1 | =================
|
---|
2 | = RELEASE NOTES =
|
---|
3 | =================
|
---|
4 |
|
---|
5 | MindTerm, release 0.95 - Nov 13, 1998
|
---|
6 |
|
---|
7 | MindTerm is an entirely free SSH (currently v1.5) client program
|
---|
8 | written entirely in Java. One notable feature which sets it aside from
|
---|
9 | some other clients (apart from beeing fully multi-platform) is a
|
---|
10 | special FTP-tunnel which can be used to access a "normal" ftp-server,
|
---|
11 | i.e. no special stuff needed on the sshd-side.
|
---|
12 |
|
---|
13 | New in this release:
|
---|
14 | o RSA/rhosts-RSA authentication method added
|
---|
15 | o DES/3DES and RC4 cryptos added (RC4 is for speed, I know
|
---|
16 | it's weak...)
|
---|
17 | o New copyright-policy, now MindTerm is totally FREEWARE, only limitation
|
---|
18 | is that you may not derive commercial work from it without our
|
---|
19 | written permission
|
---|
20 | o I have given up(*) on the built-in seed-generator of SecureRandom and implemented my own
|
---|
21 | (which might be a bit naive but it's random enough for me, improvements are welcome!).
|
---|
22 | o Now "applet-enabled", the class mindbright.applet.MindTerm can be used to run MindTerm
|
---|
23 | as an applet(***) (both in a separate Frame or in the Applet-Panel itself)
|
---|
24 | o Fixed some minor stuff also (thanks to among others: <[email protected]>)
|
---|
25 | o Fixed bug in TerminalWin which caused an ArrayIndexOutOfBoundsException on occasion
|
---|
26 |
|
---|
27 | (*) There seems to be problems with running the built-in seed-generator of the class
|
---|
28 | java.security.SecureRandom. In some situations it never returns and in others it
|
---|
29 | seems to take several minutes to complete. I implemented my own seed-generator
|
---|
30 | which is in the file mindbright/security/BogusSeed.java, it has quite some
|
---|
31 | non-determinism(**) about it, it might not be the most random seed you
|
---|
32 | will ever see but it sure is random enough for me... However you can still use
|
---|
33 | the built-in seed-generator with command-line option '-r' if it works for you.
|
---|
34 |
|
---|
35 | (**) It runs for a non-fixed time under which it randomly samples the milliseconds-clock
|
---|
36 | (least significant 2 bytes), it also samples free memory (also 2 lsb), and also it
|
---|
37 | samples the hashcode (2 lsb) of newly created Objects. The time spent generating the
|
---|
38 | seed is dependant on the time spent before connecting, the time for name-lookup on
|
---|
39 | the ssh-server, the time of the TCP-connect, and the time for transmission of the
|
---|
40 | initial "handshake" (i.e. id-string and SMSG_PUBLIC_KEY).
|
---|
41 |
|
---|
42 | (***) Currently works only with IE4, Netscape does not ship the whole java.* classes in their
|
---|
43 | browsers (at least to my knowledge). It should work with the java-plugin but I have not
|
---|
44 | tried this. See <http://www.mindbright.se/sshlogin.html> for example of usage.
|
---|
45 |
|
---|
46 | Lot's of new stuff added (and on the way) since last release. I have
|
---|
47 | changed the licensing terms to full FREEWARE, this means that the
|
---|
48 | program is (and allways will be) available for free for any usage. The
|
---|
49 | only restriction is that you can't make a program derived from our
|
---|
50 | packages/sources and sell it without our written permission (we would
|
---|
51 | like a license-fee in that case). One exception is the security-package
|
---|
52 | which is totally free from any licensing claims from us, though it
|
---|
53 | contains code that are derived from others' work, check the
|
---|
54 | source-code for details (this is also due to swedish crypto-export-law
|
---|
55 | which sucks :-), finland for example have a much better situation in
|
---|
56 | this area).
|
---|
57 |
|
---|
58 | Upcoming features (with all this done we will *really* be at a 1.0'ish level :-) :
|
---|
59 | o Property-files (on a per server basis) to be able to store
|
---|
60 | parameters (e.g. server-host-keys, identity-file, port-number
|
---|
61 | etc.). Also the terminal-settings will be saved between sessions
|
---|
62 | o SSH2 support (of course :-)
|
---|
63 | o Better key-mapping support
|
---|
64 | o Telnet (maybe "Kerbified" and/or "SSLified" aswell)
|
---|
65 | o Make the plugins more usable (clean/effective), maybe add some other proxy-service?
|
---|
66 | (suggestions welcome!)
|
---|
67 | o Exit to command-shell without disconnecting (should have done this a while ago, it bugs me!)
|
---|
68 | o Dynamic allocation of local-port-forwards (this can be done allready but there is
|
---|
69 | no function in the user-interface for it, in fact the FTP-plugin does it allready :-).
