CHAPTER 9: COMMUNICATIONS
back to the Computing Guide Contents

This chapter covers modes of communication between computers, and includes information in such areas as transferring files from one machine to another, sending commands from one machine to be executed on another, allowing remote logins from other machines, and logging onto our computing network remotely and security restrictions. The following areas will be explained:

9.1 TCP/IP

9.1.1 The telnet Facility

The telnet facility allows you to connect directly to other computers on the Internet for which you have a logon. 
        Syntax:    telnet host.domain
To access a system within MMM from within the MMM local area network (LAN), only the host portion of the address is needed. For other systems within NCAR, you must specify the host and the subnet portion of the domain name, for example, 
         telnet stout.atd
For systems outside of NCAR, the full domain name is required.

Once a connection is made, you will be prompted for your login and password. To end the telnet session, log off the remote machine. If your telnet connection becomes hung, CTRL ] usually breaks the telnet connection.

9.1.2 The ftp Facility

ftp stands for File Transfer Protocol. It allows you to get files from and put files on remote machines. Starting up an ftp session is similar to starting a telnet session. Because of the security perimeter in place at UCAR/NCAR, the standard Unix ftp utility on SGI, Sun and Compaq Alpha will only work for hosts inside the security perimeter. To access systems outside the perimeter, use ftp.pl. On systems running the Linux operating system, this is not required as the ftp utility on these systems has passive mode built in. 
        

Syntax: ftp host.domain
To ftp to an MMM system, only the host portion of the address is necessary. For all other UCAR/NCAR systems, you must enter both the host and domain. In general, before initiating ftp, it is a good idea to change to the directory on your local machine (using the cd command) to which you will transfer the files. After you are connected, enter your login and password. When logging into an anonymous ftp site the login is generally anonymous and the password is your full email address (i.e., user@ucar.edu). Unlike telnet, only a limited number of Unix commands are available during an ftp session on a remote host. For a list of available commands, enter help at the ftp prompt. Note that ftp logs into the home directory on the remote machine. Use the cd command to change to the required directory prior to executing the get command by entering 
         ftp> cd directory
The most basic ftp commands are get and put. To get a source code file, the syntax is 
        ftp> get remote_file [local_file]
where remote_file is the file you want to get. The local_file parameter is optional. If not specified, the file will be put on your local machine with the same name as remote_file. 
         ftp> cd directory
To transfer a binary file, such as a graphics metacode file or a tar file, you must specify binary prior to the file transfer by entering 
        ftp binary 
To put a file on the remote host, use the put command by entering 
        ftp> put local_file [remote_file]
To retrieve a file from a remote host use the get command 
        ftp get remote_file
To return to ASCII mode, enter 
        ftp> ascii
To transfer multiple files at once, use the mput and mget commands. With these commands, you can use wild cards (asterisks) in the filename specification. ftp asks you to confirm the transfer of each file. To use these commands, enter 
        ftp> mget file_specification
or 
        ftp> mput file_specification
An example of using wildcards is 
        ftp> mget *.f
This command gets all FORTRAN source code files from the current directory. Note that to avoid having ftp query for each file during an mget or mput operation, you must initiate the ftp session with the -i option by entering 
        ftp -i host.domain
To exit from ftp, enter 
        ftp> quit

9.1.2.1 Outgoing ftp - ftp.pl

A reliable mechanism for transferring files outside the security perimeter is using the ftp module provided in a recent release of PERL 5.004 that supports passive mode. It can be used from the command line using a Perl script, ftp.pl, or in batch mode from a PERL script. A PERL script, ftp.pl, was written to provide an interactive ftp with a minimal number of commands. Once a user is logged-in the script sets the transfer mode to binary and sets passive mode on. At this time, only the following commands are supported: In the future additional commands will be added as needed.

The following text illustrates the use of ftp.pl. You will first need to set the environment variable

     setenv FTP_PASSIVE 1

     joshua>ftp.pl ftp.cis.ohio-state.edu
     www.cis.ohio-state.edu FTP server (Version wu-2.4.2-academ[BETA-15](1)
     Tue Apr 14 09:10:07 EDT 1998) ready.
     Name: anonymous
     Password:
     Hello [unknown]@joshua.mmm.ucar.edu.

This is the anonymous FTP archive of the Computer and Information Science Department at the Ohio State University.

     Guest login ok, access restrictions apply.
     Entering binary mode, Type set to I.
     Try passive mode, Entering Passive Mode (164,107,115,3,212,185)

     ftp> cd /pub/gnu
     Please read the file README
     it was last modified on Tue Jul 9 00:00:00 1996 - 839 days ago

     ftp> get README
     Opening BINARY mode data connection for README (1435 bytes).
     Transfer complete.

     ftp> quit

The following is an example of a PERL script that connects to an anonymous FTP site outside UCAR/NCAR and gets a file.

