Home > Local

1. We have enter our seventh year with our departmental server "gauss". This server is running Red Hat Enterprise as the operating system (Linux not windows server), so there will be some differences in connecting.
   This server is available from outside as:
   math.mercyhurst.edu
   
2. First Time users:
   1. Use your account username/password pair to log on to gauss (with the username/password provided) Windoze users: use PuTTy (see below), or something similar to log on to gauss.
   2. You will want to change your password. Your password may be the same as that for your other Mercyhurst account, PROVIDED, your password must be at least 8 characters, with either mixed case and/or mixed alpha numeric.
      Easily cracked passwords will have the account temporarily locked - until a new (stronger) password is in place.
      See below for further password information
      
   3. To change your password, at the command prompt type: passwd, you will be prompted for your NEW password, type it hit enter and then you will be prompted to CONFIRM your new password, type the new password again.
   4. If you are planning on mapping a network drive to gauss (from windoze), you will need to change this password as well (yes, it is different). At the prompt enter smbpasswd and enter, submit confirm enter and you are done.
3. Connecting to the server (outside the firewall - OFF-campus):
   Chances are the primary service you will need is transferring files to and from the server. For security considerations the only means you have for transferring files is using the Secure File Transfer Protocol (SFTP) subset of the Secure Shell Procotols (SSH). SFTP is the replacement for the old and insecure File Transfer Procotol (FTP), with the addition of strong Encryption/Authentication.
   You will need to install software to perform the following tasks (we suggest some possible - free - software as solutions).
   Note: below whenever you see   math.mercyhurst.edu   you may substitute   art.mercyhurst.edu   as appropriate.
   1. A SFTP and SCP (Secure CoPy) client for using SSH2 (Secure SHell). The main function is safe copying of files between a local and a remote computer. Some possible software solutions (with drag and drop support):
      Linux users: your system comes with all of the tools you need (Filezilla, gftp, others), be sure to change the protocol to SHH2 for a GUI. There are MANY ways to transfer files if you have a Linux box at home. For most of you, I suspect the 'Connect to Server' method (using service type 'SSH') would be your favorite - Windows-like GUI's.
      
      1. MAC, Linux, and Windows users :
         FireFTP is a Firefox add-on that now supports sftp.
         FileZilla Client - a Free FTPS and SFTP client with lots of useful features and an intuitive graphical user interface.
      2. Windows users:
         Core FTP - the LE version is a Free SFTP client for Windows
         WinSCP: is an open source SFTP and SCP client for Windows.
      3. MAC users:
         Cyberduck is an open source SFTP, WebDAV, for the Macintosh
         MacSFTP - SSH FTP Client for the Mac
         Fugu - A Mac OS X SFTP, SCP and SSH Frontend
      This will allow you to scp (transfer files) between math.mercyhurst.edu and your home computer in a GUI.
      Host name: math.mercyhurst.edu     (inside the firewall you may use '10.30.20.10' or just 'gauss')
      Port number: 22 (leave this)
      User name and Password are for your account on gauss (math.mercyhurst.edu).
   2. You may also need software to allow you to ssh to math.mercyhurst.edu from home (open a terminal window on gauss). Linux and Mac this comes built in.
      For windows, one recommended solution is:
      PuTTY
      The PuTTY help pages: PuTTY User Manual
      Use host name: math.mercyhurst.edu; and hit open.
   3. Again, ftp in NOT permitted (feel free to try).
4. All accounts have web content available by default. If your user name is credmond, then your web content will be viewable in a browser at the URL: http://math.mercyhurst.edu/~credmond/
   All web content is to be placed in your public_html subdirectory on gauss. For example:
   

   The file: /credmond/public_html/index.html is viewed via
               the browser URL: http://math.mercyhurst.edu/~credmond/index.html

   Remarks: you may also use http://math.mercyhurst.edu/~credmond/
   The index.html (or index.php) is the 'default page shown in any directory - if no file is specified.
5. Think about directory structure BEFORE you begin development
   Remember on a Linux system `Images', 'iMages', 'IMAGES', and `images' are different directories
   You may even want to create a site map
6. Naming conventions
   Not too long
   Don't use spaces (in names)
   No extraneous characters
   Should stick to lowercase file names (and extensions)
7. When you have questions about getting to your account, HTML, PHP or MySQL ask Pat Kelly

Password Selection

Essential password rules

Rule 1 – Password Length: Stick with passwords that are at least 8 characters in length. The more characters in the passwords the better, as in harder to crack. Ten characters or longer are better.

Rule 2 – Password Complexity: Should contain one or more characters from at least three of the following groups.

1. Lower case letters
2. Upper case letters
3. Numbers
4. Special Characters

General Guidelines

1. Must be at least seven characters long (should be eight or more characters).
2. Should contain at least 5 unique characters. You already have 4 different character if chose one from each group above.
3. Mix Upper and Lower Case Letters .
4. Mix Letters and Numbers -- especially when added to the middle (not just at the beginning or the end).
5. Include Non-Alphanumeric Characters -- Special characters such as &, #, $, %, < , @, ^, *, and punctuation (preferably a few of them).
6. Use Password Manager. Strong passwords are hard to remember. So, as part of utilizing a strong password you need a reliable and trustworthy way of remembering the strong password. Using a password management tool to store passwords should really become a habit. Anytime you create a password, immediately record it in a password manager tool. Then your password will be encrypted and stored away password protected.
7. Be significantly different from prior passwords. It is important to differentiate between Important and less important passwords.
8. Pick a Password You Can Remember -- the SysAdmin can not 'look up' your password. Use Passphrase. If you don’t want to use password management tool, Use Passphrase to easily remember the passwords. You can use initials of a song or a phrase that are very familiar to you.
9. You may take a word you like, say redmeat and substitute some characters to get: r{*Meat!#     (don't use this one).

1. Do Not Use Only Words or Numbers.
   BAD: 8148242123, changeme, password, secret, qwerty, Qwerty123.
2. Do Not Use Recognizable Words (even from Foreign Languages).
   BAD: roger1, mentat123, bienvenido1, 1dumbKopf.
3. Do Not Use Personal Information.
   Such as: Your name, The names of pets, The names of family members, Your phone number or zip code.
4. Do Not Use the Same Password For All Machines.

We require strong passwords. These policies will be enforced. We run a password cracking program against the password file, any passwords which are cracked will have that account disabled.

WHY?

You may wonder why? Prior to setting up IP rate limitations, on some days we have in excess of 4000 attempted logins on our server (the maximum was 12,000 in one day).

Why mixed case and symbols?       (~28 different symbols and 10 digits)
For example a four character password, just lower-case, allows 26⁴ or about 457,000 variations.
Whereas, with mixed case and symbols a four character password allows 90⁴ or about 65 million variations Still crackable).
But an eight character password (our minimum) allows 90⁸ or about 4.3 quadrillion variations (4300 trillion).   (26+26+28+10 = 90)

By the way I will not look kindly on those of you attempting to run a passwd-crack program (or similar types of mischief) on our server. That sort of playing sould be done on your own machine.