|
---|
70 | o Dynamic allocation of remote-port-forwards, restricted to changing local
|
---|
71 | host/port to connect back to, the remote port can't of course be changed
|
---|
72 | o Use the java.security hierarchy fully (as it is meant to work)
|
---|
73 | o Priority/mtu on a per tunnel basis (i.e. make some tunnels "more
|
---|
74 | responsive" than others)
|
---|
75 | o Lot's of error-handling and general clean-up
|
---|
76 | o A GUI with a menubar and such, can be useful :-)
|
---|
77 | o Colors in terminal
|
---|
78 | o Scaling font in terminal instead of changing rows/cols when resizing terminal
|
---|
79 | o App-keys in terminal a'la VT100
|
---|
80 | o etc.
|
---|
81 |
|
---|
82 | =================
|
---|
83 |
|
---|
84 | MindTerm has been tested with jdk1.1.6(v5), jdk1.1.5 on Linux (with 2.0.34
|
---|
85 | kernel), on Windows NT4 and Windows-95/98 also with jdk1.1.7A. All tests
|
---|
86 | were against sshd versions 1.2.17, 1.2.21, 1.2.25 and 1.2.26. Your milage
|
---|
87 | with other platforms/versions may vary. Please read this entire text
|
---|
88 | before starting to use MindTerm.
|
---|
89 |
|
---|
90 | All comments and bug-reports should be sent to:
|
---|
91 | <[email protected]>
|
---|
92 |
|
---|
93 | Information about this program and its source code can be found at:
|
---|
94 | <http://www.mindbright.se/mindterm/>
|
---|
95 |
|
---|
96 | Features list:
|
---|
97 | o Password and RSA/rhosts-RSA authentication
|
---|
98 | o 3DES/DES, Blowfish and RC4 block-ciphers
|
---|
99 | o Standard SSH port-forwarding (including X11-forwarding)
|
---|
100 | o Special FTP port-forwarding (see FTP-NOTE below)
|
---|
101 | o Plugin-architecture for adding other (than FTP)
|
---|
102 | protocol-specific "proxies"
|
---|
103 | o Full (almost :-) vt100 support (i.e. emacs, pine, vi, elm
|
---|
104 | etc. works :-)
|
---|
105 | o "applet-enabled", the class mindbright.applet.MindTerm can be used to run MindTerm
|
---|
106 | as an applet (both in a separate Frame or in the Applet-Panel itself)
|
---|
107 | o Copy/paste with mouse selection ('copy-on-select' and insert-key pastes)
|
---|
108 | o Cursor-keys (with DECCKM toggle) and PgUP, PgDN, Home and End
|
---|
109 | keys can be used
|
---|
110 | o NonGUI mode, i.e. run at command-line without opening a
|
---|
111 | terminal-window
|
---|
112 | o MTU option (to be able to controll maximum packet size)
|
---|
113 | o The ssh package can be used quite easily by itself to "SSH-enable"
|
---|
114 | an arbitrary java-application
|
---|
115 | o The terminal and security packages can (of course) also be used by itself
|
---|
116 | o Cross-platform (it's java :-)
|
---|
117 |
|
---|
118 | FTP-NOTE: The FTP port-forwarding is done entirely in the client, no
|
---|
119 | patching of the sshd is needed. The FTP port-forwarding is only
|
---|
120 | supported for local-port-forward, i.e. you can connect to a remote
|
---|
121 | FTP-server through the tunnel. It works "100% transparent" with
|
---|
122 | "modern" ftp-clients that use the PASV ftp-command (e.g. Netscape
|
---|
123 | navigator). Older (and not so smart) clients that still use the PORT
|
---|
124 | command are in trouble, since the remote-port-forwards only can be
|
---|
125 | initialized at startup (i.e. before the sshd goes into its
|
---|
126 | server-loop) the best we can do is to pre-allocate the remote-port at
|
---|
127 | startup and reuse it through-out an FTP session. The problem with this
|
---|
128 | is of course the ftpd's way of using the ftp-data port for connecting
|
---|
129 | back to the client hence rendering our remote-ports unusable by the
|
---|
130 | ftpd's ftp-data-port for about a minute after disconnect (i.e. when
|
---|
131 | the tcp-socket is in state TIME_WAIT). This is partly worked around by
|
---|
132 | pre-allocating a number of ports on the remote end using them in a
|
---|
133 | round-robin fashion enabling us to do some PORT-commands in a row, if
|
---|
134 | however we do too many in about a minutes time we're out of available
|
---|
135 | connections back to ourselves making the ftp-server angry :-). This
|
---|
136 | could of course easily be solved by patching the sshd but that might
|
---|
137 | not be feasible in all situations.
|
---|
138 |
|
---|
139 |
|
---|
140 | INSTALLATION:
|
---|
141 |
|
---|
142 | In order to use this program you need the java-runtime (jdk or jre)
|
---|
143 | from Javasoft or any other party providing a port for your
|
---|
144 | platform. This program has been tested with jdk1.1.6(v5) and jdk1.1.5
|
---|
145 | on Linux (2.0.34 kernel), Windows NT4 and Windows-95 also with
|
---|
146 | jdk1.1.7A. Please read the installation notes for your respective
|
---|
147 | platform before trying to run MindTerm.
