1 | =================
|
---|
2 | = RELEASE NOTES =
|
---|
3 | =================
|
---|
4 |
|
---|
5 | MindTerm, release 0.96 - Nov 29, 1998
|
---|
6 |
|
---|
7 | MindTerm is an entirely FREE(*) SSH (currently v1.5) client program
|
---|
8 | written in pure Java. It is more than yet another ssh-client, apart
|
---|
9 | from beeing multi-platform, it's also a full set of packages enabling
|
---|
10 | people to make their own ssh-client and/or "ssh-aware"
|
---|
11 | java-applications/applets (e.g. special/proprietary proxies, ssh-aware
|
---|
12 | applications/applets "speaking" to proprietary daemons behind firewall
|
---|
13 | etc). It has one other notable feature setting it apart from some
|
---|
14 | other clients, a special ftp-tunnel which works with "ordinary" ftpd's
|
---|
15 | "behind" the sshd.
|
---|
16 |
|
---|
17 | (*) Only restriction is that you can't derive commercial work from it
|
---|
18 | without our written permission.
|
---|
19 |
|
---|
20 | New in this release (mainly for java-developers):
|
---|
21 | o Exit to command-shell without disconnecting (finally :-)
|
---|
22 | o Dynamic handling of port-forwards from the command-shell, local ports
|
---|
23 | can be added/deleted "on the fly" (remote ports can only be deleted).
|
---|
24 | ('list', lists open tunnels).
|
---|
25 | o Can now run single command-line without shell.
|
---|
26 | o New interfaces SSHAuthenticator/SSHClientUser/SSHConsole makes
|
---|
27 | it very easy to use the SSHClient class separately.
|
---|
28 | o New method in SSHClient (doSingleCommand) to be able to do a
|
---|
29 | single command on the sshd-machine.
|
---|
30 | o SSHSocket/SSHServerSocket/SSHSocketFactory for fully transparent
|
---|
31 | usage of SSH in an arbitrary application/applet (see sample code for
|
---|
32 | usage).
|
---|
33 | o Documentation started (a lot to do here... :-).
|
---|
34 | o Code cleaned out and reorganized a bit (more on the way)
|
---|
35 |
|
---|
36 | TODO-LIST:
|
---|
37 | o Property-files (on a per server basis) to be able to store
|
---|
38 | parameters (e.g. server-host-keys, identity-file, port-number
|
---|
39 | etc.). Also the terminal-settings will be saved between sessions
|
---|
40 | o SSH2 support (of course :-)
|
---|
41 | o Better key-mapping support (this is not easy given the KeyEvent in java...)
|
---|
42 | o Telnet (maybe "Kerbified" and/or "SSLified" aswell)
|
---|
43 | o Make the plugins more usable (clean/effective), maybe add some other proxy-service?
|
---|
44 | (suggestions welcome!)
|
---|
45 | o Use the java.security hierarchy fully (as it is meant to work)
|
---|
46 | o Priority/mtu on a per tunnel basis (i.e. make some tunnels "more
|
---|
47 | responsive" than others)
|
---|
48 | o Lot's of error-handling and general clean-up
|
---|
49 | o A GUI with a menubar and such, can be useful :-)
|
---|
50 | o Colors in terminal
|
---|
51 | o Scaling font in terminal instead of changing rows/cols when resizing terminal
|
---|
52 | o App-keys in terminal a'la VT100
|
---|
53 | o et.c. et.c.
|
---|
54 |
|
---|
55 | =================
|
---|
56 |
|
---|
57 | MindTerm has been tested with jdk1.1.6(v5), jdk1.1.5 on Linux (with
|
---|
58 | 2.0.34 kernel), on Windows NT4 and Windows-95/98 also with
|
---|
59 | jdk1.1.7A/jdk1.2rc2. All tests were against sshd versions 1.2.17,
|
---|
60 | 1.2.21, 1.2.25 and 1.2.26. Your milage with other platforms/versions
|
---|
61 | may vary. Please read this entire text before starting to use
|
---|
62 | MindTerm.