     #!/usr/local/bin/perl
     #
         use Net::FTP;

         $ftp = Net::FTP->new("ftp.cis.ohio-state.edu");
         $ftp->login("anonymous","");
         $ftp->pasv ;
         $ftp->cwd("/pub/gnu");
         &ftp->get("README");
         $ftp->quit;
     #

9.1.2.2 SCD's FTP server

SCD's DSG group operates a general-use ftp server at ftp.ucar.edu. Accounts on this machine may be obtained by filing a request via SCD's Extraview Work Request System. If you do not have access to Extraview, you may place a request by calling Operations at x1200.

Two types of accounts are used on this system:

Please note that there is no anonymous upload of files to this system. For security reasons, that service cannot be offered.

9.1.3 The rcp Facility

The rcp (remote copy) utility copies files from one machine to another without requiring the user to log onto the other machine. It accomplishes the same task as ftp, but does not require password verification, and can therefore be placed in scripts for automatic copying. To perform this operation, you need an .rhosts file in your login directories on both systems. These files are discussed later in this chapter. rcp operations can be performed in either direction. 

        Syntax: rcp local_file user@host:remote_file

                         OR 

        Syntax: rcp user@host:remote_file local_file
In the following example, the file sample.txt is copied from the user's current machine to another system within the division. 
        rcp sample.txt jones@walnut:/usr/tmp/jones/sample.txt
Unlike ftp, you do not need to specify binary for the transfer of these files.

9.1.4 The rsh Facility

The rsh (remote shell) facility allows you to execute commands on another machine without logging on. Almost any command that does not require a response can be executed with rsh. Like rcp, rsh uses the .rhosts file for permissions. 
       Syntax:rsh remote_host -l username -n " command ; command . . . "
For example, to check who is logged on to the system service14, enter 
       rsh service14 who
You can execute multiple commands with one rsh command. Commands must be separated by a semi-colon. To check system load and who is logged on to service14 enter 
 rsh service14 uptime;who

9.1.5 The .rhosts File

For the rcp and rsh commands to work, you must have a special permissions file, called an .rhosts file, in the login directory on each remote machine that you want to copy to or from. The file contains a list of machine and username pairs that are allowed access to your account. The format of each line in the file is 
        host.domain   username
Note that different systems do not require the domain portion of the address and, in fact, will not work properly if this is specified. In our environment, the Sun systems require the domain portion of the address, but the DEC systems do not.  It is useful to put double entries in your .rhosts file to cover both scenarios.  For example, 
         laurel                 jones
         laurel.mmm.ucar.edu    jones
In addition, the username given must be that on the specified host. For instance if you specify blackforest in the .rhosts file and your username on blackforest is different than in MMM, you must specify your blackforest username.

The following are lines from an .rhosts file for the MMM user, jones, who has an SCD login name of bjones. 


blackforest            bjones
blackforest.ucar.edu   bjones
fir                    jones
walnut                 jones
Note that blackforest is a special case and requires both entries in your .rhosts file.

Note that anyone given access to your account through an entry in your .rhosts file obtains full access and permissions to your entire account. It is strongly recommended that you do not provide other users with this type of access to your account. In addition, an .rhosts file opens the door for security breaches. You should always keep this file protected so that only you have permission to read or write it. Use the following command to set protections on this file. 

        chmod 600 .rhosts
If the file is left writable by others, anyone can add themselves and obtain read and write access to all your files. The danger in leaving it readable is far less, but still exists. Because passwords are not required for rcp, it is less secure than ftp. You must weigh the convenience that this utility offers with the security risks it brings and decide for yourself.

On-line Information


Return to top of page

9.2 Modem Access

9.2.1 Remote Access Server

The Scientific Computing Division has enhanced dial-up access to UCAR/NCAR networks with the addition of a CISCO AS5200 Remote Access Server (RAS). The RAS is connected to 46 telephone lines. The lines support speeds up to 56k, and can support ISDN access.

Getting a RAS Account

To use the new RAS, you must get a RAS account. This can be done at the following URL:

http://www.scd.ucar.edu/cpg/ras/

For instructions on setting up your home system for RAS access check the following URLs.

http://www.scd.ucar.edu/docs/dialup/

http://www.mmm.ucar.edu/computing/doc/winguide/ch_6/ras_main.htm

If you experience modem problems, submit an assist request and provide the following information:

9.2.2 Toll-Free Number for Accessing the Remote Access Server

If you are outside the local calling area, you can use the 1-800-303-6227 number for accessing the Remote Access Server. The division is charged for usage of the 800 number, so use it judiciously. Additionally, you can be set up with access to the AT&T Globalnet, which will provide you with a local number to dial where you are visiting. Submit an assist request.