|
---|
148 |
|
---|
149 | Examples of where the java-runtime can be found:
|
---|
150 |
|
---|
151 | Linux:
|
---|
152 | http://www.blackdown.org/java-linux.html
|
---|
153 |
|
---|
154 | Win32 and Solaris:
|
---|
155 | http://www.javasoft.com/products/jdk/1.1/
|
---|
156 | or
|
---|
157 | http://www.javasoft.com/products/jdk/1.1/jre/index.html
|
---|
158 |
|
---|
159 | When you have installed the java-runtime and made yourself familiar
|
---|
160 | with how to use it you are ready to run the MindTerm. The
|
---|
161 | commandline-options of MindTerm are somewhat similar to those of the
|
---|
162 | free ssh-client for unix. When run with option '-?' MindTerm says:
|
---|
163 |
|
---|
164 | usage: MindTerm [options] [<server>]
|
---|
165 | Options:
|
---|
166 | -l user Log in using this user name.
|
---|
167 | -r Use built in seed-generator in SecureRandom.
|
---|
168 | -d No terminal-window, only dumb command-line and port-forwarding.
|
---|
169 | -i file Name of the RSA identity file (default: ~/.ssh/identity).
|
---|
170 | -V Display version number only.
|
---|
171 | -c cipher Select encryption algorithm: ``idea'', ``blowfish'', ``3des''
|
---|
172 | -p port Connect to this port. Server must be on the same port.
|
---|
173 | -L [/plugin/]listen-port:host:port Forward local port to remote address.
|
---|
174 | -R [/plugin/]listen-port:host:port Forward remote port to local address.
|
---|
175 |
|
---|
176 | Note that you don't have to give any command-line options in order to run
|
---|
177 | MindTerm, all settings can be changed from a simple command-shell
|
---|
178 | inside the program (see below).
|
---|
179 |
|
---|
180 | The program can be run with a command something like the following:
|
---|
181 |
|
---|
182 | java -classpath <libpath>/classes.zip:<mindpath>/mindterm.jar mindbright.application.MindTerm
|
---|
183 |
|
---|
184 | where:
|
---|
185 |
|
---|
186 | <libpath> is wherever your java-runtime libraries resides. Note that if you use
|
---|
187 | a CLASSPATH environment variable you might use that instead and just add
|
---|
188 | the mindterm.jar to it like:
|
---|
189 | CLASSPATH = CLASSPATH:/usr/local/myjavaapps/mindterm.jar
|
---|
190 |
|
---|
191 | <mindpath> is wherever you put the mindterm.jar file.
|
---|
192 |
|
---|
193 | In the case where you have added the file TO the class-path (i.e. not put
|
---|
194 | the file IN a directory in the class-path). The command would of course just be:
|
---|
195 |
|
---|
196 | java mindbright.application.MindTerm
|
---|
197 |
|
---|
198 | Note that when using Windows NT/95 you use ';' instead of ':' in the path, but you knew that.
|
---|
199 |
|
---|
200 | When the program is started it does some initialisation, this can take
|
---|
201 | several seconds depending on the speed of your machine. When the
|
---|
202 | copyright notice has been printed you are prompted for the SSH-server
|
---|
203 | to connect to.
|
---|
204 |
|
---|
205 | To enter the local command-shell you press ctrl-D at the prompt
|
---|
206 | (i.e. before having logged in). If running in "dumb" mode you might
|
---|
207 | have to press ENTER after pressing ctrl-D.
|
---|
208 |
|
---|
209 | The simple command-shell that is used in abscense of a GUI has these commands:
|
---|
210 |
|
---|
211 | go Start SSH-session with current settings.
|
---|
212 | quit Quit program.
|
---|
213 | add <l|r> [/<plug>/]<port>:<host>:<port> (see below).
|
---|
214 | del <l|r> <listen-port> Remove forwarded local or remote port.
|
---|
215 | list Lists current parameters and forwards.
|
---|
216 | set <parameter> <value> Set value of a parameter.
|
---|
217 | help Display this list, but you knew that :-).
|
---|
218 |
|
---|
219 | Examples of adding a remote/local tunnel:
|
---|
220 | > add r 4711:www.foo.com:80 Adds a remote tunnel at port 4711 back to
|
---|
221 | www.foo.com port 80 without a plugin,
|
---|
222 | i.e. default tunneling behaviour.
|
---|
223 | > add l /ftp/4711:ftp.foobar.com:21 Adds a local tunnel going to ftp.bar.com
|
---|
224 | port 21 using the ftp protocol-plugin to
|
---|
225 | handle protocol specific needs.
|
---|
226 |
|
---|
227 | ABOUT THE AUTHOR
|
---|
228 | This software is written and maintained by Mats Andersson
|
---|
229 | <[email protected]> of Mindbright Technology in Sweden.
|
---|