News about Secure Shell/SSH clients and servers (PuTTY and TeraTerm/SSH included) ////////////////////////////////////////////////////////////////////////////// 2005-04-04 The second edition of this O'Reilly book is nearing publication: "SSH, The Secure Shell: The Definitive Guide". http://www.oreilly.com/catalog/sshtdg2/ 2005-04-20 The website associated with the SSH:TDG book is now online. http://www.snailbook.com/index.html ////////////////////////////////////////////////////////////////////////////// 2003-11-16 In practice, most implementations of the telnet protocol do not contain an encryption mechanism for passwords. Some simple needs for security can be satisfied by an SSH "secure shell" connection. However, any enterprise requiring large communication deployments probably needs a more heavy-duty technology. (One question of interest may be this: "If an evil-doer steals a notebook computer containing all of a user's SSH authentication keys, and starts using them, what do we do?" One well known and widely available security technology is Kerberos, which was developed at MIT in concert with a consortium of vendors. Centralized administration of access is easier with Kerberos than with the individualistic SSH protocol. See: "Kerberos Page" http://web.mit.edu/kerberos/www/ Sun Microsystems provides a full Kerberos implementation in its SEAM (Sun Enterprise Authentication Mechanism) package for Solaris 8 and 9. It interoperates OK with Microsoft Windows 2000. http://wwws.sun.com/software/download/security.html http://wwws.sun.com/software/security/kerberos/ Hewlett-Packard has Kerberos software for OpenVMS and for HP-UX: http://www.hp.com/security/ http://www.hp.com/products1/unix/operating/security/index.html#system http://h71000.www7.hp.com/openvms/products/kerberos/ IBM has Kerberos implementations for several of its product lines: http://www.ibm.com/security/ http://www6.software.ibm.com/devcon/devcon/docs/kerb0401.htm http://www-1.ibm.com/servers/eserver/zseries/zos/commserver/kerberos.html http://www-1.ibm.com/mediumbusiness/pdf/Security28.pdf .............................................................................. But perhaps SSH is appropriate for your use. For information on the commercial SSH product, see: http://www.ssh.fi/ An open-source implementation, OpenSSH, can be found at http://www.openssh.org/ A slightly dated list of SSH and Secure Shell Resources may be seen at: http://www.massconfusion.com/ssh/ssh_resources.html A circa-1997 SSH FAQ resides at http://ns.uoregon.edu/pgpssh/sshfaq/index.html A better FAQ (as of 2006) center around the open-source OpenSSH: http://www.openssh.org/faq.html There is available information on troubleshooting connections: http://www.employees.org/~satch/ssh/faq/ssh-faq-7.html (But beware the short-password problem in old commercial SSH releases: http://www.theregister.co.uk/content/55/20594.html) Alas, during 2002, a vulnerability was found in certain releases of the OpenSSH package. See: http://www.cert.org/advisories/CA-2002-18.html ////////////////////////////////////////////////////////////////////////////// In 2005, the IETF working group establishing a standard for Secure Shell connections had information at: http://www.ietf.org/html.charters/secsh-charter.html and ftp://ftp.ietf.org/ietf-mail-archive/secsh/ (Several new drafts were issued in March 2005, however, the above links are stale as of October 2006.) ////////////////////////////////////////////////////////////////////////////// Sun's Solaris 9 operating environment incorporated a Sun-supported package "Secure Shell" on CD 1, which is based on release 2.5.1p1 of OpenSSH; the version shipped with Solaris 9 (SSH-2.0_Sun_SSH_1.0) included enhancements made by Sun. Sun added BSM (auditing) support, proxy commands, L10N/I18N support, and configurable login attempts. Also, TCP wrappers were compiled and the ssh-keygen command was set to create an RSA key by default. http://wwws.sun.com/software/whitepapers/solaris9/secureaccess.pdf http://docs.sun.com/?q=ssh&p=prod%2Fsolaris.9 For earlier Solaris releases, Sun does not support any SSH product; however, the third-party SSH product is available with support from SSH Communications Security Oyj. of Finland: http://www.ssh.fi/ There is also the open-source OpenSSH. The following BluePrint documents tell