Setting up SSH/SFTP/SCP to access your website using the ITCS maintenance interface


**IMPORTANT NOTE**

OPIS used to maintain a SSH/SCP/SFTP page with good instructions.
     (While now a bit dated, the information and guides are often still useful...)

Additional Notes:

  1. There are a number of different clients for Windows Macintosh and Linux that will allow you to connect to the site-maintenance interface and make changes to your site. For currently supported client software, please refer to the OPIS/Tech Services document above.

    Some alternatives may be available for UIUC staff/students via the UIUC Webstore at https://webstore.illinois.edu -- you will need to login using your netid and appropriate credentials.

    • Click on the appropriate 'Personal' or 'Unit purchase' button,
    • Select by Product Categories: 'Urbana Campus Products'
    • ... Any SSH/SFTP related software should be listed here. (Currently, only WebDrive is listed, at $15/license...)

  2. Additional clients are available on the web through various channels, some are free, others are not. Popular ones include:

    • PuTTY (SSH) and WinSCP (SFTP) for Windows   (Recommended)
    • Fetch for Mac OSX
    • Cyberduck and FileZilla are excellent cross-platform, stand-alone SFTP clients.
      (However, both default to the insecure FTP protocol, you must specifically select SFTP.)
    • NetDrive and Mountainduck are excellent cross-platform SFTP clients that allow mounting like a local drive...


Configuration/Connection Notes:

  1. Once your selected software is installed, connect to the ACES/ITCS site maintainer's environment using these general properties:

    • HOST: backstage.aces-web.itcs.illinois.edu     
    • PORT: 524     (Campus users can use the default: 22)
    • USERNAME: {NetID}    (off-campus users will be provided a unique principal/account name...)

  2. We are now recommending use of an alternate port-number (524) to connect to our SSH/SFTP services because the campus-level firewall is now blocking off-campus access to the default SSH/SFTP port (22). Campus-based users and those using the campus VPN service can continue to use the default port for SSH/SFTP: 22.

  3. If you have Firewall rules limiting outbound connections, you will want/need to add access rules (openings) for the following narrow IP range(s), instead of to a single IP number:

    •  192.17.59.128/25

  4. Some software supports a URL-style method that can be called via a link/bookmark in your web browser. After installation, you may be able to click on this link and start your SFTP client:   sftp://backstage.aces-web.itcs.illinois.edu

    Note: You may be able to create bookmarks/shortcuts with your account name already embedded, in the form:   sftp://{netid}@backstage.aces-web.itcs.illinois.edu

  5. The first time you connect to the system, you may receive a warning/prompt alerting you that the server's key is not found in your cache -- this is normal for first time use. As long as the key displayed matches the value posted below, all is well and you should simply indicate "Yes" or "Ok" to accept this key and store it. (An accepted key is required to successfully log in...)

    •  ssh-rsa 1024  58:71:61:4b:20:18:90:c4:f1:ca:10:15:42:2a:36:59