IT Services provides a general-purpose computer running Debian GNU/Linux. This service is available to University members who have an Oxford account. However, people with card holder and virtual access University card status do not qualify for the Linux service.
The service is accessed using your Oxford username and password on secure login to
linux.ox.ac.uk. A wide range of software is provided, but does not include any commercial programs. There is no mail delivery to the system, but mail clients like
mutt can be used to talk to Nexus. Personal web filestore can be accessed.
Before using a linux.ox.ac.uk account for the first time, it needs to be activated. To do this, visit the web-based account management interface and choose
Activate shell account.
1. Security and the Linux service
For security reasons it is not possible to use telnet and standard ftp to access the Linux service. Instead you must use secure access, which ensures that traffic (especially passwords) is encrypted. Client programs are available for most computer platforms and installation and use of some of them is described in the client section.
Please note that following a security advisory regarding a weakness in cryptographic key generation issued on 13th May 2008, the SSH keys and therefore the key fingerprints were changed. You may need to explicitly permit your ssh client to connect to the ssh server after verifying the fingerprints. When accessing the shell service, you should verify the SSH fingerprints presented by your client against the following:
RSA 2048 12:05:75:ee:73:a7:6d:3d:27:f3:fd:32:c7:5d:9b:09 DSA 1024 83:62:92:01:52:c6:d1:ed:f4:99:40:6a:e8:2f:95:e2
or if you are using a more recent ssh client that makes use of SHA256 encoded fingerprints (note, some clients drop the "=" padding character off the end):
RSA SHA256:G8QGcbMPZeksSgQT+5Yy9/M1Kdlz4l/dm5K93xix5JQ= DSA SHA256:sgU76LVV6zX0XSw9uKK2Q5fpmW1U1IZWIwlJDN1bjr8=
or if you are using the commercial SSH client:
RSA 2048 xuden-sisas-kidum-dikul-socol-lepiv-gutyn-kizob-darif-zuset-tuxux DSA 1024 xenar-parit-lebud-bihyg-dopof-tudad-saryv-capal-kinug-musup-vixux
N.B. You can copy files to and from the system using
Secure FTP; implementations of SCP and SFTP are included with PuTTY and with SSH Secure Shell (see clients section for details).
2. Client software to access the Linux service
There are various ways in which you can access the Linux Service securely. These are outlined below and each method links to further information on how to setup and configure clients.
- SSH Secure Shell Clients for Windows
There are several clients available for you to connect to the Linux Service:
N.B. Putty is a command line program that can be used to to access the Linux service on computers running Windows. You can download this from: http://mirror.ox.ac.uk/sites/www.chiark.greenend.org.uk/~sgtatham/putty/. For details on how to install and configure the program see: PuTTY command line client
The University has a site license for a commercial SSH Windows client, called SSH Secure Shell, which is available free of charge to members of the University. This can be downloaded from the OUCS registration service. The SSH Secure Shell client is particularly useful if you need to be able to transfer files and want a Windows-style program.
- SSH Secure Shell Clients for MacIntosh
Mac OSX users have a choice of using the built-in Unix commands. For more information type
man sftpfrom the Terminal screen. For more user-friendly interfaces there is:
- Nifty Telnet: Free, but you need to use the 'classic' environment.
Where you just need to transfer files securely then the following programs are currently recommended:
Secure FTP Programs with guides available:
- Transmit: Commercial software.
- Interarchy: Commercial software. This is more of a webmaster tool than a quick end-user client.
If you wish to use Exceed (an X terminal emulator) to access the service, again you will only be able to connect using secure methods. The most straight-forward way to do this is to obtain the Hummingbird Connectivity Security Pack, which is available on CD from the Computing Services Shop. To install the Hummingbird Connectivity Security Pack, Exceed version 7.1, 7.1.1 or 8.0 must already be installed on your computer. Note that the Security pack does not install any programs itself, but adds the ability to connect securely to some components of the Exceed suite of programs. Once you have installed the Security Pack, you can then configure Exceed.