|
---|
63 |
|
---|
64 | All comments and bug-reports should be sent to:
|
---|
65 | <[email protected]>
|
---|
66 |
|
---|
67 | Information about this program and its source code can be found at:
|
---|
68 | <http://www.mindbright.se/mindterm/>
|
---|
69 |
|
---|
70 | Features list:
|
---|
71 | o Password and RSA/rhosts-RSA authentication
|
---|
72 | o 3DES/DES, Blowfish and RC4 block-ciphers
|
---|
73 | o Standard SSH port-forwarding (including X11-forwarding)
|
---|
74 | o Special FTP port-forwarding (see FTP-NOTE below)
|
---|
75 | o Plugin-architecture for adding other (than FTP)
|
---|
76 | protocol-specific "proxies"
|
---|
77 | o Full (almost :-) vt100 support (i.e. emacs, pine, vi, elm
|
---|
78 | etc. works :-)
|
---|
79 | o "applet-enabled", the class mindbright.applet.MindTerm can be used to run MindTerm
|
---|
80 | as an applet (both in a separate Frame or in the Applet-Panel itself)
|
---|
81 | o Copy/paste with mouse selection ('copy-on-select' and insert-key pastes)
|
---|
82 | o Cursor-keys (with DECCKM toggle) and PgUP, PgDN, Home and End
|
---|
83 | keys can be used
|
---|
84 | o NonGUI mode, i.e. run at command-line without opening a
|
---|
85 | terminal-window
|
---|
86 | o MTU option (to be able to controll maximum packet size)
|
---|
87 | o The ssh package can be used quite easily by itself to "SSH-enable"
|
---|
88 | an arbitrary java-application
|
---|
89 | o The terminal and security packages can (of course) also be used by itself
|
---|
90 | o Cross-platform (it's java :-)
|
---|
91 |
|
---|
92 | FTP-NOTE: The FTP port-forwarding is done entirely in the client, no
|
---|
93 | patching of the sshd is needed. The FTP port-forwarding is only
|
---|
94 | supported for local-port-forward, i.e. you can connect to a remote
|
---|
95 | FTP-server through the tunnel. It works "100% transparent" with
|
---|
96 | "modern" ftp-clients that use the PASV ftp-command (e.g. Netscape
|
---|
97 | navigator). Older (and not so smart) clients that still use the PORT
|
---|
98 | command are in trouble, since the remote-port-forwards only can be
|
---|
99 | initialized at startup (i.e. before the sshd goes into its
|
---|
100 | server-loop) the best we can do is to pre-allocate the remote-port at
|
---|
101 | startup and reuse it through-out an FTP session. The problem with this
|
---|
102 | is of course the ftpd's way of using the ftp-data port for connecting
|
---|
103 | back to the client hence rendering our remote-ports unusable by the
|
---|
104 | ftpd's ftp-data-port for about a minute after disconnect (i.e. when
|
---|
105 | the tcp-socket is in state TIME_WAIT). This is partly worked around by
|
---|
106 | pre-allocating a number of ports on the remote end using them in a
|
---|
107 | round-robin fashion enabling us to do some PORT-commands in a row, if
|
---|
108 | however we do too many in about a minutes time we're out of available
|
---|
109 | connections back to ourselves making the ftp-server angry :-). This
|
---|
110 | could of course easily be solved by patching the sshd but that might
|
---|
111 | not be feasible in all situations.
|
---|
112 |
|
---|
113 |
|
---|
114 | INSTALLATION:
|
---|
115 |
|
---|
116 | In order to use this program you need the java-runtime (jdk or jre)
|
---|
117 | from Javasoft or any other party providing a port for your
|
---|
118 | platform. This program has been tested with jdk1.1.6(v5) and jdk1.1.5
|
---|
119 | on Linux (2.0.34 kernel), Windows NT4 and Windows-95 also with
|
---|
120 | jdk1.1.7A/jdk1.2rc2. Please read the installation notes for your
|
---|
121 | respective platform before trying to run MindTerm.
|
---|
122 |
|
---|
123 | Examples of where the java-runtime can be found:
|
---|
124 |
|
---|
125 | Linux:
|
---|
126 | http://www.blackdown.org/java-linux.html
|
---|
127 |
|
---|
128 | Win32 and Solaris:
|
---|
129 | http://www.javasoft.com/products/jdk/1.1/
|
---|
130 | or
|
---|
131 | http://www.javasoft.com/products/jdk/1.1/jre/index.html
|
---|
132 |
|
---|
133 | When you have installed the java-runtime and made yourself familiar
|
---|
134 | with how to use it you are ready to run the MindTerm. The
|
---|
135 | commandline-options of MindTerm are somewhat similar to those of the
|
---|
136 | free ssh-client for unix. When run with option '-?' MindTerm says:
|
---|
137 |
|
---|
138 | usage: MindTerm [options] [<server>]
|
---|
139 | Options:
|
---|
140 | -l user Log in using this user name.