how to configure OpenSSH under Solaris 2.6, Solaris 7, and Solaris 8. http://www.sun.com/blueprints/0103/817-1307.pdf http://www.sun.com/blueprints/0701/openSSH.pdf http://www.sun.com/blueprints/0102/configssh.pdf And advice is available from other non-Sun sources: http://www.bolthole.com/solaris/companioncd.html http://www.sunfreeware.com/openssh8.html Sun's BSM patches have been donated back to the OpenSSH developers: http://bugzilla.mindrot.org/show_bug.cgi?id=2 If, using Solaris 9's Secure Shell to connect to commercial SSH, you see a session error like "Dispatch protocol error: type 2", you are experiencing a problem inherited from the original open-source code. Until a fix is announced by Sun, see: http://www.openssh.com/faq.html#2.4 For enterprises that wish to lift the burden of security configuration from the individual users and rely more on a centralized support staff, IPsec should be preferred over Secure Shell: http://wwws.sun.com/software/whitepapers/solaris9/ipsec.pdf IPsec provides security at the Network layer, rather than in the Transport layer. IPsec passes UDP packets, which SSH does not, and IPsec may be used to construct VPNs between consenting equipment. # .............................................................................. If, during connection attempts using the OpenSSH client, you are seeing an error message like this: no matching comp found: client zlib server none you may be able to work around the problem by turning off compression in the session. Compression may be configured to a default of "no" in either /etc/ssh_config or ~/.ssh/config Compression may be turned back on for a given connection with the command-line switch of "-C" (uppercase). ////////////////////////////////////////////////////////////////////////////// What most people call the "SFTP" protocol, as in "Secure FTP", is a file-transfer shim laid over the Secure Shell protocol--the same fundamental SSH protocol that most people now use for interactive keyboard sessions instead of good old telnet. Both SSH interactive sessions and SFTP file-transfer sessions operate over TCP port 22. Another protocol of similar intent, if not as wide use, is "FTP over TLS/SSL", on TCP ports 989 (data) and 990 (control). I think that the OpenBSD Project claims to have produced the open-source "sftp" program. Here is the client "man" page: http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1 See also "sftp-server" man page: http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8 Cygwin produced an equivalent command-line SFTP.EXE program for Windows: http://www.cygwin.com/ Yes, PuTTY fans, Simon Tatham includes a basic PSFTP utility for Windows. http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter6.html#psftp ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.sys.sun.admin,comp.security.ssh Message-ID: Date: Wed, 10 Dec 2003 15:00:01 -0500 From: "Helpful Observer" Subject: Solaris 9 Secure Shell connection logging Under Solaris 9, using the included Solaris Secure Shell, I wanted to log connections, so I did this (as root): # cat > /etc/ssh/sshrc /usr/bin/logger -p daemon.notice -t 'sshd' "$USER connected $SSH_CLIENT." ^D # chgrp sys /etc/ssh/sshrc # chmod 755 /etc/ssh/sshrc In systems using the open-source OpenSSH, the corresponding file is /etc/sshrc -- H.O. .............................................................................. Newsgroups: comp.sys.sun.admin,comp.security.ssh Message-ID: Date: Sat, 13 Dec 2003 09:35:12 -0500 From: "Helpful Observer" Subject: Re: Solaris 9 Secure Shell connection logging "Helpful Observer" wrote: > > Under Solaris 9, using the included Solaris Secure Shell, > I wanted to log connections, so I did this (as root)... Neil W Rickert replied: > > On my reading of the man pages, that breaks X-forwarding. Darren Tucker replied: > > OpenSSH already logs this kind of info to wherever you point > its syslog to, see the SyslogFacility and LegLevel config options. OK, thank you for pointing this out. The target environment does not presently require X forwarding, but to prevent future difficulties, logging will be this way: With the following in /etc/ssh/sshd_config: # Syslog facility and level SyslogFacility auth LogLevel info inserting the following line into /etc/syslog.conf: auth.info /var/adm/auth.log doing: # touch /var/adm/auth.log # chgrp sys /var/adm/auth.log # chmod 644 /var/adm/auth.log and doing: # /etc/init.d/syslog stop # /etc/init.d/syslog start -- H.O. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: Primus Canada Date: 24 Jun 2002 23:55:25 -0400 From: Richard E. Silverman Subject: Re: ssh 1.5 and cisco There are known security weaknesses with SSH-1; however, none of them are so bad that it would be better to stick with Telnet instead... -- Richard Silverman slade@shore.net ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: <3fbbf859@buckaroo.cs.rit.edu> References: <98c767fe.0311180204.62c1d3dc@posting.google.com> <3fba15d2$1@buckaroo.cs.rit.edu> Organization: RIT, Department of Computer Science Date: Wed, 19 Nov 2003 18:07:30 -0500 From: Carl Holtje Subject: Re: SSHv1 vs SSHv2 Here's a small collection of some deadly vulnerabilities of SSHv1: http://www.kb.cert.org/vuls/id/684820 http://www.kb.cert.org/vuls/id/850440 http://www.kb.cert.org/vuls/id/19124 More can be found, along with a bunch of other nifty insights into SSH at http://www.cert.org/ with a search of 'SSH v1'... The short of these is that SSHv1 is not as secure as you'd like, and SSHv2+ is; so don't use v1.. :) Enjoy.. Carl ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals Message-ID: <20020323165940.3560.qmail@gacracker.org> Organization: mail2news@dizum.com Date: 23 Mar 2002 16:59:40 -0000 From: Mach Subject: Bare bones ssh for Windows Windows comes with an application named telnet that does a fair job of emulating a terminal, but a very poor job of securing a session. In fact, only a fool would use telnet in today's hostile networked world. Instead, most people use secure shell (ssh) to provide encrypted telnet sessions that keep prying eyes at bay. Unfortunately, Microsoft does not yet bundle ssh with Windows. They leave it up to you to find your own ssh app for Windows. Lots of ssh apps exist, but, from my perspective, they do ugly things like sparsely install files all over a file system, muck with the registry, and upgrade Dynamic Link Libraries (DLLs). I like to keep things simple by using a command line unix / MSDOS installation methodology that consists of creating a parent directory then copying files under it. cygwin ( http://www.cygwin.com/ ) allows you to run traditional, open source, unix applications under Windows. You need to install it along with ssh to obtain the necessary files that we use in our bare bones cygwin ssh. After you install cygwin with ssh you need to locate the following files and copy them into a parent directory: CYGCRYPTO.DLL CYGWIN1.DLL CYGZ.DLL SCP.EXE SFTP.EXE SSH.EXE SSH-ADD.EXE SSH-AGENT.EXE SSH-KEYGEN.EXE SSH-KEYSCAN.EXE You only need to copy those files to install ssh (and a couple of handy, secure file copying programs named scp and sftp) into any Windows PC. If you want, you can even remove cygwin from the PC that you originally used to obtain the files. Those files fit on a pair of 3.5" diskettes. I always keep a pair handy in the field in case I need to use a Windows PC to download software from my server. An example of how to use scp: scp -S ./ssh mach@192.168.1.1:data . In the example, a user named mach wants to copy a file named data from mach's home directory on a server with an IP address of 192.168.1.1 to the current directory of Windows. You need to enter the -S argument to explicitly specify the path to the ssh binary otherwise scp defaults to a path of usr/bin. Notice that the -S argument uses forward slashes in place of the reverse slashes typically found in Windows. -- finger mach @ nym.alias.net for public key If you send mail post a message telling me to check my mail. ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <20020323165940.3560.qmail@gacracker.org> Message-ID: Organization: SAUNALAHDEN asiakas Date: Sun, 24 Mar 2002 04:34:28 +0200 From: Jukka Aho Subject: Re: Bare bones ssh for Windows "Mach" wrote: > After you install cygwin with ssh you need to locate the > following files and copy them into a parent directory: > > [list of files] > > You only need to copy those files to install ssh [...] into > any Windows PC. If you want, you can even remove cygwin from > the PC that you originally used to obtain the files. Those > files fit on a pair of 3.5" diskettes. PuTTY would be yet easier, as it only consists of one executable