9.2.3 International Access

If you will be on international business travel, and will not have local internet connectivity at the site you will be visiting, submit an assist request and the systems staff can set you up with access to the AT&T Globalnet, which will provide you with a local number to dial where you are visiting.

Return to top of page

9.3 Internet

The Internet consists of a vast number of machines connected to a network that complies with the Internet protocol. These systems range from high-end supercomputers to personal computers, and are connected via high-speed transmission links, such as an OC3 (155mbps) to 9600bps links on the low end. Numerous gateway systems handle transmission of data between the various Internet networks. An ever increasing amount of information floods the Internet, and is available through various tools such as ftp, telnet, and Web browsers, to name a few.

9.3.1 Security Perimeter

With the exponential increase of systems on the Internet over the last few years, UCAR/NCAR has implemented a security perimeter to reduce the vulnerability to security breaches. The Computer Security Advisory Committee provides recommendations to the Information Technology Council for computer security. This perimeter prevents direct access to systems inside the security perimeter. Anyone requiring access to our systems from outside must have authorization to log in through a gateway machine. Although the perimeter does provide a first level of protection to internal systems, it is not foolproof. It also makes data transfer across the perimeter more cumbersome.

9.3.2 Security Gateway

In order to get to the MMM systems from the outside you have to go through the gateway machine. To request a gateway account submit an assist request. Once you are authorized on the gateway system you will need to change your password. 

telnet gate.ucar.edu
Username: jones
Password: today.tmp
ucar-telnet-proxy(? for help)> password
(This is a command not your password)
Changing passwords
Enter Username:  (your username)
Old Password:
New Password:
Repeat New Password:
ucar-telnet-proxy (? for help)>

Once logged on to the gateway you can telnet to any internal system. You will need to specify the full domain.

9.3.3  X-Proxy Through the Security Gateway

In order to display X Window applications to your local system from a system outside the security perimeter you will need to proxy X through the gateway system. The following URL provides details.

X-Proxy through the Security Gateway

9.3.4 Using Secure Shell (SSH)

Secure Shell (SSH) is a set of commands that allows you to make secure connections to other systems. For complete details, see the SCD URL.

Getting Started with SSH at NCAR

In addition, there is free software available for the Windows systems that provides secure shell connectivity. They are putty which provides connectivity to other systems and pscp which provides file transfer capability. Copies of these executables are available on the Unix systems. 

/usr/common/tar/putty.exe
/usr/common/tar/pscp.exe
Be sure to use binary mode when transferring these files to your Windows system.

9.3.5 Virtual Private Networks

9.3.6 Wireless Network

There is a Wireless Network available in most conference rooms at NCAR/UCAR.

For more information regarding the wireless network, please see the helpful documentation that SCD provides:

Getting Online with UCAR Wireless
(this page is internal and will prompt you for your gatekeeper (or timecard) username and password.)

RAP has some documentation also. This documentation mentions to contact the RAP Helpdesk if you have questions; instead contact your MMM system administrator (documentation provided by Carol Nicolaidis).

Wireless Network Access at UCAR

The division laptops (which are available for MMM staff to borrow) have been set up for their wireless cards. Laptops along with their wireless cards can be reserved using the web page: http://www.mmm.ucar.edu/local/stafftools/resources.html

If you would like to purchase a wireless card for you laptop, please submit a request through the assist utility and include an account key.

Return to top of page

9.4 Using XWindows from Home PC's

Exceed for Home Use

The Hummingbird Exceed software allows you to access X Window applications on UNIX workstations from a Microsoft Windows based system.

To take advantage of our pricing agreement, you can purchase Hummingbird Exceed directly from Hummingbird with your personal credit card. To do so, contact Colleen Doanne at Hummingbird. Her phone number is 650-917-2836. Please reference Volume License Number 95736-000. Cost of the software does change, but currently software and maintenance is around $130-170.

UCAR or project funds may not be used to purchase software for personal home systems.

These instructions, which are pertinent to Exceed 7.1, will describe how to:

Install Exceed

You need approximately 78 MB of free disk space to perform the installation. If you are installing on a Windows NT, 2000, or XP system then you must be logged in as Administrator to install the software.

Insert the Exceed CD-ROM. If Autoplay is enabled on your CD-ROM drive, the setup program will automatically open. If Autoplay is disabled on your CD-ROM, then open My Computer, right-click on your CD-ROM drive, and select Autoplay.

The installation program will begin, click on Install Exceed.

