For security reasons external access to the School of Crystallography computers is restricted. With the possible exception of X-windows applications this should not affect access to external resources (e.g web, ftp) from local systems.

Remote users will only be able to access a small number of systems directly.

• Reporting problems
• Webmail access to email
• Inbound email (IMAP) access (for reading email)
• Outbound email (SMTP etc) (for sending email or outbound email)
• FTP
• Secure Shell (ssh, sftp and scp)
• Internet Cafes and Browser only access
• X-Windows
• Research group or project specific servers
• The -ext host names
• School of Crystallography Root Certificate

Reporting problems

If you are unable to access computers on the Crystallography network check that you are using names from the list below. If you are still unable to access the system even with the correct name then contact the Crystallography Computer Support Group.

Please provide the following information with any requests for help:

• Your name, contact phone number and email address.
• Course, research group or the name of member of academic staff sponsoring your access.
• The name of the system you were trying to access.
• Where are you trying to access it from (host name , IP address).
• The exact date and time of the access attempt (without this we can't check the log file for problems).
• Has it ever worked before and if so when?
• Have you changed anything about the set up of your workstation?

Webmail access to email

It is possible to access your email via the Schools webmail service: https://webmail.cryst.bbk.ac.uk/

Note:

• Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Inbound email (IMAP) access for reading email

Remote IMAP users (e.g. Pine & Thunderbird email client) should use the following server name

Server Name	Service	Port
imap-ext.cryst.bbk.ac.uk	IMAP	143

The email client should be configured to

• Use TLS (or SSL) if available

• Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Click here for more information on the -ext host names

Outbound email (SMTP etc) for sending email

The outbound email servers and ports are listed below in order of preference

If possible select port 587 (MSA) for outgoing email rather then port 25 (SMTP). Some networks now block outbound port 25 (SMTP) in an attempt to stop junk mail (SPAM) from zombie PCs. Hopefully these networks allow the alternative Message Submission Agent (MSA) port 587.

Server Name	Service	Port
smtp-ext.cryst.bbk.ac.uk	MSA	587
smtp-ext.cryst.bbk.ac.uk	SMTP	25
smtp-ext.cryst.bbk.ac.uk	SMTPS	465

The email client should be configured to

• Use authentication
• Use TLS (or SSL) if available

• Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Click here for more information on the -ext host names

ssh, ssh, sftp, scp and FTP access

Remote ssh, ftp, sftp and scp users should to use the following server names

Server Name	Service
ftp.cryst.bbk.ac.uk	ftp, sftp, scp
sark-ext.cryst.bbk.ac.uk	telnet, ssh, sftp, scp
ssh.cryst.bbk.ac.uk	ssh, sftp, scp

For systems which are not directly accessible from outside the School's network

• First ssh to one of the above systems and login
• Next connect to the required system with the command ssh -Y or ssh -X
  • e.g. ssh -Y my.system.cryst.bbk.ac.uk

• The -X option Enables X11 forwarding and will allows X-windows programs to access your screen.
• The -Y option Enables trusted X11 forwarding, this is needed by apple system

• More information on -ext host names
• More information on ssh
• problems with ssh, sftp, scp
• ssh and the law

Using the ordinary (non -ext) names to access the crystallography network from external systems will result in a very unreliable service.

To telnet to a system which is not directly accessible:

1. First telnet to and login to one of the above (e.g. cutty-ext.cryst.bbk.ac.uk)
2. Then telnet or rlogin to the desired local system.

FTP access should not be a problem as the above systems have access to the UNIX cluster file store.

Remember you can access your PC network I: drive space with the path /pc/ubcgxyz and your UNIX home directory as /H/ubcgxyz Where ubcgxyz is your login ID.

For example if you were logged into a remote system remote.site.edu and wanted to login to mv3b.cryst.bbk.ac.uk and ftp files back to your account on remote.site.edu

• First telnet to cutty-ext.cryst.bbk.ac.uk and login using you UNIX ID and password
• Then telnet from cutty-ext to mv3b
• After logging into mv3b then ftp files back to remote.site.edu by using the ftp command on mv3b.

X-Windows server access

Please use X forwarding via ssh.

For advice contact the system staff,

See reporting problems above.

Research group or project specific servers

The following machines, which can be accessed from external networks, are dedicated to specific research groups or projects.

Server Name
axon-ext.cryst.bbk.ac.uk
grace-ext.cryst.bbk.ac.uk
mb4-ext.cryst.bbk.ac.uk
moa-ext.cryst.bbk.ac.uk

The -ext host names

• The -ext names correspond to addresses on our external services network, which unlike our internal networks is also accessible to external (i.e. internet) systems.
• The -ext names should work from both inside and outside the crystallography network.
• However using the ordinary (non -ext) names to access the crystallography network from external systems will result in a very unreliable service.
• The -ext form names are only given to a servers interface on our external network. Non -ext names refer to interfaces connected to our internal network
• Please contact CCSG if the server you want to access is not listed on this page http://www.cryst.bbk.ac.uk/CCSG/access/remote_access.html
• Adding -ext to server names at random is unlikely to work.

Internet Cafes and Web Browser only access

Sometimes you may need to access the Schools network but only have a web browser available. For example from an Internet Cafe which doesn't support Ssh or telnet but only provides web browser access to the Internet.

It is possible to run a ssh/Telnet terminal within a browser using a Java Applet. These Applets require a Java virtual machine (VM), which are usually installed in the browser. The Sun Java VM can be downloaded http://www.java.com/en/download/manual.jsp here.

• Click here for MindTerm configured to accress some the Schools systems from within a browser
• Click here for information on other Java Telnet/ssh Applets

School of Crystallography Root Certificate

The School of Crystallography has its own Root Certificate, which users may need to load into their applications or computers. This Certificate should already be loaded into most of the Schools systems.

$Revision: 1.26 $      $Date: 2009/09/21 13:26:26 $