source: other-projects/trunk/gs3-release-maker/tasks/sshtaskdef/src/mindbright/README.095@ 14627

=================
= RELEASE NOTES =
=================

MindTerm, release 0.95 - Nov 13, 1998

MindTerm is an entirely free SSH (currently v1.5) client program
written entirely in Java. One notable feature which sets it aside from
some other clients (apart from beeing fully multi-platform) is a
special FTP-tunnel which can be used to access a "normal" ftp-server,
i.e. no special stuff needed on the sshd-side.

New in this release:
    o  RSA/rhosts-RSA authentication method added
    o  DES/3DES and RC4 cryptos added (RC4 is for speed, I know
       it's weak...)
    o  New copyright-policy, now MindTerm is totally FREEWARE, only limitation
       is that you may not derive commercial work from it without our
       written permission
    o  I have given up(*) on the built-in seed-generator of SecureRandom and implemented my own
       (which might be a bit naive but it's random enough for me, improvements are welcome!).
    o  Now "applet-enabled", the class mindbright.applet.MindTerm can be used to run MindTerm
       as an applet(***) (both in a separate Frame or in the Applet-Panel itself)
    o  Fixed some minor stuff also (thanks to among others: <[email protected]>)
    o  Fixed bug in TerminalWin which caused an ArrayIndexOutOfBoundsException on occasion

(*) There seems to be problems with running the built-in seed-generator of the class
    java.security.SecureRandom. In some situations it never returns and in others it
    seems to take several minutes to complete. I implemented my own seed-generator
    which is in the file mindbright/security/BogusSeed.java, it has quite some
    non-determinism(**) about it, it might not be the most random seed you
    will ever see but it sure is random enough for me... However you can still use
    the built-in seed-generator with command-line option '-r' if it works for you.

(**) It runs for a non-fixed time under which it randomly samples the milliseconds-clock
     (least significant 2 bytes), it also samples free memory (also 2 lsb), and also it
     samples the hashcode (2 lsb) of newly created Objects. The time spent generating the
     seed is dependant on the time spent before connecting, the time for name-lookup on
     the ssh-server, the time of the TCP-connect, and the time for transmission of the
     initial "handshake" (i.e. id-string and SMSG_PUBLIC_KEY).

(***) Currently works only with IE4, Netscape does not ship the whole java.* classes in their
      browsers (at least to my knowledge). It should work with the java-plugin but I have not
      tried this. See <http://www.mindbright.se/sshlogin.html> for example of usage.

Lot's of new stuff added (and on the way) since last release. I have
changed the licensing terms to full FREEWARE, this means that the
program is (and allways will be) available for free for any usage. The
only restriction is that you can't make a program derived from our
packages/sources and sell it without our written permission (we would
like a license-fee in that case). One exception is the security-package
which is totally free from any licensing claims from us, though it
contains code that are derived from others' work, check the
source-code for details (this is also due to swedish crypto-export-law
which sucks :-), finland for example have a much better situation in
this area).

Upcoming features (with all this done we will *really* be at a 1.0'ish level :-) :
    o  Property-files (on a per server basis) to be able to store
       parameters (e.g. server-host-keys, identity-file, port-number
       etc.). Also the terminal-settings will be saved between sessions
    o  SSH2 support (of course :-)
    o  Better key-mapping support
    o  Telnet (maybe "Kerbified" and/or "SSLified" aswell)
    o  Make the plugins more usable (clean/effective), maybe add some other proxy-service?
       (suggestions welcome!)
    o  Exit to command-shell without disconnecting (should have done this a while ago, it bugs me!)
    o  Dynamic allocation of local-port-forwards (this can be done allready but there is
       no function in the user-interface for it, in fact the FTP-plugin does it allready :-).
    o  Dynamic allocation of remote-port-forwards, restricted to changing local
       host/port to connect back to, the remote port can't of course be changed
    o  Use the java.security hierarchy fully (as it is meant to work)
    o  Priority/mtu on a per tunnel basis (i.e. make some tunnels "more
       responsive" than others)
    o  Lot's of error-handling and general clean-up
    o  A GUI with a menubar and such, can be useful :-)
    o  Colors in terminal
    o  Scaling font in terminal instead of changing rows/cols when resizing terminal
    o  App-keys in terminal a'la VT100
    o  etc.

=================

MindTerm has been tested with jdk1.1.6(v5), jdk1.1.5 on Linux (with 2.0.34
kernel), on Windows NT4 and Windows-95/98 also with jdk1.1.7A. All tests
were against sshd versions 1.2.17, 1.2.21, 1.2.25 and 1.2.26. Your milage
with other platforms/versions may vary. Please read this entire text
before starting to use MindTerm.