Select Personal Installation as the Installation Type.

The installation will prompt for the language, the default is English. Make sure English is selected and click on OK to continue.

The Setup Wizard window will appear. Click on Next to continue.

The License Agreement window will appear. Read through the agreement, select I accept the terms in the License Agreement, and click on Next.

When the Customer Information window appears, enter your name in the User Name field and click on Next.

It will prompt you for the Destination Folder where Exceed will be installed. You can accept the defaults. If you wish to change the destination folder, click on Change and select the folder where you want the installation to reside.

If you have plenty of disk space (it is recommended that you have at least 78 MB), then I suggest that you install the Complete installation. If you are short on disk space, select Typical.

Click on Install to start the installation process.

When you are prompted for the Keyboard file to be used, accept the default which is us.kbf.

When prompted for the Xconfig Password, click on Skip.

The X server tune-up window will be displayed next. Click on Next to run the tune-up. During this period, images will be displayed on your screen. Please be patient, it can take between 3 and 8 minutes to complete.

When the installation program is finished, click on Finish. Then you will be prompted to reboot your system.

After you reboot your system, You will see two icons on your desktop labeled Hummingbird Connectivity V7.1 and Hummingbird Neighborhood. Follow the instructions in the next section to configure Exceed.

Configure Exceed to connect to a UNIX workstation using X Windows

These instructions will step you through creating connections to the MMM UNIX systems.

Open the Xstart utility. This can be done by clicking on Start, Programs, Hummingbird Connectivity V7.1, Exceed, then Xstart.

Once Xstart is launched, you will see the following window. This is where you will enter necessary information to connect to the UNIX systems.

  1. In the top left area, it is labeled Start Method.
  2. Enter your UNIX username in the User ID field.
  3. Enter the host that you wish to connect to in the Host field. Be sure to include the mmm.ucar.edu domain name with the host's name. (i.e. service01.mmm.ucar.edu instead of just service01).
  4. Select the Host Type from the pull down menu. UNIX hosts in MMM are:
  5. In the Command field, you would type the xterm command and its options. The Sun systems differ from the other systems, so please use the correct command listed below:
  6. Under the Command field, select Login Info for the Prompt field. This will help you change your display option if you are using VPN.
  7. After you have entered the necessary information, select Save As under the File menu. Select where you would like to save the file. If you save the icons on the desktop, then you can double-click on the icons to connect to the UNIX systems. Enter a descriptive name such as the name of the machine that you are connecting to.

Below is an example screen shot of the Xstart for the DEC systems:

To connect to a MMM UNIX workstation via Exceed, you must first be on the NCAR network. There are two ways to connect to the NCAR network:

  1. Use the NCAR RAS dialup
  2. Use a commercial Internet Service Provider (ISP) (such as AT&T Broadband) and install Virtual Private Network (VPN)

If you are using the NCAR RAS, then connect to the RAS and double click on the icons that you saved to your desktop. The following window will be displayed. Enter you password in the password field and click on OK. Depending on the network speed, it may take a while for the xterm window to appear.

 

If you are using a commercial ISP and VPN, follow the instructions below for extra configuration steps. For instructions on installing and configuring VPN, please see: Virtual Private Network (VPN) at NCAR.

Configure Exceed if you are using Virtual Private Network (VPN)

You must connect to your ISP and launch VPN before you can connect to the UNIX systems via Exceed.

After you connect to the VPN, then your network address of your PC will change to allow you to gain access to NCAR resources. Because of this, the -display @d option will no longer work. You need to find out what your new network address is and change the -display option. It's not as hard as it sounds.

To find out what your new network address is, put your mouse over the VPN padlock icon that will appear in your taskbar when it is running. Right-click on it and select Status. The following window will appear:

What you want to notice is the last set of number of the Client IP address information. In this example, it's 129.

Click on OK to close this window.

Double-click on the xstart icon that you created in the previous section. The following window will appear:

Enter your UNIX password and edit the command by removing the @d and replacing it with vpnXXX.ucar.edu:0.0

Where XXX is the number that you noted in the previous step (in this example, it's 129).

Be sure to remember to enter your password. Now, click on OK to connect to the UNIX system. Depending on the network speed, it may take a while for the xterm window to appear.


Return to top of page

9.5 MMM Home Page

MMM maintains its own home page on the World Wide Web. If you want to add information to be accessed through the MMM Home Page you need to use the template located in /usr/local/skel/. Information made available on the web server should be directly related to the scientific mission of the MMM Division. Staff must receive approval from their respective group head before any information is made available on line.
Return to top of page
Copyright © UCAR 1998 - Disclaimer - mmminfo@ncar.ucar.edu
Last Modified: 1 December 2002