print

IT (Information technology)

Network communications between the ILL and the internet

Network communications between the ILL and the internet are filtered.

Here are the procedures to follow to be able to connect or exchange data with the ILL from a computer outside the site.

  1. Mail
  2. Ssh et Sftp

Concerning experimental data, dedicated service are available.

1. Email

1.1. Sending

Your correspondent in the ILL has an email address of this kind: login@ill.fr
The login is, generally, the person’s name. Most of the users also have an alias of this kind : firstname.familyname@ill.fr
An ILL staff phone book including email addresses can be found here.

Mails pass through the following filters (both directions: to and from the site):

  • Anti-spam (Unsollicited Commercial Emails). Mails sent from known spammer sites or with a badly formed "from" field are refused.
  • Antivirus. All mails are checked by an antivirus. If a virus is found, the receiver will receive the mail with a warning message and, if possible, the disinfected attachment. If disinfection is not possible, the attachment is removed from the mail. The sender is also warned of the presence of the virus.
  • Size limited to 15 Mb. Note: an attached file occupies about 110 % of its normal size. An email passes through several relays before arriving at our site; some of these relays may have a lower limit than the ILL's.

1.2. Receiving

You can consult your ILL mailbox from a web browser using our webmail or your favorite email client using a secure protocol (SMTPS, IMAPS,POPS).

Note:

  • You don’t have to set a forward as you did in the past.
  • If you usually read your mailbox with the POP protocol, please close down your usual email client, as it may remove emails from the server as soon as they arrive.

2. Ssh and Sftp

  • Ssh: connection in terminal mode (as a telnet replacement).
  • Sftp: securised ftp. It allows file transfers with an Ssh connection. The use is similar to Ftp but it doesn’t uses this protocol.

2.1. Principle

To connect with Ssh in the ILL, you should have:

  • an account on our site entry computer: grill.ill.fr (non-ILL staff must have their local contact's signature to get this account);
  • a recent Ssh program, as only the version 2 of the protocol is accepted.

Connection parameters (for Ssh and Sftp):

HostFirewall.ill.fr
Port5023 (beware it isn’t the default port, which is 22)
Login: Your account on Grill
Password: Your password on Grill

Beware: you really must connect on the firewall with your Grill account.

There is an "automatic proxy" between the firewall 5023 port and the Grill 22 port.

Note: At first connection, your Ssh/Sftp program asks you to validate the server’s key, please answer Yes.

Once connected to Grill:

  • With Ssh: you can connect to any ILL workstation with telnet (or sometimes with ssh).
  • With Sftp: you can exchange files with Grill but not directly with other workstations. To transfer your files between Grill and another ILL workstation, please connect to Grill with Ssh and then use its ftp command. Important: your data should not stay on Grill; any old and voluminous data will be deleted without notice.

If you want to use X11 you need to have a working X server on your client (Cygwin, Xdeep ...). Tell your ssh client to use X11 forwarding (use the -Y or -X option if you use it from an Unix console, or check "X11 tunneling" if you use a graphical client). If you connect from Grill with ssh to another station, X11 will continue to work (it will be forwarded); it can’t work with telnet. If you connect with a generic ILL instrument account (in5, d2b, ...) you should run the command "setenv XAUTHORITY ../.Xauthority" in order to allow the X11 forwarding to continue. 

2.2. Ssh clients tested and validated

The following program list isn’t comprehensive. All Ssh programs which use the protocol 2 should work. These programs were selected because they all implement advanced Ssh features (Ports and X11 tunneling).

2.2.1. Windows PCs (any versions)

Two programs are proposed; their advantages are:

  • Putty is free and doesn’t need to be installed, so you can so transport it with you on a floppy disk.
  • SSH WinSecureShell is a little more complete and the use of sftp is easier.

* Putty

Source: http://www.chiark.greenend.org.uk/ sgtatham/putty/ (Free)

Please download putty.exe (Ssh client) and psftp.exe (Sftp client).

Simple connection in terminal mode:

  • Run the downloaded program : putty.exe (there is no installation need)
  • Check the protocol option: SSH (NB: you must do this at the beginning)
    • Host name : firewall.ill.fr
    • Port : 5023
  • Click on: Open

Connection in Sftp:
The psftp program works in a Dos window like the basic ftp Windows command. Please, type:

psftp -P 5023 your_login_on_grill@firewall.ill.fr

* SSH WinSecure Shell

Source: www.ssh.com (free for "non-profit users")

Simple connection in terminal mode:

  • Install the program with all default parameters
  • Run the installed program: SSH Secure Shell Client
  • Click on: Quick Connect
    • Host Name : firewall.ill.fr
    • User Name : your login on Grill
    • Port Number : 5023
  • Click on: Connect

Connection in Sftp:

  • Please connect in terminal mode, then go in the menu: Windows->New File Transfer.
  • Alternatively: please connect directly with the program "SSH Secure File Transfert Client".

2.2.2. Unix (all, among Linux) and Mac OS X

* OpenSSH (from the release 2.9)

Source: www.openssh.org (free, often supplied with your OS)

This package contains several clients programs and a sshd server, which allows clients to connect. These commands have no graphic interface, they should be executed from a terminal window (like xterm).

Simple connection in terminal mode:
Ssh -p 5023 your_login_on_grill@firewall.ill.fr

Connection in Sftp:
sftp -oPort=5023 your_login_on_grill@firewall.ill.fr