Besides impacting PuTTY, it also affects other products that incorporate a vulnerable version:

• FileZilla (3.24.1 – 3.66.5)
• WinSCP (5.9.5 – 6.3.2)
• TortoiseGit (2.4.0.2 – 2.15.0)
• TortoiseSVN (1.10.0 – 1.14.6)

The fix is to:

1. upgrade the software to the latest version
2. delete your current private key.

References:

Step 1: Install vscode
Step 2: Install Remote-SSH Extension
Step 3: Create Remote-SSH Connection
Step 4: Open Folder on Remote Server
Step 5: Open a terminal, edit some code, run some code!
Troubleshooting: Failed Login
Troubleshooting: Disk Full

In addition to these instructions, you can find a video tutorial here:

Step 1: Install vscode

The first thing you need to do is install vscode on your local device (person computer). We won’t go into the details of installing it here as it varies depending on your device (Linux, Windows, iOS). The install is usually straight-forward.
The vscode download for various platforms can be found here:

Step 2: Install Remote-SSH Extension

vscode cannot make remote connections initially. The Remote-SSH extension is required

1. Open vscode and click on the Extensions panel button (see Red Box in the image below)
   
2. Click on the extension search bar (see Red Box in the image below) and start typing remote ssh.
   The Remote – SSH extension should appear (see Green Box in the image below).
   Click on the Install button (see Purple Box in the image below).
   

Step 3: Create Remote-SSH Connection

1. A new panel button called Remote Explorer should appear – you may have to close and reopen vscode (see Red Box in the image below). Click on the Remote Explorer button.
   Expand the tree down until you see the SSH branch (see Green Box in the image below).
   Click on the plus (+) button to begin adding a new SSH connection (see Purple Box in the image below).
   
2. In the SSH Connection box that opens (see Red Box in the image below)
   Enter ssh student@134.117.130.199 – replacing the IP with you own 134.117.#.# IP address
   
3. It will ask you to save the connection information to an ssh config file. The default one will vary depending on what operating system you are running. In general you can select the first option (see Red Box in the image below)
   
4. A pop-up will appear saying the host was added. If you want, you can manually modify the ssh config file by clicking Open Config. However, this is not required, and in this case we will just click Connect (see Red Box in the image below)
   
5. You will then be prompted for the password for the student account (see Red Box in the image below).
   
6. It will then show a pop-up on the bottom right showing the vscode-server being added to the remote account. This make take a few moments to complete.
   
7. And that should complete adding the connection. A new empty vscode workspace should open that is connected to that remote server.

Step 4: Open Folder on Remote Server

1. Now that the vscode workspace is connected to the remote server, we need to open a folder. Click the Explorer navigation button (see Red Box in the image below) and click Open Folder (see Green Box in the image below)
   
2. The open folder search box will automatically start in the home directory (/home/student) of the student account, so simply click OK (see Red Box in the image below) unless you want to open a specific sub-folder.
   
3. You will again be asked to enter the password for the student account (see Red Box in the image below)
   
4. A window will pop up asking if you trust the authors of files in this folder. If a check box is shown to trust all files in the folder ‘student’, check it (see Red Box in the image below), although this may not appear in all cases. Click Yes, I trust the authors (see Green Box in the image below)
   
5. The Explorer view will now show all of the files and folders in the student account home directory (see Red Box in the image below).
   NOTE: The exact content of the directory will vary depending on which course image you are connecting
   

Step 5: Open a terminal, edit some code, run some code!

