There are a number of different ways one can transfer files securely to the new Web server. They vary in their ease of use and the tools they provide the user (listed in preferred order):

• Use the commercial (but free for academic use) version of the SSH Secure Shell for Workstations tool.
  Advantages:
  • Commercial written and very well supported software.
  • Supports SFTP, drag and drop file transfers, using a window which resembles the windows Explorer application.
  • Provides easy way to change file protections (but only use if you know how those file protections work, please).
  • Supports SSH2, a more secure protocol.
  • Very customizable.
  • Professional documentation and support.
  • Provides both terminal emulation (looks like telnet) and file transfer.
  • Can ftp port forward, allowing one to use Netscape Composer and Dreamweaver to publish webpages.
  Disadvantages:
  • None, as far as I know, but I have yet to write up any documentation on it.
  See this page for more information and download location

• WinSCP is a program that uses the SCP protocol and works much like WS_FTP and other programs people have used.
  Advantages:
  • The window looks very similar to the ftp windows people have used in other applications.
  • Provides easy way to change file protections (but only use if you know how those file protections work, please).
  • Supports SSH2, a more secure protocol.
  • Very small program, does not take up much harddrive space at all (can even fit on a floppy disk).
  Disadvantages:
  • Still being tested, might still have some bugs.
  • Documentation is still being written.
  • Cannot use with Netscape Composer or Dreamweaver publish utilities, but can still be used to transfer those files.
  See the WinSCP page for information on how to download and set it up.

• F-Secure's SSH client
  Advantages:
  • Commercial written and very well supported software.
  • Well documented.
  • Supports FTP forwarding (can use with Netscape Composer and Dreamwweaver).
  • Others, I'm sure, but I haven't used it in a while.
  Disadvantages:
  • It's not free, even for academic licenses. Howerver, the U. has a site license for it, which costs users ~$10/year (I think).
  Download it here, and learn how to port forward here

• Tera Term Pro + SSH plugin.
  This page describes this method.
  Advantages:
  • Allows you to use your current file transfer method (ws_ftp, Netscape composer publish, Dreamweaver Publish).
  • Includes terminal emulation (telnet-like)
  • Doesn't take up much diskspace (might fit on a floppy, if you knew what you were doing).
  Disadvantages:
  • Hard to set up.
  • Only uses SSH1, and so is more insecure.
  • May not be supported for long, because of the SSH1 thing.
  • Other than what is here, there isn't much documentation.

This document is merely a "how to set this up" document, and has no explaination for what you're actually doing. Those explainations can be found on the SSH and (vs.) VPN page.

This document has instructions for installing and configuring both the Windows SSH client and a Windows FTP client. If you only want to install and configure the SSH client, simply follow the Tera Term Pro instructions below. Even if you don't want to set up FTP client right away, it would be prudent to configure Tera Term Pro to support FTP port forwarding, since you'll probably want to use it eventually.

Important: There are major security concerns with creating these tunnels. When you create them, remember:

• Open the tunnel with ttssh (connecting with TTSSH)
• Open your FTP (WS_FTP LE) conenction and transfer the files.
• Close your FTP connection.
• CLOSE your tunnel (the TTSSH session). If you leave it open, you're leaving the server vulnerable to attack.
• Never, Ever, save your password in a shortcut or alias. Anyone with access to your computer can then use that shortcut without having to guess your password. And, applications don't save them securely, so if someone broke into (cracked) your computer, your password would be available.

Prerequisites:

• Windows 95/98/NT/2000 etc.
• Valid Unix account on the machine you're accessing.
• Tera Term Pro with SSH plug-in (ttssh.exe)
• An FTP client (WS-FTP Light (LE) works, as does ws_ftp32.exe, but the FTP client that comes with Windows does not).

Step 1, Getting and Installing the Software.

Tera Term Pro:

Download and install Tera Term Pro from one of these websites:
Tera Term Pro Homepage
The University of Minnesota Internet Software Page

The install for this is pretty basic. Just accept the default settings for it, and it will create a folder called c:\program files\TTERMPRO. That is where the teraterm application will go.
A folder is also created in your Start Menu.

AND Download the SSH plugin:
TTSSH: An SSH Extension to Teraterm.
This page also has documentation, which is why I didn't just link to the download directly. Scroll down to "How to Obtain and Install TTSSH."

NOTE: Versions of Tera Term Secure Shell extension (ttssh.exe) older than 1.5.1 will not work.

Extract the ttssh.exe executable in the same directory as the tera term pro application (the default location is in c:\program files\TTERMPRO.). I usually create an SSH subdirectory of the tera term directory, extract ttssh.exe and it's associated files into it. Then I move the ttssh.exe file up into the tera term directory, leaving the ttssh readme file intact in the SSH directory. Or I rename the ssh readme file something else and stick it in the same directory.

This will NOT create a shortcut on your Start menu. You can create a shortcut manually on your desktop for the ttssh.exe program if you like. Getting it into the start menu is a bit trickier, and the method changes from windows version to windows version. Ask if you want to know.

