Skip navigation to content

Restriction of terminal access to the ITS Unix servers

The changes described on this page are in response to the revolution in the relationship between large central computers (known as servers, and in our environment using the Unix operating system) and the computers we have on our desks (known as clients, most of which are either PCs running Windows or Macs). Years ago we used to do the bulk of our work on the servers, but most of us now work exclusively on our own client computers, and rely on the servers for "services" such as email, file-space, web-pages and so on.

All our computer users are assigned to one of a number of Unix servers, known for historical reasons as "village servers". These are called langs, bute, edge, psych, maths, pesto, purds and gatty. You are probably familiar with at least one of these names, because you use it as your mail server.

New Unix servers will be introduced in the early summer to replace some of our village servers. When this happens one of the services currently available on the village servers will be restricted. The service concerned is the "terminal access" service. It will not be withdrawn altogether, but it will no longer be available on the village servers and it will only be available if you have registered to use it.

If after reading the explanation on this page you decide that you still need terminal access, please send an email to the IT Service Desk giving your reasons.

These changes apply only to IT Services servers. Unix servers administered by academic schools and other units are not affected.

The changes introduced between April and June 2005

Your computer account gives you access to many different services. Most of these will be unchanged. The restriction described on this page relates only to terminal access.

  • Early April
    • A new server known as central was introduced. This will eventually be the only server which permits terminal access .
    • Only users who have been granted the privilege of using terminal access will be able to use the central server Terminal access on central will require a secure shell (SSH2) client. Insecure Telnet sessions will not be permitted.
    • To start a terminal session on central run your SSH client and give central as the hostname (central.st-andrews.ac.uk if you are outside St Andrews). Make sure the Port is 22.
    • The prompt on central at present shows the provisional name of the server ("squire").
    • For the time-being existing terminal access arrangements on the village servers will not be withdrawn .
  • Early June
    • New servers will be introduced to replace some of our current village servers .
    • At this point terminal access will be disabled on ALL our village servers (not only the new ones), and central will be the only server which will be available for terminal access .
    • This means that unless you have asked for and been granted it, you will lose the privilege of using terminal access on the IT Services Unix servers .
    • Access to the files in your home directory (your filespace on the network) will still be possible in the following ways:
      • In the "My documents" folder in the PC classrooms
      • Via the Internet using a File Trasnsfer (FTP) program
      • Mapping your home directory as a network drive in Windows
      • Those with terminal access on central will be able to access their home directory using the Unix command line
    • Some other changes in the manner of delivery of networked services will be introduced at the same time, and will be announced later.

Implications of the changes

Unix mail programs

If you wish to continue using a Unix mail program such as PINE you should apply to the IT Service Desk to have your terminal access privilege preserved. If you currently use a Unix mail program but would like to move over to using a mail program from your own desktop computer, see the section on email.

Using PINE:

If you use PINE on the central server you will need to make some changes to the configuration:

  • Login to central as yourself, then type setup pine and press Return.
  • Type pine and press Return to start the Pine program .
  • In the Pine Main menu type S (for Setup) and then C (for Configure) .
  • Select user-domain from the list. Press Return to edit the user domain.
  • Enter st-andrews.ac.uk. Press Return to commit the changeNow move the cursor down the list of settings to inbox-path (fifth setting from the top) and press Return. You will be prompted for the name of your Inbox server. Type the name of your home server (eg. langs) then press Return. You will now be prompted for the folder to use for your Inbox: Type /var/mail/xxx using your own username instead of xxx then press Return .
  • If you wish you can also select the nntp-server. Enter nntphost.st-andrews.ac.uk and press Return .
  • Press E to Exit and Y to save the configuration.
  • Press Q to Exit Pine.
  • Restart Pine to ensure the configuration changes are applied.

Your home directory and mailbox

Your home directory is your share of the networked file space, and it is located on your "home" server. After terminal access is withdrawn you will continue to have access to your home directory in the following ways:

  • In the PC classrooms your home directory appears as your "H" drive and as your "My Documents" folder. You can store documents there, and access them from any of the PC classrooms and residence computer rooms that are maintained by ITS.
  • Windows users on the University network can access their home directory as a virtual drive on their PC, using the "Map Network Drive" command .
  • You will continue to be able to transfer files to and from your home directory using a file transfer (FTP) program .
  • If you use Webmail (or any other IMAP mail client) your saved messages will be stored in mail folders in your home directory (usually in a sub-directory called "mail"). You can read these saved messages with Webmail; you can also organize them in mail folders, and delete them. Webmail also enables you to download messages to your own computer.

If you use a POP mail client such as Eudora or Outlook your use of email does not require access to your home directory.

Other common functions

Various account maintenance functions have previously depended on using terminal access to the Unix servers and then typing various Unix commands. These functions include checking your print and disk quota, setting up forwarding and the vacation mailer and managing secondary accounts and mailing lists. Many people also use the "ph" command to find out colleagues' contact details. All these common functions either have been or are about to be made possible via a series of web pages.

File sharing and web servers

These changes do not affect arrangements for filesharing using shared network drives. Nor do they affect the University's web servers, because terminal access to these has never been permitted.