1. It can be convenient to open a terminal window so we can run commands just like we would if we had ssh’d into the system. You can open a terminal window in many ways. Here are three easy ones:
   • With the Ctrl + ` (Ctrl + backtick) hot key
   • By right-clicking on any file or folder in the student home directory and clicking Open in Integrated Terminal
   • By clicking on any file or folder in the student home directory, and going to the View menu and click Terminal

   Either of these actions will open a terminal, as seen in the Red Box in the image below
   

2. Next, we can open a file to edit with vscode. In the example below, we have a folder called assignment-code, with a python file called hello-world.py (see Red Box in the image below). If you click on the hello-world.py file, it will open the file in the workspace so you can edit it (see Green Box in the image below).
   NOTE: If this is the first time you have edited a python file, vscode may helpfully offer to install a python extension to help with you python coding (see Purple Box in the image below). It will often do this for any programming language that you open for the first time. It is up to you to decide if you want this extension. In some cases, your instructor may ask that you install specific extensions with certainly capabilities. So make sure to check your course notes.
   
3. We can use the terminal window to conveniently run commands. In this example, we manually run the python program hello-world.py.
   • First we cd assignment-code to get into the assignment directory (see Red Box in the image below)
   • Then we enter ls to list the files and make sure we see the hello-world.py file (see Green Box in the image below)
   • Then we run the python file with python3 hello-world.py and we see the output (it prints Hello, world!”) (see Purple Box in the image below)
     NOTE: The commands you run to execute code will vary, this is just one example of a possible way of running a python file

   

Troubleshooting: Failed Login

vscode failed logins are most often caused by two things:

1. New Openstack Instance with Expired Password: New openstack instances have a default username and password, and the password is expired and must be changed. This cannot be done through the vscode remote connection interface, so you must use a different Connection Tool to connect to your instance for the first time. Once you have set a new password, you can use vscode normally.
2. Instance Disk Full: If an instance’s disk drive fills up, it will not be possible to login with vscode as the tool needs to setup temporary files to initialize. The indicator of this problem is (usually): when you enter the password, vscode will hang, sometimes showing an installing vscode server message that never goes away. If you see that behavior, it is likely that the disk is full. You must login with another Connection Tool, free up some disk space, and then return to using vscode.

Troubleshooting: Disk Full

vscode installs a lot of libraries and support tools to make you coding easier. It also stores a cache of all the original downloaded installers, which it keeps even after the tool has been successfully added to vscode. It is quite common for all of this to quickly fill an openstack instance’s disk drive. Check with your course instructor for instructions on how to clear the vscode cache as it can vary.

Received disconnect: Too many authentication failures
Disconnected

There are at least two reasons for this message. If you provide a wrong password multiple times within a short period of time, it may be locked out – you will have to wait and then try again.This allows SCS to protect our hosts from outside attacks – if you still have an issue please contact SCS Technical Staff.

You may have an ssh key that triggers this warning. In this case try ssh using this option: -o PreferredAuthentications=password so the ssh command would look like:

ssh -o PreferredAuthentications=password access.scs.carleton.ca

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 access.scs.carleton.ca

Replace access.scs.carleton.ca with your destination host.

Linux: Host Identification has changed ERROR

In Linux, when a host has changed, it can generate the ‘host identification error’ and the entry can be updated as follows:
ssh-keygen -R <user>@<hostname>
Where <user> is your username and <hostname> is your destination hostname.

No matching key exchange method found ERROR

Some ssh clients may complain about: “Unable to negotiate with 134.117.xxx.xxx port 22: no matching key exchange method found.” 

This is due to the destination server running an old ssh-cypher. Be aware that this may be an insecure connection as the cypher itself is no longer secure. You can try connecting as follows:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 access.scs.carleton.ca

You may want to contact the system administrator to inform them of the outdated ssh-server.

DEPRECATED – x2go is not used on newer images created since the Fall of 2024 – Instead use TurboVNC with our newer images

Download x2go:

You can find a video demo of these instructions here:

Use the following settings to make the connection – Some of your settings will be different

• host: 134.117.216.10 – Replace this with your own instance’s floating IP address
• username: student – default for most of our openstack images; Sometimes called Login
• password: student – default for most of our openstack images

Install x2go, following the application’s instructions

Open x2go

• On Windows you may get a warning to allow x2go to access the network (firewall rule change); approve the request. This may also pop-up each time you create a new session (described below), so you may have to approve the request more than once.

