Self-managed security
Now on the Informatics Computing Hub (University users only).
NTP
We run a local NTP time-synchronisation service for Informatics, and recommend that self-managed machines on our network are set up to use it rather than remote timeservers. There are four machines - ntp0.inf.ed.ac.uk, ntp1.inf.ed.ac.uk, ntp2.inf.ed.ac.uk, and ntp3.inf.ed.ac.uk For robustness you should configure your machine to synchronise to as many of these as your system will allow.
Using ssh on a Mac
Use ssh to from your Mac to Informatics hosts. We recommend that you use Kerberos with ssh as it makes it more secure.
Using ssh from Linux
Most Linux distributions have an SSH client installed by default. For Fedora and Redhat it is in the openssh-clients package; on Debian and Ubuntu it is in the openssh-client package.
Before you can use ssh, you must be using a VPN - either the University VPN or the School's OpenVPN. The VPN page can help with that.
Then, to access an Informatics SSH server, start a terminal, and enter something like the following (replacing 'yourusername' with your DICE Informatics username):
Using ssh from Windows
If you are using Windows 10 or 11, we recommend you use the built-in ssh client. It can be used from either the Command Prompt or Windows PowerShell applications. It's based on OpenSSH, so you can manage your ssh keys in the same way as on Linux (for details see Using ssh on Linux).
External login (ssh) service
This page is about the three SSH gateways into the School of Informatics, which are:
DNS
DNS
We run a complete domain name service (DNS) which assigns a permanent fully-qualified domain name (FQDN) (*) in the .inf.ed.ac.uk domain to any machine on our network which has been assigned a fixed IP address. We do not run a dynamic DNS service, so we cannot give a permanent FQDN to any machine which is using a dynamically-assigned IP address.
We run a 'resolver' at each site, for the benefit of self-managed machines. The address(es) for this service will be configured by DHCP as appropriate.
Encrypting Groups of Files on DICE
This page is about encrypting groups of files on DICE Linux. For other computers and devices see Enabling encryption on computers.
There are at least two tools available for encrypting groups of files under DICE:
Make an encrypted USB stick with gnome-disks
This page explains how to use gnome-disks on DICE to make an encrypted USB stick.
Accessing sensitive data remotely from home or public machines
- Consider using a VPN (for example our OpenVPN service), particularly if you are using wireless in a public place - public wireless points are often less secure than those at home or within the University.
- When using a machine you do not manage (in an internet cafe, for example):
- You must avoid accessing sensitive data on such a machine.
- When using a home machine that you share with others:
- You must use a separate user account that other individuals have no access to.
- Please run antivirus.