Programs which only run on the Unix servers

A minority of users within the University depend on programs which run only on the Unix servers. These include programs which depend on the computing power of a particular Unix server, or which for historical reasons only work under Unix. If you depend on such a program, you should contact the IT Service Desk to have your right to terminal access preserved.

Note that we are only talking here about the Unix servers run by LIS. If you have your own departmental Unix servers the rules and regulations are not affected by our changes.

Some further questions

What is terminal access?

Terminal access means logging in to one of the servers and using command-line unix commands to do work on the server. This process is commonly described as "logging on with Telnet" or "logging on to your home server". Telnet is a terminal emulation protocol which, for many years, has been the commonest method of getting terminal access. To have terminal access you need a Telnet or Secure Shell program running on your own computer. This program is known as a Telnet or Secure Shell client. Some clients support both Telnet and Secure Shell, other support only Telnet. In future you will need a client that supports Secure Shell.

Amongst our users, the commonest use for terminal access is to l og on to your home server to use the PINE email program. There were also a numbe r of functions that required you to log on in this way, such as setting up the v acation mailer, checking your disk quota, changing your password and managing se condary accounts. There are now other ways of doing these things.

What is Secure Shell?

A terminal session with a Secure Shell program looks and behaves much as a Telnet session, but the exchanges between the client and the server are encrypted to protect your password and other data. There is a Telnet client program that comes as part of the Windows operating system, and numerous other Telnet and Secure Shell programs. The Windows Telnet client does not support Secure Shell.

In addition to restricting the use of terminal access, we shall also disable all Telnet access. If you need terminal access to the ITS servers, you will need to use a Secure Shell program.

What is the reason for this change?

Security. By restricting the number of accounts that give their owners terminal access we reduce the potential for hackers to get access to our systems. Up until now the majority of our users had terminal access but never or hardly ever made use of it. If an account password was discovered by a hacker the account could be used to disguise the hacker's work, and the owner of the account might never know until the consequences were laid at his or her door. After the change, this dangerous privilege will be restricted to those users who need it and will use it regularly. It is therefore much less likely to be misused by hackers. Some people would say that the question to ask is not why we are introducing the change now, but why we did not introduce it several years ago.

Who will be permitted to retain the privilege of terminal access?

Only those with a valid reason for keeping it. If there is something that you need to do in connection with your work and which depends on terminal access, there is no problem about your retaining it. We have no wish to prevent people from doing their work. We will not permit people to retain the privilege just on the off-chance that they might need it in the future. If a future need arises the privilege can be restored.

What must I do in order to retain the privilege of terminal access?

Send an email to the IT Service Desk explaining why you need it. You do not need to go into very great detail, but we would like you to tell us something a bit more explicit than just that you need it because you have always had it. If you contact the IT Service Desk before the date of the change (early October) the privilege will not be withdrawn. If you miss the deadline, the privilege can easily be restored. In addition you will need to start using a secure shell client (if you have not already done so) since access using Telnet will no longer work for anyone.

I use a Unix mail client (such as PINE). Is this a valid reason for retaining terminal access

Yes. If you are happy using PINE, or any other mail program on the Unix systems, we have no wish to disturb your contentment. However, we would ask you to consider your reasons for preferring a Unix mail program. There are many different reasons, some good and some bad. For example, if your only reason for preferring a Unix mail client is that it enables you to read your mail in more than one location, there are alternative ways of achieving this, which some people might prefer. For example you could use Webmail when you are away from your usual base in the University, or there are ways of using a mail client such as Eudora or Outlook from more than ond location.

How can I administer my secondary accounts and mailing lists without terminal access?

On-line forms will be available enabling you to administer secondary accounts and mailing lists. The current methods will not work, even for those who retain the privilege of terminal access.

How can I find out my print and disk quotas without terminal access?

Users of Webmail can check their disk and print quotas by clicking the "Info" button on the Webmail tool bar.

How can I set up forwarding, the vacation mailer and mail filters without terminal access?

There are web pages which enable you to set up forwarding, the vacation mailer and simple junk mail filters based on the Mailscanner spam-flag. Existing command-line methods will remain in force for those who retain terminal access, but use of these methods will not, in itself, be considered a valid reason for retaining the privilege of terminal access. If you have your own customised mail filters using procmail, and if these cannot be reproduced using our web pages, you will need to retain the privilege of terminal access in order to maintain them.

How can I access the files in my home directory?

In the PC classrooms your home directory (that is, the part of the network file store which is allocated to you) is accessible as the H drive, and the "My documents" icon on the classroom desktop also points to your home directory. You can save files in your home directory just as though it were a disk drive on the PC. From elsewhere you can access the files in your home directory using a File Transfer (FTP) program. File Transfer programs enable you to copy files to and from your home directory, delete or rename files on your home directory, and some such programs also allow you to edit files on-line and change the Unix file permissions.

Are X terminal sessions affected?

Yes. If you use an X terminal program such as eXceed you will need to apply for terminal access.

Quick answers

See if your question is answered in our quick answers.

Contact the IT Service Desk

w: online enquiry form
e: itservicedesk@st-andrews.ac.uk
t: (01334 46) 3333

Level 2
University Library
North Street
St Andrews
Fife KY16 9TR

Open Monday to Friday
Termtime: 08:45 - 18:00
Vacations: 09:00 - 18:00

Twitter iconLatest updates

  •  

Follow us on Twitter