Create a new session in x2go by clicking Session -> New Session
The key settings that must be entered in the x2go session settings window that pops up are:

• Host: 134.117.216.10
• Login: student
• Session Type: XFCE – This is used for many of our course images, but your course may have a different preferred desktop. Another common one we use is LXDE

Once the settings are entered, click OK

In x2go you will see a new session connection:

Click on the session to initiate the connection:

• You will be asked to enter the instance’s password
• If it is the first time you are connecting to the instance with x2go, you will be asked if you trust and approve connecting to the host. Again, approve the connection

Finally, a window should pop-up connected to the desktop:

NOTE: This example uses putty, but the settings are the same for any tool using ssh, scp, etc.
Download Putty:

You can find a video demo of these instructions here:

Enter settings into putty:

Enter username / password:

IMPORTANT: – Remember that the first time you login, you will be prompted to change your password. See the Login Credentials section at the top of this page for details.

You should see a similar prompt when you successfully connect:

SSH allows you to securely connect to remote computers and virtual machines. With SSH, you can use a computer remotely through the terminal, transfer files between the server and client, and even run graphical programs using X11 forwarding. By default, you will connect to SSH servers using the username and password associated with your account on the server; however, you can also set up something called an SSH Key Pair, which allows you to connect easily and securely.

What is an SSH Key Pair?

As the name suggests, a key pair consists of two keys: the public key and the private key. While you can connect to SSH servers using your account username and password, you can also connect using a username and an authorized key pair associated with that username.

Your public key acts like a personalized padlock that resides on servers. It is an encrypted file that you can publicly distribute to different servers. When you associate a public key to your account, you are saying that anyone who can unlock the public key can also unlock my account without the need for my account password.

Your private key is the key that unlocks your public key and is kept on the client. As the name suggests, this is a file that should be private to you and only you. While many private keys do not have file extensions, you may see private keys with the .pem file extension when using cloud services.

To protect your private key, you always add a passphrase – a password to protect your private key. If you are using a key for automated purposes on a secured network, then you may need to create a key that does NOT have a passphrase. But this is only in specific circumstances. Any key used for remote access from public networks should always have a passphrase.

Why use Key Pairs?

Key pairs offer a number of conveniences when you use remote services:

• Provides a way of authenticating that is less vulnerable to password guessing and brute force attacks
• Distribute your public key to get system access without ever setting up passwords
• Have a different key pair for each device and simply delete the public key from the server to revoke the old devices’ access
• Create a key pair (without a passphrase) for scripts or tools like MPI, Hadoop, etc. so that they can authenticate with other devices without a password prompt
  You can find a detailed example of setting up ssh key login for scripts in this article:
  Using SSH Keys to Support Multi-node Compute Tools & Scripts

Remember that your public key is truly public; as long as you protect your private key file, you may distribute your public key however you would like. Nobody can do anything malicious with your public key file, so you can use them to create a shared identity across multiple services. The same public key will work across the different services as long as you use the same private key.

Comparing Password vs Key Pair Authentication

Below we show comparisons between the password and key pair authentication mechanisms.
NOTE: These are grossly over-simplified diagrams of how the various technologies work. It is meant to just provide an general idea of the steps involved and what is happening.

Creating Key Pairs

Most operating systems support a tool called ssh-keygen that allows you to create a public/private key pair.

