Infrastructure/Shell
SSH-Over-TLS
IT blocks all inbound SSH connections from outside of the 141.219.0.0/16 range so by default you can't ssh into Shell from off-campus (or the guest WiFi).
There's a service on port 8443 to allow wrapping ssh traffic in TLS, so if you're connecting from a *nix client you can use the following options to do the TLS-wrapped-SSH:
Using package openssl
openssl should be installed on most *NIX systems, including MacOS, by default.
It can be installed on Windows with winget install openssl or scoop install openssl
Single-Use Command
You can use the following command to ssh into shell without editing any persistent configuration files:
ssh -o ProxyCommand="openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null" username@shell.lug.mtu.edu
Persistent Config
Otherwise, you can add the following to ~/.ssh/config, and have it auto-apply any time you type ssh shell:
Host shell
ProxyCommand openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null
ServerAliveInterval 10
This is what I recommend, as you can just type ssh shell and it'll apply the SSH-over-TLS settings automatically.
You can also add your username and pubkey to the host config for a very quick login, so you don't have to type your password every time.
More information about the SSH Host configuration file can be found here
Using package socat
If the above doesn't work, (or if openssl keeps dropping the connection randomly) you can use socat instead.
Just replace:
openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null
with
socat - OPENSSL:shell.lug.mtu.edu:8443,verify=0
in either the single-use command or persistent config.
So long as socat is installed, it should work without hassle.
You can also use other TLS client you like, such as ncat or stunnel, but openssl and socat are some of the most popular programs for this purpose so I decided to only cover the configs for them.
Contact a LUG sysadmin if you need help using a different TLS client application for this purpose.