fsu seal Florida State University
Systems - Webmail - Web Support - UCS Home




UCS > Systems

Website Info
Building a site
  Intro to FSU's web
Publishing your page



Documentation
An Introduction to
  Email Use

 




     


University Computing Services

An Introduction to SSH
Got Spam??!
Fight Back!
Filtering spam on the client side, and good policies can help. End-users can take control by learning to set up their own filters or installing anti-spam software.

First, let's get a few frequently asked questions out of the way... then, onto troubleshooting...

What is SSH and why would I want it?
SSH is Secure SHell Software. SSH software is used to encrypt terminal sessions. It will help you secure your terminal emulation sessions (unsecured Telnet will no longer be supported), your FTP sessions, now sFTP, and your Email as well as encrypting your passwords.

All FSU account holders reading FSU email via IMAP and POP on garnet and mailer and those using interactive access via Telnet and file transfer via FTP will do so only via secured software. (Note this does not affect admin.fsu.edu or webmail in any way.)
- You can get your copy of SSH software at FSU User Services Software Licensing.
- For more information about SSH software, see the SSH website at: http://www.ssh.com/products/ssh/index.cfm.

I want to TELNET and FTP files to my garnet account, how do I do that using SSH?
You will want to get the SSH software from FSU User Services Software Licensing. Install the software and use it to sFTP. Telnet will no longer be available, however SSH provides the same terminal emulation interface. For documentation on how to use SSH, go to http://www.ssh.com/products/ssh/documentation.cfm

I have a Mac and want to sFTP, what software should I use?
Mac users can use MacSFTP. Additional information specific to MacSFTP can be found at: www.macssh.com.
To accommodate Mac users, UCS has purchased a limited number of licenses for MacSFTP to be distributed by User Services Software Licensing. This is not a campus-wide, 'site-licensed' product, availability is limited to those members of the FSU community who have the needs specific to this type of program. This software is only needed by those who have been using a Mac to TELNET or FTP to garnet or mailer. The webpage for MacSFTP is located at: http://sl.us.fsu.edu/.

I want to answer my EMAIL and I know I need to configure it to the new secured settings, how do I do that?
Simply follow the instructions to reconfigure your EMAIL client (Netscape, Microsoft Outlook or Eudora) to secure your email. Be sure to change your buffer size, if you are using Eudora.   If you use an email client other than those mentioned, it will be your responsibility to find a suitable secured replacement. Remember, Webmail is not affected by this security change. Also, you will still be able to send messages TO FSU email accounts without SSL**. SSL is only required to download mail via POP/IMAP.

What is tunneling, and why would I want it?
If you are not using SSH software for terminal emulation or sFTP, but you are using FTP client software (WS-FTP, DreamWeaver, ColdFusion, etc.), you will need to 'tunnel' to secure your information, and in some cases, to have access to FSU resources requiring SSH. To learn how to tunnel, please call the FSU Technology Services Help Desk at (850) 644-HELP (644-4357).

Can I convert to Secure Shell now?
YES. All secure protocol services are available now. So converting sooner, rather
than later, is preferred.


Next, it is very important that you read the following BEFORE you begin...

When converting from insecure POP to secure POP/IMAP, the method of determining the status of messages changes. Specifically all messages in the server side inbox will be read as new and downloaded a second time to your client. If you have 'leave mail on server' checked on your client and no expire time or a very long expire time, you may have a very large number of messages (up to thousands) in the inbox. We recommend that before you switch, you check your inbox with Pine or ELM via telnet or SSH to delete unnecessary messages. Alternately you may uncheck 'leave mail on server' and then download at least one new message before making the switch. Note: this will delete all read messages from the server.



Troubleshooting Eudora - I have downloaded Eudora 5.x and am trying to use it with the new, secure, instructions. The error message is:
Error reading from network Cause: Eudora got tired of waiting for the server. [10100]  Zero messages downloaded.
Now what?
You need to install Eudora 5.1.0 or higher and change settings within the program.
Some users have experienced trouble downloading mail with the Eudora version of Secure POP. There is one possible fix. Go to Eudora's advanced network configuration menu and increase the network buffer size to 8192. If this doesn't help then we recommend using the IMAP protocol rather than POP.
IMAP has more features and is the recommended protocol to use if you plan to read your mail on more than one computer in any case. *IF* you do switch from IMAP to POP - be aware that your interface will change as well.

Do not switch your smtp server setting to SSL. We do not support SSL for the smtp server.
** SSL, Secure Socket Layer, is a secured protocol for both email and web clients.

Troubleshooting Eudora - "SSL Negotiation Failed. You have configured this personality/protocol to reject any exhange key lengths below 0. But the negotiated key length is -1. Hence this established secure channel is unacceptable. Connection will be dropped. Cause: (-6992)."
In Eudora, you'll need to go: Tools / Options / Checking Mail / Last SSL Info /
Certificate Information Manager / Import Certificate (and) Add To Trusted
/ Done / OK / OK
Also... Tools / Options / Advanced Network /
Network open timeout (30) seconds
Network timeout after (30) seconds
Network buffer size of (16384) bytes
(although some people are using/recommending 8192)
...Nolenet help info from Joe Ryan, MARTECH
Also remember, if you are connecting to admin.fsu.edu rather that garnet.acns.fsu.edu or mailer.fsu.edu you do not need to change to SSL for that personality/account.

Bad Certificate - My computer is unable to receive email due to a bad certificate being passed from garnet. This is temporarily fixed by adding the certificate to the User Trusted folder in Eudora. However, this only remains until the machine is rebooted.
The bad certificate is actually the root CA certificate on the client computer.
The culprit is usually an old version (pre y2k) of either IE or netscape
that contains an old invalid root CA certificate from Verisign. Upgrading the browser is usually the easiest fix. One could also remove the bad CA and download the latest from Verisign.

Bad Certificate Troubleshooting Eudora - "SSL negotiation failed: certificate bad: Destination hostname does not match host name in certificate cause -6984" when trying to receive pop mail.
Be sure the incoming server, if using mailer, is mailer.fsu.edu, not mailer.acns.fsu.edu.
Also, go to Tools / Options / Checking Mail / [Last SSL Info]
/ Certificate Information Manager (CIM)
At the top you should have a local Server Certificate and User Trusted Certificate.
Select each and [Remove from Trusted]. That will clear your local list, then [Done] [OK] [OK].
Try downloading mail again. An error will occur since the new certificate you're downloading isn't trusted.
Just go back to the CIM and [Import Certificate] and [Add to Trusted].
...Nolenet help info from Joe Ryan, MARTECH

Troubleshooting Eudora - I installed a relatively new version of Eudora on my home PC a few weeks ago. It is version 5.0.0.25.  Nonetheless, although I've still been able to connect via SSH software (also updated about the same time), Eudora seems to have stopped working. The error message I get when I attempt to connect to the garnet server is something about the connection being refused by foreign host.
You need to install Eudora 5.1.0 or higher and change settings within the
program.
You can get the latest version of Eudora from the User Services Site
Licensing web site at http://sl.us.fsu.edu or you can
download an updater from http://www.eudora.com.
You can see how to change your settings at
http://helpdesk.fsu.edu/email/clients.cfm

Other useful links:
Math Department
Biology Department
Computer Science Department

If you need additional help, contact the User Services Helpdesk at (850) 644-HELP (644-4357).
© University Computing Services, Office of Technology Integration 200 Sliger Building, 2035 East Paul Dirac Drive
Florida State University, Tallahassee, FL 32306 | 850/644-2591
Comments & broken link reports to webmaster