|
---|
141 | -r Use built in seed-generator in SecureRandom.
|
---|
142 | -d No terminal-window, only dumb command-line and port-forwarding.
|
---|
143 | -i file Name of the RSA identity file (default: ~/.ssh/identity).
|
---|
144 | -V Display version number only.
|
---|
145 | -c cipher Select encryption algorithm: ``idea'', ``blowfish'', ``3des''
|
---|
146 | -p port Connect to this port. Server must be on the same port.
|
---|
147 | -L [/plugin/]listen-port:host:port Forward local port to remote address.
|
---|
148 | -R [/plugin/]listen-port:host:port Forward remote port to local address.
|
---|
149 |
|
---|
150 | Note that you don't have to give any command-line options in order to run
|
---|
151 | MindTerm, all settings can be changed from a simple command-shell
|
---|
152 | inside the program (see below).
|
---|
153 |
|
---|
154 | The program can be run with a command something like the following:
|
---|
155 |
|
---|
156 | java -classpath <libpath>/classes.zip:<mindpath>/mindterm.jar mindbright.application.MindTerm
|
---|
157 |
|
---|
158 | where:
|
---|
159 |
|
---|
160 | <libpath> is wherever your java-runtime libraries resides. Note that if you use
|
---|
161 | a CLASSPATH environment variable you might use that instead and just add
|
---|
162 | the mindterm.jar to it like:
|
---|
163 | CLASSPATH = CLASSPATH:/usr/local/myjavaapps/mindterm.jar
|
---|
164 |
|
---|
165 | <mindpath> is wherever you put the mindterm.jar file.
|
---|
166 |
|
---|
167 | In the case where you have added the file TO the class-path (i.e. not put
|
---|
168 | the file IN a directory in the class-path). The command would of course just be:
|
---|
169 |
|
---|
170 | java mindbright.application.MindTerm
|
---|
171 |
|
---|
172 | Note that when using Windows NT/95 you use ';' instead of ':' in the path, but you knew that.
|
---|
173 |
|
---|
174 | When the program is started it does some initialisation, this can take
|
---|
175 | several seconds depending on the speed of your machine. When the
|
---|
176 | copyright notice has been printed you are prompted for the SSH-server
|
---|
177 | to connect to.
|
---|
178 |
|
---|
179 | To enter the local command-shell you press ctrl-D at the prompt
|
---|
180 | (i.e. before having logged in). If running in "dumb" mode you might
|
---|
181 | have to press ENTER after pressing ctrl-D.
|
---|
182 |
|
---|
183 | The simple command-shell that is used in abscense of a GUI has these commands:
|
---|
184 |
|
---|
185 | go Start SSH-session with current settings.
|
---|
186 | quit Quit program.
|
---|
187 | add <l|r> [/<plug>/]<port>:<host>:<port> (see below).
|
---|
188 | del <l|r> <listen-port> Remove forwarded local or remote port.
|
---|
189 | list Lists current parameters and forwards.
|
---|
190 | set <parameter> <value> Set value of a parameter.
|
---|
191 | help Display this list, but you knew that :-).
|
---|
192 |
|
---|
193 | Examples of adding a remote/local tunnel:
|
---|
194 | > add r 4711:www.foo.com:80 Adds a remote tunnel at port 4711 back to
|
---|
195 | www.foo.com port 80 without a plugin,
|
---|
196 | i.e. default tunneling behaviour.
|
---|
197 | > add l /ftp/4711:ftp.foobar.com:21 Adds a local tunnel going to ftp.bar.com
|
---|
198 | port 21 using the ftp protocol-plugin to
|
---|
199 | handle protocol specific needs.
|
---|
200 |
|
---|
201 | ABOUT THE AUTHOR
|
---|
202 | This software is written and maintained by Mats Andersson
|
---|
203 | <[email protected]> of Mindbright Technology in Sweden.
|
---|