// Change to Login Servers

Changing NASA security requirements are driving a need to discontinue the use of older SSH encryption ciphers that are no longer secure. The NCCS login systems will stop accepting these ciphers on 01/12/22. These insecure ciphers are embedded in older software clients that users use to connect to the NCCS, e.g. OpenSSH 5.3 or older, PuTTY 0.6x or older, and/or WinSCP 5.10 or older. In most cases, users will simply need to upgrade these clients in order to continue connecting to the NCCS via SSH (see below for preferred versions).

Once your clients are updated, use PuTTY to connect to "login.nccs.nasa.gov" using the default settings profile to accept the new ECDSA host key, then attempt a connection via WinSCP.

Note, if you are using a more modern SSH client, you may get prompted to accept a new login.nccs.nasa.gov Host Key after we make the above change. You can validate the Host Key Fingerprints here.

Determining Client Software Versions


OpenSSH:
At a command prompt, run: "ssh -V"

PuTTY:
Within the configuration screen, click the "About" from the lower left.
Within a session, click the icon in the upper left corner, then click "About PuTTY"
From a command prompt, type "plink -V"

The latest software (version 0.76) can be found here. If you have a EUSO laptop, you may need to ask the Enterprise Service Desk (ESD) to do the install.

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

If you use your PIV card to login, the NCCS recommends using this version of PuTTY:

https://github.com/NoMoreFood/putty-cac/releases

WinSCP 5.x:
From the session window, click "Tools", then "About".

The latest version is 5.19 and can be downloaded here:

https://winscp.net/eng/index.php

If you have operational reasons that you cannot upgrade your SSH client by 01/12/22, please contact the NCCS via support@nccs.nasa.gov, and we will work with you on this issue.

If you are using an older SSH client, please upgrade it as soon as possible. If you don't have elevated privileges on your system, you may need to ask your sysadmin or the ESD to do the install. The ESD can also be reached at (877) 677-2123, option 2. Thank you for your attention to this matter.

Sincerely,
NCCS User Services