Linux / Apple OSX / Windows 10

1. Open a Terminal window / prompt
   On Windows, you can open a Command Prompt or PowerShell
   See Enable OpenSSH on Windows 10 if ssh-keygen is not enabled on Windows 10 (older versions do not have it enabled by default)
2. Enter the ssh-keygen -t ed25519 command to open up an interactive prompt that takes you through the steps of creating an SSH key
3. Type a filename for the key, or use the default
   • If you are only using one SSH key pair, you can keep the default (usually ~/.ssh/id_ed25519)
   • If you are creating multiple key pairs for different purposes, you should name it something meaningful (e.g. ~/.ssh/home_github_key)
4. Finally, type your passphrase. You should ALWAYS use a passphrase
   If your key has a passphrase, then if someone somehow gets your private key file, they will still not be able to use it unless they are able to guess your passphrase. In some cases, such as setting up server/application automation (hadoop, MPI, etc), you may want to create a key without a passphrase. But this should NEVER be done for a key used to remote access a system, repository, etc from public networks
   • NOTE: When typing passwords in the terminal, no text will appear while you type — press Enter to continue
5. Your public and private key pair should now be available in ~/.ssh/ or wherever you specified.

Authenticating and Connecting with Key Pairs

Linux / Apple OSX / Windows 10

Authorize your key pair on a remote server

Once you have created your key pair, you need to authorize the key pair to unlock your account.

• Copy your identity (public key) over to the remote server using the ssh-copy-id command:
  ssh-copy-id username@remoteservername.ca – substituting your particular username and remote server name (or IP address)
• NOTE: If you created a specific ssh key file (rather than using the default), you can specify it with the -i option:
  ssh-copy-id -i <PUBLIC KEY FILE> username@remoteservername.ca – giving your public key file

Connect to the remote server using the key pair

Once you have authorized the key pair you can connect with it.

• Connect using your default ssh key using the ssh command:
  ssh username@remoteservername.ca – substituting your particular username and remote server name (or IP address)
• NOTE: If you created a specific ssh key file (rather than using the default), you can specify it with the -i option:
  ssh -i <PRIVATE KEY FILE> username@remoteservername.ca – This time specifying your private key file

For information about connecting with PuTTY, visit the Connecting to OpenStack with SSH and PuTTY quick-start guide.

Advanced Topic: Configuring SSH

Once you start using SSH for many different services and making use of multiple key pair identities, it may be useful to start using an SSH configuration file.

SSH configs enable:

• Giving servers simpler aliases, e.g. typing ssh openstack rather than ssh 134.117.x.x
• Using different identities with different servers without needing to specify each time
• Forward ports with SSH to access remote services, such as forwarding a Jupyter Notebook server from a remote port to a local port

There is a lot of information available online about setting up ssh configurations for different purposes. Your ssh configuration is typically in your home ssh folder, such as ~/.ssh on Linux or %USERPROFILE%/.ssh/ on Windows, with OpenSSH installed. If there isn’t a file called config you can make one. Below is a sample SSH configuration to have one passwordless private key for Github and another passworded key for OpenStack, with parts that need to be switched for individual use.

Using the above file, you could then connect to your OpenStack instance using ssh openstack rather than ssh -i ~/.ssh/openstack.pem username@134.117.x.x and git will also use the correct identity file when using SSH and working with GitHub.com.

Use the following settings to make a terminal connection – Some of your settings will be different

• host: 134.117.216.10 – Replace this with your own instance’s floating IP address
• username: student – default for most of our OpenStack images
• password: student – default for most of our OpenStack images

Enter settings into putty:

Enter username / password:

You should see a similar prompt when you successfully connect:

Debugging the Invalid �Ӱ�ԭ��One password Error

As the error suggests, this means you are entering your mc1 (My �Ӱ�ԭ�� One) password incorrectly. If you are confident that the password is correct, it is possible your password is not synchronized properly on all the University systems.

To troubleshoot, follow these steps:

1. Attempt to login to the
2. Attempt to login to either the or the CU-wireless Service
3. Attempt to login to
   IMPORTANT:You must login to the legacy cuLearn service at this link, DO NOT follow the redirect link to brightspace, as that is a different system (already tested above)

If any of these three are not working, then that confirms your password is not synchronized across all systems. You must do a password update, which is done here:

• Reset your �Ӱ�ԭ��One Password
• If the password reset does not work, or if you have trouble resetting your password, you may need to contact the ITS service desk