Access to the Crystallography network by External users


For security reasons external access to the School of Crystallography computers is restricted. With the possible exception of X-windows applications this should not affect access to external resources (e.g web, ftp) from local systems.

Remote users will only be able to access a small number of systems directly.

See the following links for information on which systems to use for a particular service:

Reporting problems

If you are unable to access computers on the Crystallography network check that you are using names from the list below. If you are still unable to access the system even with the correct name then contact the Crystallography Computer Support Group.

Please provide the following information with any requests for help:

  • Your name, contact phone number and email address.
  • Course, research group or the name of member of academic staff sponsoring your access.
  • The name of the system you were trying to access.
  • Where are you trying to access it from (host name , IP address).
  • The exact date and time of the access attempt (without this we can't check the log file for problems).
  • Has it ever worked before and if so when?
  • Have you changed anything about the set up of your workstation?

Webmail access to email

It is possible to access your email via the Schools webmail service: https://webmail.cryst.bbk.ac.uk/

Note:

  • Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Inbound email (IMAP) access for reading email

Remote IMAP users (e.g. Pine & Thunderbird email client) should use the following server name

Server Name Service Port
imap-ext.cryst.bbk.ac.uk IMAP 143

The email client should be configured to

  • Use TLS (or SSL) if available
Note:
  • Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Click here for more information on the -ext host names

Outbound email (SMTP etc) for sending email

The outbound email servers and ports are listed below in order of preference

If possible select port 587 (MSA) for outgoing email rather then port 25 (SMTP). Some networks now block outbound port 25 (SMTP) in an attempt to stop junk mail (SPAM) from zombie PCs. Hopefully these networks allow the alternative Message Submission Agent (MSA) port 587.

Server Name Service Port
smtp-ext.cryst.bbk.ac.uk MSA 587
smtp-ext.cryst.bbk.ac.uk SMTP 25
smtp-ext.cryst.bbk.ac.uk SMTPS 465

The email client should be configured to

  • Use authentication
  • Use TLS (or SSL) if available
Note:
  • Some clients will complain that the servers are using self signed certificates; these messages can be ignored for now.

Click here for more information on the -ext host names

ssh, ssh, sftp, scp and FTP access

Remote ssh, ftp, sftp and scp users should to use the following server names

Server Name Service
ftp.cryst.bbk.ac.uk ftp, sftp, scp
ssh.cryst.bbk.ac.uk ssh, sftp, scp

For systems which are not directly accessible from outside the School's network

  • First ssh to one of the above systems and login
  • Next connect to the required system with the command ssh -Y or ssh -X
    • e.g. ssh -Y my.system.cryst.bbk.ac.uk
Note:
  • The -X option Enables X11 forwarding and will allows X-windows programs to access your screen.
  • The -Y option Enables trusted X11 forwarding, this is needed by apple system

Using the ordinary (non -ext) names to access the crystallography network from external systems will result in a very unreliable service.

To telnet to a system which is not directly accessible:

  1. First telnet to and login to one of the above (e.g. cutty-ext.cryst.bbk.ac.uk)
  2. Then telnet or rlogin to the desired local system.

FTP access should not be a problem as the above systems have access to the UNIX cluster file store.

Remember you can access your PC network I: drive space with the path /pc/ubcgxyz and your UNIX home directory as /H/ubcgxyz Where ubcgxyz is your login ID.

For example if you were logged into a remote system remote.site.edu and wanted to login to mv3b.cryst.bbk.ac.uk and ftp files back to your account on remote.site.edu

  • First telnet to cutty-ext.cryst.bbk.ac.uk and login using you UNIX ID and password
  • Then telnet from cutty-ext to mv3b
  • After logging into mv3b then ftp files back to remote.site.edu by using the ftp command on mv3b.

X-Windows server access

Please use X forwarding via ssh.

For advice contact the system staff,

See reporting problems above.

The -ext host names

  • The -ext names correspond to addresses on our external services network, which unlike our internal networks is also accessible to external (i.e. internet) systems.
  • The -ext names should work from both inside and outside the crystallography network.
  • However using the ordinary (non -ext) names to access the crystallography network from external systems will result in a very unreliable service.
  • The -ext form names are only given to a servers interface on our external network. Non -ext names refer to interfaces connected to our internal network
  • Please contact CCSG if the server you want to access is not listed on this page http://www.cryst.bbk.ac.uk/CCSG/access/remote_access.html
  • Adding -ext to server names at random is unlikely to work.


CCSG Comments, Corrections, Changes School Home page


$Revision: 1.28 $      $Date: 2009/09/21 13:26:26 $