to connect to research systems within the department.

AI/Robotics Lab

  • From outside of the AI/Robotics network you can only ssh to robo.stanford.edu.
  • If you are associated with this lab, you can request more disk space by sending a request on http://support.cs.stanford.edu

Theory Lab

  • Please note that from outside of the Theory Lab network you can only ssh to theorylab.stanford.edu, cipher.stanford.edu, moa.stanford.edu.
  • If you are associated with this lab, you can request more disk space by sending a request on http://support.cs.stanford.edu

Frequently Asked Questions

Q. Is it possible to use RSA public keys to ssh into xenon? I've tried copying my RSA public key to my ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 files, but to no avail; ssh into xenon still prompts for regular password authentication. Is RSA authentication disabled in sshd? Or perhaps is there AFS acl setting that I'm missing?

A. No. Even if it were, you wouldn't have access to your files after logging into xenon without a password, because you need kerberos tickets to get AFS tokens which are necessary for file access. However, if you have a CS kerberos ticket on your originating host and are using an ssh with GSSAPI enabled, you should be able to ssh to xenon without a password.

Q. What are xenon's ssh key fingerprints?

A. They are:

RSA: f8:2c:1e:64:a7:8e:4a:fa:73:cd:3b:99:5f:84:ff:15
DSA: 02:02:c4:07:96:51:e8:e5:7b:3b:3c:de:40:63:aa:c4