WS_FTP:

The WS-FTP LE client is free for educational use. You can download it from The University of Minnesota Internet Software Page

Either the WS_FTP Lite or the Ws_FTP_32 versions should work. However, this document is written for the LE version, and the _32 version is not free for non-educational use. Once it's downloaded to your computer, you can install it by double-clicking on its icon.

If you're using the full WS-FTP32 version, it does not have a setup program . You just extract the zip file into the directory where you want it. I generally create c:\program files\ws_ftp and put it in there. I can show anyone who want, how to do this.

Step 2, Configuring Tera Term Pro to do FTP port fowarding through SSH.

Start Tera Term Pro:

On the 206 Lab Machines, it will usually be in the Apps folder, and will be called "telnet." However, on different machines it will be called "ttssh.exe" and the icon looks like this:

The straight Tera Term won't work, you must use the SSH plugin.

Launch the program. Two windows should appear with the following title bars:

Tera Term - [disconnected] VT

Tera Term - New connection

Click on the "Cancel" button in the "Tera Term - New connection" window, we want to add a host with FTP port forwarding before opening a SSH connection.

Add a host with FTP port forwarding enabled:

Click on the "Setup" menu in the "Tera Term - [disconnected] VT" window, then choose the "TCP/IP" option. A new window should appear titled:

Tera Term: TCP/IP setup

Add the following entry in the "Host list" field:

host:22/ssh /ssh-v /ssh-Lftp:host:ftp

Where "host" is the FTP server you want to connect to, example:

agate:22/ssh /ssh-v /ssh-Lftp:agate:ftp

(From off-campus, you might have to replace agate with agate.geo.umn.edu. It get long, but it should work.)

NOTE: The example above assumes domain name resolution is configured such that "agate" is translated to the correct numerical ip address, i.e. if "telnet agate" or "ftp agate" works for you now, then this example should also work.

Now click the "Add" button, click the "Ok" button when you are finished adding hosts to the host list.

NOTE: the "/ssh-v" option creates a "TTSSH.LOG" file (useful in diagnosing problems).

After you set up FTP, this is where you'll come to log into the Unix machine.

When you use this window to connect, you MUST have SSH chosen as the Service. Telnet won't work.

The first time you connect to a new server with this setup, you'll get a warning which looks like this:

Usually, if this is the first time you've connected to a host, this is okay. So click on "Add this machine and its key to the known hosts list", and then click "Continue". However, if you've connected to this host before, and you get this error, contact your administrator, because there is a chance the machine has been compromised. (There is also a good chance the machine was just re-installed, or SSH was updated, but check anyway.)

Every time you log in, a window like this will pop up:

(sorry about the resolution of this image).

This is normal, and is where you type in your username and password. For post people, having "Use plain password to log in" selected is fine. If you have an RSA key, you can use that here too. If you don't know what an RSA key is, don't worry about it.

Step 3, Configuring WS-FTP to use the SSH connection.

Start WS-FTP (lite).

Create and configure a new WS-FTP "session" to use the SSH tunnel:

Click the "Connect" button in the WS_FTP window; a new window titled "Session Properties" should appear. Click the "General" tab.

Click "New" to create a new session. Enter a meaningful name in the "Profile Name:" field. For example, SSH-FTP. Enter "localhost" (without the quotes) in the "Host Name/Address:" field.

(This tells WS-FTP to connect to the FTP port on the local computer (i.e., your PC). Your existing SSH connection forwards this port through its secure tunnel to the remote host.)

Leave the "User ID:" and "Password:" fields blank. That way, WS-FTP will prompt you for them each time you connect using this session, which will let you easily use this session for setting up FTP transfers to different computers (on which you presumably have different usernames and passwords).

It's never a good idea to save passwords in a dialog such as this. There are two reasons: Saving your password gives anyone else who gets physical access to your machine a straight connection into the server. Also, many applications don't encrypt the password in any way when they store it, so if your machine gets broken into, the person can find your passwords for other accounts as well.

Click the "Advanced" tab. The "Passive transfers" check box should have a check in it to enable Passive Transfer Mode (click on the box if there is no check mark). If Passive isn't turned on, all sorts of weird errors occur.

Click the "Ok" button when you are done making changes in the "Session Properties" window. This will save your new configuration, and will attempt to connect to "localhost" to initiate an ftp transfer. If you're not currently logged in to a host using Tera Term Pro (as described in step 2), this connection will fail.

Step 4, Using SSH, and Using WS-FTP Through the SSH Connection.

Set up an SSH connection to your desired host using Tera Term Pro (SSH Telnet). This provides a secure "tunnel" through which your FTP username and password information will travel.

Start WS-FTP. Connect to the SSH-FTP connection you created in step 3.

Transfer files as you like. When you're finished, close the WS-FTP connection, then log out of the SSH connection.

Another useful ssh page: Ohio State SSH FAQ

This page is based on an excellent page at the UW Physics and Astronomy site. Used with permission.

by Karen Swanberg.
You're welcome to use and link to this page, as long as both the UW (especially!) and I are attributed.