See Exceed Configuration for more details.
- Access from machines where you cannot install software
If you cannot find SSH software installed, it is possible to run
PuTTYin situations where you cannot install programs, eg in an internet cafe. Start Internet Explorer or Opera (It doesn't work from Netcape) and visit putty.exe directly. If prompted, choose
Openrather than download; putty should then start. Select
ssh, type in
Openand you are in.
A detailed catalogue of other implementations can be found at http://linuxmafia.com/ssh/.
3. Web filestore
New accounts have
cgi symlinks automatically created when both web and shell accounts have been activated. These accounts can also be viewed on the web within 15 minutes of their creation.
For users with older accounts, you can still see your personal web pages and CGI scripts at
/web/users/$USER. If you prefer to access web files via
public_html in your home directory, you can use symbolic links to reproduce this behaviour. The command
makeweblinks will do the trick for you.
Instructions on activation are given in the section on web space and addresses
4. Software installed
There are many software packages installed on the GNU/Linux system. See the Software Packages Listing for more details.
Department or college printers which are networked can be accessed using the
rlpr (remote off-line print) package. For example, if the Wizardry Department had a printer called magic, you could print to it using the command
$ rlpr -Hmagic.wizard.ox.ac.uk <filename>
If you create a
.rlprrc file in your home directory containing:
You could print to it using:
$ rlpr -Pmagicone <filename>
rlpr (1) and
rlprrc (5) manual pages for full details, and consult your local IT support to see whether your local printer is networked and can be accessed in this way.
6. Frequently-asked questions
- How do I copy files from another machine?
You can use the
scpprogram to push or pull files to and from machines. For instance, to copy a file
myfile.txtfrom a machine called rabbit.physics.ox.ac.uk, log into linux.ox.ac.uk and type
scp rabbit.physics.ox.ac.uk:myfile.txt myfile.txt
You will be asked for your password, and then
myfile.txtwill be placed in your current directory. You can copy an entire directory and all its contents (including subdirectories) with appropriate options to
scp. Thus to copy all of the directory
Workfilesfrom rabbit, type
scp -p -r rabbit.physics.ox.ac.uk:Workfiles Workfiles
scpto preserve the datestamp on files).
- Is this Unix?
- Informally, yes. Legally, no. This service is running Debian GNU/Linux, an open-source and free alternative to Unix. In practice, all the standard Unix commands and facilities behave identically under Linux.
- How do I find out my quota?
command on the system. This will show you your quota for both the GNU/Linux service and your personal web space. The quota for the latter can also be checked at https://register.it.ox.ac.uk/accman/web/.
- Is there some temporary space for big files?
Yes, you can create files in
$TMPDIR, but they are not guarenteed to still exist after you log out. This facility is for files you need during your current session, not for temporary storage over several days. Files will also be deleted when they get to be a week old, so their life time is per-session or 7 days, whichever is shortest. In summary, if you logout and login again, you cannot rely on the contents of the temporary directory still being there. Note also that the temporary directory depends on which node you log into; if you log in twice, you may not be on the same machine for both sessions.
- What shells are available?
The default login shell is
bash, the Bourne Again Shell. If you prefer to use C Shell,
tcshis available. To invoke this for a single session, type
To set this as your default shell for future logins, use the web-based account management interface.
- FTP doesn't seem to work - what can I do ?
FTP has two modes - active and passive. Due to the firewall in front of the linux server, active FTP doesn't work. Thus to use FTP you have to use passive mode, to do this run
- Can I print to a remote printer?
You can send print jobs to a remote lpd server (line printer daemon) using the
rlprcommand. See the
rlprmanual page for full details and examples. Please contact your local IT support staff for information about printers and print servers in your college or department.
- Can I perform resource-intensive tasks on this server?
- No. This is a general-purpose system; if you have large resource requirements (eg CPU, memory, disk space, etc) then this system will probably not be appropriate for you.