TTSSH: An SSH Extension to Teraterm
What TTSSH Is
TTSSH is a free SSH client for Windows. It is implemented as an extension DLL
for Teraterm Pro.
Teraterm Pro is a superb free terminal emulator/telnet client for Windows,
and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without
sacrificing any of Teraterm's existing functionality. TTSSH is also free and its
source is available too. Furthermore,
TTSSH has been developed entirely in Australia, and can be exported from here to
anywhere in the world (apart from places where people aren't allowed to own
cryptographic software at all :-( ).
To be more precise, the current version of TTSSH (1.2) includes the following
features:
- Compatible with SSH protocol version 1.5
- Ciphers: 3DES, IDEA, Blowfish, DES, RC4
- Server authentication using the ssh_known_hosts database (including the option
of adding a server's key to the database)
- Authentication using password, RSA, rhosts and rhosts+RSA
- Compression support
- Connection forwarding (although forwarding of X11 connections is best described as
"experimental")
Note that TTSSH is just an SSH client and does not include any other SSH tools
(scp, ssh-keygen, ssh-agent, etc). Furthermore, because it's tied into Teraterm, it's only
suitable for interactive use. For non-interactive uses such as interprocess
communication, you want a straight port of the Unix client.
What's New
- June 6, 1998, version 1.2: Connection forwarding added and a few bugs
fixed. Since I'm returning to the USA tomorrow, this will be the last release for
several months unless an overseas maintainer is found.
- June 3, 1998, version 1.1: RSA, rhosts, rhosts+RSA support added.
Default authentication options dialog box added. ttxssh.exe added.
Numerous bugs fixed (thanks DK).
- June 1, 1998, version 1.02: Another bug fix. Non-SSH sessions used to crash
at the end of the session.
- June 1, 1998, version 1.01: Oops! I released the debug version by mistake and it
didn't work for many people. Replaced it with the correct release version.
- May 20, 1998, version 1.0: Initial release.
How to Obtain and Install TTSSH
Currently TTSSH is only available for Win32 platforms (Windows 95 and NT).
Support for Windows 3.1 is plausible but I don't have the tools to build it.
Perhaps someone will be able to help with this. Furthermore, it's only
available for Intel platforms. Again, I don't have the tools to compile it
anywhere else, and someone else may be able to help.
- Download the software package.
- Unzip it into a directory where you've already installed
Teraterm 2.3.
This will create files LIBEAY32.DLL, TTXSSH.DLL and TTSSH.EXE.
- Run "TTSSH.EXE" and the extension should be available.
You should see a new "SSH" option in the "New Connection" dialog box and new menu items
"Setup / SSH...", "Setup / SSH Authentication..." and "Help / About TTSSH...".
- IMPORTANT NOTE: If you are in a country where the RSA patent applies (such as the USA),
then you may need to obtain
a special version of LIBEAY32.DLL that has been modified to use their implementation,
if you want to be legally squeaky clean. There may be a site in the US where this
can be obtained, and if I can find one, I'll list it here.
For now, Darrell
Kindred may be able to provide you with a copy (if you are a US citizen).
Note that the DLL provided will work perfectly well, this issue is for
the lawyers.
How to Use TTSSH
For now, I'll leave that up to you to figure out. It's pretty straightforward.
I'll produce some real documentation at a later date. Here are some hints:
- If you have an ssh_known_hosts file that you want to use, copy it into your
Teraterm directory.
- The Teraterm icon changes to let you know when you have a secure connection.
The About TTSSH dialog box shows you more information about the status of
the connection.
- You can give the command-line option "/ssh" (or "-ssh") to cause SSH to be
enabled automatically. This
is particularly useful in shortcuts. For example, "ttermpro pink-floyd:22 /ssh"
starts an SSH connection to pink-floyd. Don't forget to explicitly specify port 22.
- You can bypass TTSSH.EXE and enable the SSH extension whenever you run Teraterm.
To do this,
make sure that the environment variable TERATERM_EXTENSIONS is
set to 1. You might as well make this change in your user profile
(in NT, that means using the System control panel). This will speed up the startup
a little bit.
