TTSSH: An SSH Extension to Teraterm

By Robert O'Callahan (roc+tt@cs.cmu.edu)

What TTSSH Is

TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free and its source is available too. Furthermore, TTSSH has been developed entirely in Australia, and can be exported from here to anywhere in the world (apart from places where people aren't allowed to own cryptographic software at all :-( ).

To be more precise, the current version of TTSSH (1.2) includes the following features:

• Compatible with SSH protocol version 1.5
• Ciphers: 3DES, IDEA, Blowfish, DES, RC4
• Server authentication using the ssh_known_hosts database (including the option of adding a server's key to the database)
• Authentication using password, RSA, rhosts and rhosts+RSA
• Compression support
• Connection forwarding (although forwarding of X11 connections is best described as "experimental")

Note that TTSSH is just an SSH client and does not include any other SSH tools (scp, ssh-keygen, ssh-agent, etc). Furthermore, because it's tied into Teraterm, it's only suitable for interactive use. For non-interactive uses such as interprocess communication, you want a straight port of the Unix client.

What's New

• June 6, 1998, version 1.2: Connection forwarding added and a few bugs fixed. Since I'm returning to the USA tomorrow, this will be the last release for several months unless an overseas maintainer is found.
• June 3, 1998, version 1.1: RSA, rhosts, rhosts+RSA support added. Default authentication options dialog box added. ttxssh.exe added. Numerous bugs fixed (thanks DK).
• June 1, 1998, version 1.02: Another bug fix. Non-SSH sessions used to crash at the end of the session.
• June 1, 1998, version 1.01: Oops! I released the debug version by mistake and it didn't work for many people. Replaced it with the correct release version.
• May 20, 1998, version 1.0: Initial release.

How to Obtain and Install TTSSH

Currently TTSSH is only available for Win32 platforms (Windows 95 and NT). Support for Windows 3.1 is plausible but I don't have the tools to build it. Perhaps someone will be able to help with this. Furthermore, it's only available for Intel platforms. Again, I don't have the tools to compile it anywhere else, and someone else may be able to help.

1. Download the software package.
2. Unzip it into a directory where you've already installed Teraterm 2.3. This will create files LIBEAY32.DLL, TTXSSH.DLL and TTSSH.EXE.
3. Run "TTSSH.EXE" and the extension should be available. You should see a new "SSH" option in the "New Connection" dialog box and new menu items "Setup / SSH...", "Setup / SSH Authentication..." and "Help / About TTSSH...".
4. IMPORTANT NOTE: If you are in a country where the RSA patent applies (such as the USA), then you may need to obtain a special version of LIBEAY32.DLL that has been modified to use their implementation, if you want to be legally squeaky clean. There may be a site in the US where this can be obtained, and if I can find one, I'll list it here. For now, Darrell Kindred may be able to provide you with a copy (if you are a US citizen). Note that the DLL provided will work perfectly well, this issue is for the lawyers.

How to Use TTSSH

For now, I'll leave that up to you to figure out. It's pretty straightforward. I'll produce some real documentation at a later date. Here are some hints:

• If you have an ssh_known_hosts file that you want to use, copy it into your Teraterm directory.
• The Teraterm icon changes to let you know when you have a secure connection. The About TTSSH dialog box shows you more information about the status of the connection.
• You can give the command-line option "/ssh" (or "-ssh") to cause SSH to be enabled automatically. This is particularly useful in shortcuts. For example, "ttermpro pink-floyd:22 /ssh" starts an SSH connection to pink-floyd. Don't forget to explicitly specify port 22.
• You can bypass TTSSH.EXE and enable the SSH extension whenever you run Teraterm. To do this, make sure that the environment variable TERATERM_EXTENSIONS is set to 1. You might as well make this change in your user profile (in NT, that means using the System control panel). This will speed up the startup a little bit.
• Connection forwarding is only available from the command line. The options are similar to the vanilla "ssh" forwarding options. Instead of "-L port:remotehost:remoteport" use "/ssh-Llocalport:remotehost:remoteport" (no space). Instead of "-R remoteport:localhost:localport" use "/ssh-Rremoteport:localhost:localport" (no space). Connection forwarding has not been tested enough; it is functional, but perhaps not very robust.
• X11 forwarding is also only available from the command line. Use the option "/ssh-X" or "-ssh-X". Screen 0 is always used, both at the remote end and the local end. When this option is specified, the environment variable TTSSH_XAUTH_PROTOCOL must be set to the name of the xauth protocol used by the local X server, and the environment variable TTSSH_XAUTH_DATA must be set to the xauth data for the local X server. These strings are sent verbatim to the SSH server. TTSSH doesn't set these up automatically because I don't know how to obtain this information for a Win32 X server. For someone who knows how to get that information, it should be easy to write a script or a wrapper program (perhaps modifying TTSSH.EXE) to stuff the right strings into the environment variables. Note that TTSSH DOES NOT do xauth data spoofing as recommended in the SSH spec. IMPORTANT NOTE: X11 forwarding HAS NOT been tested at all. Unfortunately, I didn't have any Win32 X server on hand to test with. Therefore, it probably doesn't work. Maybe I got lucky and got it right first time. We'll soon see.

What the Government Wants You to Know

This code contains cryptographic software covered by US ITAR regulations and by the laws of various countries. Its distribution and use may be restricted by these laws and regulations. In particular, it is probably illegal to make this code publically available at a US site.

This version of LIBEAY contains RSA code that is not derived from the RSAREF reference implementation. Therefore it is probably illegal to use this LIBEAY in the US for patent reasons. US users should obtain a version of LIBEAY compiled with RSAREF and use it to replace the LIBEAY32.DLL provided in this package.

What I Want You to Know

All the usual free software legalese applies. There are no warranties of any kind. The software is provided entirely "as is", and use is entirely at the discretion and risk of the user. Enjoy!

Who to Thank

• This code started with Ian Goldberg's Top Gun SSH for the Pilot.
• It makes use of Eric Young's cryptographic library, taken from SSLeay 0.8.1. His copyright notice is included as LIBEAY.TXT. The LIBEAY32 used by TTXSSH is a plain "out-of-the-box" build.
• This code uses the GNU zlib library (version 1.0.4). That library is (C) 1995-1996 Jean-loup Gailly and Mark Adler.
• Finally, this would not have been possible without the cooperation of T. Teranishi. Many thanks!

What to Do about Bugs

TTSSH has been tested in Windows 95 and NT 4.0. Mileage with other platforms may vary, but I'm interested in getting bug reports.

Known bugs:

• Patterns in ssh_known_hosts files that contain many * wildcard characters may take excessive time to match against the hostname. The program should fall back to a worst-case quadratic time algorithm.
• If you connect to a host, then disconnect, then quickly try to reconnect to the same host, there is about a 1 in 500 chance that the reconnection will fail (in which case you should just try again). This is because we try to allocate a privileged port between 512 and 1024 for the socket to make rhosts authentication possible. Unfortunately, if some other socket is in a TIME_WAIT state (i.e. closure in progress) then we may successfully 'bind' to the same port but then 'connect' will fail, complaining that the port is already in use. This only happens when we try to connect to the same host that the other socket was connected too. Weird, eh? We try random ports to try to prevent this from happening too much.
• Sometimes the remote host will disconnect and the window will not close even if you've specified "close window on disconnect". This happens when a dialog box or message box is showing when the disconnect is detected. This is actually a Teraterm "feature", and there's nothing I can do about it.

How You can Help

I need somewhere to host the binaries for download (and the source too). My Australian ISP is going to charge me serious $$$ if a zillion people download the package. Also, since I will be returning to the US very soon, I won't be able to maintain the code myself and it will freeze for a while unless I can find another volunteer.

What the Terms and Conditions are

Redistribution and use in binary forms, without modification, are permitted provided that the following conditions are met:

• Redistributions must contain the files ttssh.html and ttxssh.dll, unmodified.
• The conditions of the contributors must be met. In particular, if libeay32.dll is included, then libeay.txt must be included and its conditions followed.