which nicely fits on a single floppy. No need to fool around with cygwin, either. You can find PuTTY (which is open source and free to download) at http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- znark [See documentation at http://the.earth.li/~sgtatham/putty/0.58/htmldoc/] ////////////////////////////////////////////////////////////////////////////// For a Windows PC, see also TeraTerm's SSH extensions: http://www.zip.com.au/~roca/ttssh.html or the MIT FiSSH Secure Shell Client package: http://pgpdist.mit.edu/FiSSH/index.html .............................................................................. I've seen the announcement of a new open-source client for Windows PCs, called MSSH (Metro's Secure Shell) providing a GUI front end to OpenSSH; two versions, one limited version running native under Windows, the other using OpenSSH under Cygwin: http://cs.mscd.edu/MSSH/index.html .............................................................................. HOWTO documents SSH with Keys http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html Encrypted Tunnels using SSH and MindTerm HOWTO http://en.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals Message-ID: <5f471bece67c97b3@mayday.cix.co.uk> Organization: Mayday Technology Ltd Date: Sun, 24 Mar 2002 10:13:49 +0000 From: robert$1@mayday.cix.co.uk Subject: Re: PuTTy is also a good one... On Sat, 23 Mar 2002, ThePsyko wrote: > I prefer SecureCRT to putty though :) Okay, as I have an interest in this I'll bite. CRT 3.4.3 2.4 Mb Includes a windows installer. PuTTY 400k Bare exe only needed. Other tools, agent, keygen, psftp etc are around 200k each. Total 1.2Mb. PuTTY provides full source code, CRT is binaries only. Source code is, approx, another 400k. PuTTY has better emulation. CRT doesn't 'eat' all VTxxx sequences that it doesn't support. CRT has no support for alternate host character encodings. PuTTY can use many different host character encodings including UTF-8 PuTTY has some support for DBCS character encodings. PuTTY has compose key support (on the windows menu key or AltGr) PuTTY understands more of the real VT100 codes. CRT understands more of the real VT220 codes. PuTTY works out of the 'box' as an accurate colour Xterm. CRT fails various vttest tests including 'BUG F' and the funny scroll regions test, PuTTY does not. PuTTY has better display CRT will only double size it's own font, putty will do any unless told not to in which case it will double space. CRT can only display VT graphics with it's own font PuTTY can use any windows font and even does the 'stepped lines' properly. CRT's fullscreen mode either has 'too small' characters or no line drawing characters. CRT has modem and TAPI connectivity PuTTY has only ssh, telnet and rlogin. CRT can do in channel zmodem file transfers. CRT has some scripting support PuTTY does not. CRT has easier selection of emulation, however PuTTY can emulate all the terminals CRT can _if_ you set it up. (In fact PuTTY's Linux terminal support actually works, unlike CRT) CRT's scrollback is limited to 32000 lines, PuTTY's is limited by memory. CRT has inline printing support. CRT has a generic keymap editor. And finally, PuTTY will not let the host overwhelm it. Eg: cat /dev/zero will lockup CRT's network module but PuTTY doesn't even notice. I prefer PuTTY as I don't need the extra features that CRT gives however before I found and contributed to PuTTY my favorite was CRT (I even _paid_ for a copy!) -- Rob. (Robert de Bath ) http://www.cix.co.uk/~mayday ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <5f471bece67c97b3@mayday.cix.co.uk> Message-ID: <3C9E05F1.ED36336D@someoneelse.com> Organization: Theoretical Date: Sun, 24 Mar 2002 16:58:26 GMT From: HiEv Subject: Re: PuTTy is also a good one... ThePsyko wrote: [snip] > hmmm... perhaps PuTTY deserves another looksee then... it's been a couple > years since I switched over... what version is it at now? It's up to v0.52 now. (Last update 2002-01-14) See: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html -- The difference between intelligence and stupidity is that intelligence has its limits. [Archivist's Note: Version 0.56 was released on 2004-10-26.] [In 2006, 0.58 appears to be current.] ////////////////////////////////////////////////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html From the PuTTY FAQ: A.10.3 What does "PuTTY" mean? It's the name of a popular SSH and Telnet client. Any other meaning is in the eye of the beholder. It's been rumoured that "PuTTY" is the antonym of "getty", or that it's the stuff that makes your Windows useful, or that it's a kind of plutonium Teletype. We couldn't possibly comment on such allegations. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ////////////////////////////////////////////////////////////////////////////// For more information on the quality and quirks of the terminal emulation implemented in the "PuTTY" package, see http://www.cs.utk.edu/~shuford/terminal/term_emulator_products.txt ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: Organization: George Mason University, Fairfax, Virginia, USA Date: 30 May 2002 00:04:45 GMT From: Markus Gyger Subject: PuTTY Mouse Pointer Color On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that makes it difficult to select words (e.g. using double click) on the default black background. Does anybody know how to change the mouse pointer color or how to have it a mask or shadow in a different color? Markus ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: Yeah, right Date: 30 May 2002 09:19:16 +0100 (BST) From: Simon Tatham Subject: Re: PuTTY Mouse Pointer Color Markus Gyger wrote: | | On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that | makes it difficult to select words (e.g. using double click) | on the default black background. PuTTY itself doesn't do this. PuTTY asks the system for its default I-beam mouse pointer, and uses whatever it gets. I've seen the phenomenon you mention myself on NT 4, but I think it's due to the graphics driver - on other NT 4 boxes the same thing didn't happen. The default I-beam mouse pointer is composed of `reverse' pixels, which are supposed to invert the colour under them, so the pointer should show up as black when on a white background and white when on a black background. When I checked carefully on the NT 4 box that had the problem, the mouse pointer was indeed composed of `reverse' pixels, but they simply weren't doing their job properly. This is the graphics driver's fault; the only thing PuTTY does to provoke it is to have a black background by default. The only solution I could find (apart from changing my graphics driver) was to design myself a fixed-colour mouse pointer, with a white I-beam surrounded by a black outline so it would be visible everywhere. Installing that in place of the standard I-beam solved my problem, though it looked a bit ugly on white backgrounds. -- Simon Tatham These are my opinions. There are many like them but these ones are mine. ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <20020323165940.3560.qmail@gacracker.org> Message-ID: <20020324203605.5536.qmail@gacracker.org> Organization: mail2news@dizum.com Date: 24 Mar 2002 20:36:05 -0000 From: Mach Subject: Re: Bare bones ssh for Windows In alt.hacker Jukka Aho wrote: | | PuTTY would be yet easier, as it only consists of one executable | which nicely fits on a single floppy. No need to fool around with | cygwin, either. Agreed - if you just want a Win* ssh client, PuTTY looks like the better choice. That said, one of the primary objectives in my original article was to explore the minimal installation required for cygwin. My research provided the following info: 1. You only need CYGWIN1.DLL to run an app compiled for cygwin, unless the app itself relies upon other package. (i.e. SSH relies upon the gzip and crypto packages, which means you also need CYGCRYPTO.DLL and CYGZ.DLL in order to run SSH.EXE.) 2. You DO NOT need to use a cygwin bash shell to invoke an app. 3. Although cygwin's bash shell app updates the Win* registry, you can invoke cygwin apps directly and they leave the registry alone. Granted, those points may seem intuitively obvious to smarter people. ;) > You can find PuTTY (which is open source and free to download) ^^^^^^^^^^^ I *demand* open source these days. When I fiddled with PuTTY a few years ago, I overlooked its open source. Here's my reasons for continuing to use cygwin's ssh: 1) Both unix and Win* ssh use the same source. I like to make open source apps do double duty in the unix and Win* worlds whenever possible. It helps me keep my sanity. :) 2) My perception that ssh enjoys a wider, more diverse user base that may allow bugs to surface faster to ensure a robust app. -- finger mach @ nym.alias.net for public key If you send mail post a message telling me to check my mail. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1118781223.896983.100610@g14g2000cwa.googlegroups.com> Message-ID: <83psuo4jsk.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: Wed, 15 Jun 2005 00:10:03 +0100 From: Owen Dunn Subject: Re: Can i copy my putty shortcuts from one computer to another.? "Naras" writes: > > Can i copy my putty shortcuts from one computer to another.? Yes. From a Command Prompt (DOS window) on your old computer, run: REGEDIT /EA putty.reg HKEY_CURRENT_USER\Software\SimonTatham\PuTTY Copy the putty.reg file this creates to your new computer. Find that file on your new computer in Explorer and double-click it. This should import all your PuTTY saved sessions on the new computer. (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 207.34.94.246 NNTP-Posting-Date: Mon, 17 Jan 2005 13:28:54 MST References: <3037a80c.0501150758.37662745@posting.google.com> Message-ID: <41ec1e4a@news.nucleus.com> Date: Mon, 17 Jan 2005 20:28:54 GMT From: Colin B. Subject: Re: NEW version of TeraTerm released on January 10th 2005. boris wrote: > > This is good news for all TeraTerm users. New version is supporting > SSH2, UTF-8, IPv6 and much more. Scroll buffer increased from 10000 > to 500000 80-character lines, command broadcasting to multiple open > TeraTerm windows is coming soon. Linux version of TeraTerm is also > not far away. > > Support forum was set up a week ago at > > http://www.neocom.ca/forum/index.php > > You can ask your questions, post suggestions and report bugs there. > Yutaka Hirata is the one who started developing TeraTerm further last > summer. To download the latest version, visit Yutaka's home page at > > http://sleep.mat-yan.jp/~yutaka/windows/index.html > > Last release is also available from the mirror in North America. You > will find the link to it under 'Announcements' forum. This is great news! I've had both TeraTerm and Putty on all of my Intel machines, so I can do serial connections (from TeraTerm), and SSH2 (from Putty). Now I can eliminate one. Thanks Boris, and thanks to Yutaka as well. Colin ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals References: Message-ID: Organization: WOMUMP Date: 17 Nov 2002 16:13:46 +0000 (GMT) From: Jacob Nevins Subject: Re: man pages in PuTTY ver.53b - stange characters (note Followup-To) KS writes: > > When I do a man page from PuTTY (from an Windows XP Professional system > connecting to Redhat 8.0) I get a lot of random "αΊ­" characters. Only > without the period underneath. Is there setting that will eliminate this > or is it just a small but that probably will not get fixed? > > When I do these man pages directly on my Linux box, I do not have the > same problem. Thanks in advance! Have you tried using UTF-8 translation in PuTTY? See my recent posting . This is turning into an FAQ for us, so please reply or mail putty@projects.tartarus.org if you resolve this issue. If RH8 has switched to expecting a UTF-8 terminal by default, I'm not sure what the right solution is -- for the RH system to send an appropriate escape code at some point, or to expect users to switch PuTTY into UTF-8 mode, or what. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3d0eb77f.0@139.142.84.10> <3D11CE15.6070702@hotmail.com> Message-ID: Organization: WOMUMP Date: 28 Jun 2002 13:03:37 +0100 (BST) From: Jacob Nevins Subject: Re: printing with putty vervoom writes: > >Should I be issuing a command like 'lp file' ? This is nothing to do with SSH, but never mind: What you should do depends on your software. The way it works is that when PuTTY sees a particular escape sequence, it starts directing all received data to a printer instead of the screen (another sequence turns this off). There is a C program called 'lpansi' floating around which will do this -- Google for it. >And then do I need to configure mthe server to print to the printer >that I've set up in Putty? In which case I'm not quite sure why I >would need to tell Putty which printer to send the data to? You need to arrange that the server sends printer data in the appropriate format (PostScript, PCL, etc). The configuration in PuTTY is simply to route the raw data to the right place. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3d0eb77f.0@139.142.84.10> <3D11CE15.6070702@hotmail.com> Message-ID: <3D2053F1.6060607@hotmail.com> Organization: British Airways PLC Date: Mon, 01 Jul 2002 14:06:57 +0100 From: vervoom Subject: Re: printing with putty Thanks Jacob, That's excellent. I've got it to work now. Thanks very much. JS. ps. Sorry that it wasn't relevant to SSH. It seems to be the only place you can get help with Putty though. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3D1C9FB5.4080106@nospam.icon-labs.com> Message-ID: Organization: Optimum Online Date: Mon, 1 Jul 2002 16:29:08 -0400 From: Ron Subject: Re: PuTTY with Linux Ron wrote: > > All result in "conection reset by peer", either using PuTTY or using 'ssh > x.x.x.x' from a command prompt. "Pete Flugstad" wrote in message <3D1C9FB5.4080106@nospam.icon-labs.com>... > > It's likely that something else (i.e. not related to OpenSSH, PuTTy, > etc) is causing this. The thing that comes to mind is the firewall > stuff that RedHat sets up. You have to make sure that the firewall > configuration allows incoming SSH connections. I would guess that yours > is not configured for this, so it's rejecting all incoming connections. > The box can SSH back to itself since that goes over the loopback > interface, not an external interface. > > Pete Flugstad > Icon Labs BINGO!! I temporarily dropped the FW rules, and I got in. It was not even being logged in /var/log/secure because it never got that far. Thank you so much for your help!!! Best regards, Ron ////////////////////////////////////////////////////////////////////////////// Date: Tue, 26 Oct 2004 19:25:28 +0100 To: putty-announce@lists.tartarus.org From: Simon Tatham Subject: SECURITY UPDATE: PuTTY version 0.56 is released SECURITY UPDATE: PuTTY version 0.56 is released ----------------------------------------------- All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as soon as possible. This version fixes a security hole in previous versions of PuTTY, which can allow an SSH2 server to attack your client before host key verification. This means that you are not even safe if you trust the server you _think_ you're connecting to, since it could be spoofed over the network and the host key check would not detect this before the attack could take place. The attack can allow the server to execute code of its choice on the client. This vulnerability was found by iDEFENSE, who we expect to release an advisory on the subject shortly. In addition to this security fix, there have been some other bug fixes and new features. Notable among them are: - Ability to restart a session within an inactive window, via a new menu option. - Minimal support for not running a shell or command at all in SSH protocol 2 (equivalent to OpenSSH's `-N' option). PuTTY/Plink still provide a normal window for interaction, and have to be explicitly killed. - Transparent support for CHAP cryptographic authentication in the SOCKS 5 proxy protocol. (Not in PuTTYtel.) - More diagnostics in the Event Log, particularly of SSH port forwarding. - Ability to request setting of environment variables in SSH (protocol 2 only). (However, we don't know of any _servers_ that support this.) - Ability to send POSIX signals in SSH (protocol 2 only) via the `Special Commands' menu. (Again, we don't know of any servers supporting this.) - Bug fix: The PuTTY tools now more consistently support usernames containing `@' signs. - Support for the Polish character set `Mazovia'. - When logging is enabled, the log file is flushed more frequently, so that its contents can be viewed before it is closed. - More flexibility in SSH packet logging: known passwords and session data can be omitted from the log file. Passwords are omitted by default. (This option isn't perfect for removing sensitive details; you should still review log files before letting them out of your sight.) - Unix-specific changes: * Ability to set environment variables in pterm. * PuTTY and pterm attempt to use a UTF-8 line character set by default if this is indicated by the locale; however, this can be overridden. - Various minor bug fixes and robustness improvements. I repeat: PuTTY 0.56 fixes a SERIOUS SECURITY HOLE in all previous versions of PuTTY. You should upgrade