- Connection forwarding is only available from the command line. The options are
similar to the vanilla "ssh" forwarding options. Instead of
"-L port:remotehost:remoteport"
use "/ssh-Llocalport:remotehost:remoteport" (no space). Instead of
"-R remoteport:localhost:localport"
use "/ssh-Rremoteport:localhost:localport" (no space).
Connection forwarding has not been tested enough; it is functional, but perhaps not
very robust.
- X11 forwarding is also only available from the command line. Use the option "/ssh-X"
or "-ssh-X". Screen 0 is always used, both at the remote end and the local end. When this
option is specified, the environment variable TTSSH_XAUTH_PROTOCOL must be set to the name
of the xauth protocol used by the local X server, and the environment variable TTSSH_XAUTH_DATA
must be set to the xauth data for the local X server. These strings are sent verbatim
to the SSH server. TTSSH doesn't set these up automatically because I don't know how to
obtain this information for a Win32 X server. For someone who knows how to get that
information, it should be easy
to write a script or a wrapper program (perhaps modifying TTSSH.EXE) to stuff the right
strings into the environment variables. Note that TTSSH DOES NOT
do xauth data spoofing as recommended in the SSH spec. IMPORTANT NOTE:
X11 forwarding HAS NOT been tested at all. Unfortunately, I didn't have any Win32 X server on
hand to test with. Therefore, it probably doesn't work. Maybe I got lucky and got it
right first time. We'll soon see.
What the Government Wants You to Know
This code contains cryptographic software covered by US ITAR regulations
and by the laws of various countries. Its distribution and use may be
restricted by these laws and regulations. In particular, it is probably
illegal to make this code publically available at a US site.
This version of LIBEAY contains RSA code that is not derived from the RSAREF
reference implementation. Therefore it is probably illegal to use this LIBEAY
in the US for patent reasons. US users should obtain a version of LIBEAY
compiled with RSAREF and use it to replace the LIBEAY32.DLL provided in this
package.
What I Want You to Know
All the usual free software legalese applies. There are no warranties
of any kind. The software is provided entirely "as is", and use is entirely
at the discretion and risk of the user. Enjoy!
Who to Thank
- This code started with Ian Goldberg's Top Gun SSH for the Pilot.
- It makes use of Eric Young's cryptographic library, taken from SSLeay 0.8.1.
His copyright notice is included as LIBEAY.TXT. The LIBEAY32
used by TTXSSH is a plain "out-of-the-box" build.
- This code uses the GNU zlib library (version 1.0.4). That library is
(C) 1995-1996 Jean-loup Gailly and Mark Adler.
- Finally, this would not have been possible without the cooperation of T.
Teranishi. Many thanks!
What to Do about Bugs
TTSSH has been tested in Windows 95 and NT 4.0. Mileage with other platforms
may vary, but I'm interested in getting bug reports.
Known bugs:
- Patterns in ssh_known_hosts files that contain many * wildcard characters
may take excessive time to match against the hostname. The program should
fall back to a worst-case quadratic time algorithm.
- If you connect to a host, then disconnect, then quickly try to reconnect to the
same host, there is about a 1 in 500 chance that the reconnection will fail
(in which case you should just try again). This is because we try to allocate a
privileged port between 512 and 1024 for the socket to make rhosts
authentication possible. Unfortunately, if some other socket is in a TIME_WAIT state
(i.e. closure in progress) then we may successfully 'bind' to the same port but
then 'connect' will fail, complaining that the port is already in use. This
only happens when we try to connect to the same host that the other socket was
connected too. Weird, eh? We try random ports to try to prevent this from
happening too much.
- Sometimes the remote host will disconnect and the window will not close even if
you've specified "close window on disconnect". This happens when a dialog box or
message box is showing when the disconnect is detected. This is actually a Teraterm
"feature", and there's nothing I can do about it.
How You can Help
I need somewhere to host the binaries for download (and the source too). My
Australian ISP is going to charge me serious $$$ if a zillion people download
the package. Also, since I will be returning to the US very soon, I won't be
able to maintain the code myself and it will freeze for a while unless I
can find another volunteer.
What the Terms and Conditions are
Redistribution and use in binary forms, without modification, are permitted
provided that the following conditions are met:
- Redistributions must contain the files ttssh.html and ttxssh.dll,
unmodified.
- The conditions of the contributors must be met. In particular, if
libeay32.dll is included, then libeay.txt must be included and its conditions
followed.