Chris Smith (csmith@noao.edu)
More and more visiting astronomers are asking if they can bring their own computers to CTIO with them and connect them to our network. You are welcome to do so, and we are taking measures to make the experience easier and safer.
We have installed spare ethernet connections at each telescope and downtown in the computer room and conference room, specifically for visitor computer use. These are 10/100 baseT connections (the ones that look like phone jacks on steroids). You should plan on bringing your own ethernet cable just in case, as our spares seem to disappear at an amazing rate and we may or may not have any available. Near each of these connections we have a label providing all of the general setup information (IP numbers, gateway/router, DNS, etc.) necessary for you to get up and running on our network. Please be familiar with how to change these settings on your computer before you come down. Given the variety of operating systems and network configurations that computers sport these days, we cannot guarantee support for setting up visitors' computers. Finally, before plugging in please read and follow CTIO's guidelines for visiting computers (http://www.ctio.noao.edu/sys/usys.html ). In particular, misconfigured Linux machines can play havoc with our local network.
We've taken a number of additional steps to improve the security of the CTIO network. Most importantly, we installed a firewall that separates the outside network (which now connects directly in La Serena) to our internal net, which includes both La Serena and Tololo. For most users, this change should be transparent, but if you've brought your own computer, you may find that some services, like FTP and telnet connections into your computer, are blocked from outside our network.
Whether you're on your own portable or logged in to one of CTIO's machines, we strongly recommend that you use the SSH (Secure SHell) software for logging into remote machines. This provides for secure remote log-ins in a way similar to telnet, rlogin, or rsh and for secure file transfers in a way analogous to rcp. This software package is available for most operating systems, and is free of charge to educational and noncommercial users, while an enhanced version is available commercially (follow the links on the CTIO security page for further information on SSH):
We have installed the SSH on all our machines, and do not accept log-ins from machines outside the ctio.noao.edu domain except via ssh. This means that users who wish to log into our machines from outside must first install ssh on their home machines. You will still be able to log onto your home machine from CTIO without using ssh, using telnet, for example. However, we strongly recommend using ssh if you have it installed on your home machine, in this case to protect your home system.
FTP service is another security risk that we have severely limited. Regular anonymous FTP service for getting information from our systems (e.g., downloading instrument manuals, etc.) is only available through our central server, http://www.ctio.noao.edu. Depositing files into the CTIO anonymous FTP area is not allowed. If you need to transfer files down here while you're observing, you can pull them in by FTPing from our machines to your home machine. Alternatively, we encourage you to use scp, the secure remote copy component of ssh, as an alternative to FTP to bring your files over.