All comments and bug-reports should be sent to:
<[email protected]>

Information about this program and its source code can be found at:
<http://www.mindbright.se/mindterm/>

Features list:
    o  Password and RSA/rhosts-RSA authentication
    o  3DES/DES, Blowfish and RC4 block-ciphers
    o  Standard SSH port-forwarding (including X11-forwarding)
    o  Special FTP port-forwarding (see FTP-NOTE below)
    o  Plugin-architecture for adding other (than FTP)
       protocol-specific "proxies"
    o  Full (almost :-) vt100 support (i.e. emacs, pine, vi, elm
       etc. works :-)
    o  "applet-enabled", the class mindbright.applet.MindTerm can be used to run MindTerm
       as an applet (both in a separate Frame or in the Applet-Panel itself)
    o  Copy/paste with mouse selection ('copy-on-select' and insert-key pastes)
    o  Cursor-keys (with DECCKM toggle) and PgUP, PgDN, Home and End
       keys can be used
    o  NonGUI mode, i.e. run at command-line without opening a
       terminal-window
    o  MTU option (to be able to controll maximum packet size)
    o  The ssh package can be used quite easily by itself to "SSH-enable"
       an arbitrary java-application
    o  The terminal and security packages can (of course) also be used by itself
    o  Cross-platform (it's java :-)

FTP-NOTE: The FTP port-forwarding is done entirely in the client, no
patching of the sshd is needed. The FTP port-forwarding is only
supported for local-port-forward, i.e. you can connect to a remote
FTP-server through the tunnel. It works "100% transparent" with
"modern" ftp-clients that use the PASV ftp-command (e.g. Netscape
navigator). Older (and not so smart) clients that still use the PORT
command are in trouble, since the remote-port-forwards only can be
initialized at startup (i.e. before the sshd goes into its
server-loop) the best we can do is to pre-allocate the remote-port at
startup and reuse it through-out an FTP session. The problem with this
is of course the ftpd's way of using the ftp-data port for connecting
back to the client hence rendering our remote-ports unusable by the
ftpd's ftp-data-port for about a minute after disconnect (i.e. when
the tcp-socket is in state TIME_WAIT). This is partly worked around by
pre-allocating a number of ports on the remote end using them in a
round-robin fashion enabling us to do some PORT-commands in a row, if
however we do too many in about a minutes time we're out of available
connections back to ourselves making the ftp-server angry :-). This
could of course easily be solved by patching the sshd but that might
not be feasible in all situations.


INSTALLATION:

In order to use this program you need the java-runtime (jdk or jre)
from Javasoft or any other party providing a port for your
platform. This program has been tested with jdk1.1.6(v5) and jdk1.1.5
on Linux (2.0.34 kernel), Windows NT4 and Windows-95 also with
jdk1.1.7A. Please read the installation notes for your respective
platform before trying to run MindTerm.

Examples of where the java-runtime can be found:

Linux:
    http://www.blackdown.org/java-linux.html

Win32 and Solaris:
    http://www.javasoft.com/products/jdk/1.1/
        or
    http://www.javasoft.com/products/jdk/1.1/jre/index.html

When you have installed the java-runtime and made yourself familiar
with how to use it you are ready to run the MindTerm. The
commandline-options of MindTerm are somewhat similar to those of the
free ssh-client for unix. When run with option '-?' MindTerm says:

usage: MindTerm [options] [<server>]
Options:
  -l user     Log in using this user name.
  -r          Use built in seed-generator in SecureRandom.
  -d          No terminal-window, only dumb command-line and port-forwarding.
  -i file     Name of the RSA identity file (default: ~/.ssh/identity).
  -V          Display version number only.
  -c cipher   Select encryption algorithm: ``idea'', ``blowfish'', ``3des''
  -p port     Connect to this port.  Server must be on the same port.
  -L [/plugin/]listen-port:host:port Forward local port to remote address.
  -R [/plugin/]listen-port:host:port Forward remote port to local address.

Note that you don't have to give any command-line options in order to run
MindTerm, all settings can be changed from a simple command-shell
inside the program (see below).

The program can be run with a command something like the following:

java -classpath <libpath>/classes.zip:<mindpath>/mindterm.jar mindbright.application.MindTerm

where:

<libpath> is wherever your java-runtime libraries resides. Note that if you use
          a CLASSPATH environment variable you might use that instead and just add
          the mindterm.jar to it like:
          CLASSPATH = CLASSPATH:/usr/local/myjavaapps/mindterm.jar

<mindpath> is wherever you put the mindterm.jar file.

In the case where you have added the file TO the class-path (i.e. not put
the file IN a directory in the class-path). The command would of course just be:

java mindbright.application.MindTerm

Note that when using Windows NT/95 you use ';' instead of ':' in the path, but you knew that.

When the program is started it does some initialisation, this can take
several seconds depending on the speed of your machine. When the
copyright notice has been printed you are prompted for the SSH-server
to connect to.

To enter the local command-shell you press ctrl-D at the prompt
(i.e. before having logged in).  If running in "dumb" mode you might
have to press ENTER after pressing ctrl-D.

The simple command-shell that is used in abscense of a GUI has these commands:

 go                                    Start SSH-session with current settings.
 quit                                  Quit program.
 add <l|r> [/<plug>/]<port>:<host>:<port>  (see below).
 del <l|r> <listen-port>               Remove forwarded local or remote port.
 list                                  Lists current parameters and forwards.
 set <parameter> <value>               Set value of a parameter.
 help                                  Display this list, but you knew that :-).

 Examples of adding a remote/local tunnel:
 > add r 4711:www.foo.com:80           Adds a remote tunnel at port 4711 back to
                                       www.foo.com port 80 without a plugin,
                                       i.e. default tunneling behaviour.
 > add l /ftp/4711:ftp.foobar.com:21   Adds a local tunnel going to ftp.bar.com
                                       port 21 using the ftp protocol-plugin to
                                       handle protocol specific needs.

ABOUT THE AUTHOR
This software is written and maintained by Mats Andersson
<[email protected]> of Mindbright Technology in Sweden.