now. Enjoy using PuTTY! Cheers, Simon -- Simon Tatham "What a caterpillar calls the end of the world, a human calls a butterfly." .............................................................................. .............................................................................. List-ID: Announcements of updates to PuTTY Message-ID: Date: Sun, 20 Feb 2005 16:05:30 +0000 To: putty-announce@lists.tartarus.org From: "Simon Tatham" Subject: SECURITY UPDATE: PuTTY version 0.57 is released SECURITY UPDATE: PuTTY version 0.57 is released ----------------------------------------------- All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as soon as possible. This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.) This vulnerability was found by iDEFENSE, who we expect to release an advisory on the subject shortly. In addition to this security patch, there are also a few very minor bug fixes which should stop PuTTY from crashing in circumstances involving port forwarding, or failing to correctly perform X forwarding. Other than that, though, 0.57 is almost identical to the previous release 0.56. I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous versions of PSCP and PSFTP. If you use either of those programs, you should upgrade now. Enjoy using PuTTY! Cheers, Simon -- Simon Tatham "The distinction between the enlightened and the terminally confused is only apparent to the latter." .............................................................................. .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk Message-ID: Organization: Yeah, right Date: Wed, 24 Jan 2007 21:41:01 +0000 (GMT) From: Simon Tatham Subject: PuTTY version 0.59 is released I haven't posted PuTTY release announcements here in the past, but I thought this one might be of interest to at least some people on this group, owing to the new serial-port functionality. My current intention is that this posting should be a one-off; but if consensus on this newsgroup is that I should post here about all PuTTY releases in future, then I will. (And conversely, if consensus is that I shouldn't even have posted this one, I'll apologise.) PuTTY version 0.59 is released ------------------------------ All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ New features in this release include: - PuTTY can now connect to a local serial port, as an alternative to making a network connection. - Windows PuTTY now has the same local proxy support as Unix PuTTY (equivalent to OpenSSH's `ProxyCommand' option), allowing network connections to be managed by a separate proxy program of your choice. Plink also has a new `-nc' mode which makes it a useful local proxy command. - The manual is now provided in HTMLHelp format as well as old-style WinHelp, meaning that online help will be available on Windows Vista. - Support for password expiry in SSH-2. - Various performance improvements and cryptography upgrades. Bug fixes in this release include: - PuTTY should now run on all variants of Windows XP, without giving the `application configuration is incorrect' error. - The file transfer utilities PSCP and PSFTP now support files bigger than 2Gb (provided the underlying operating system does too). - Font linking (the automatic use of other fonts on the system to provide Unicode characters not present in the selected one) should now work again on Windows, after being broken in 0.58. - On Windows, the random seed file PUTTY.RND should now be stored in a more sensible place by default. - IPv6 should now work in Windows Vista as well as earlier versions of Windows. - Numerous other small bug fixes. Enjoy using PuTTY! -- Simon Tatham "I'm cross. I'm going to have a tantrum. How do I start?" - my uncle .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1171756554.323206.55710@p10g2000cwp.googlegroups.com> Message-ID: <22q*XqGDr@news.chiark.greenend.org.uk> Organization: Yeah, right Date: 18 Feb 2007 08:39:34 +0000 (GMT) From: Simon Tatham Subject: Re: PuTTY 0.59 crashes a lot on serial port florin.andrei@gmail.com wrote: > > I was excited about the new serial port feature in PuTTY 0.59, but > the problem is--it crashes all the time. Yes, there was a very embarrassing bug in the release. The development snapshots should have it fixed, and we hope to put out a bug-fix release reasonably soon. (It's very annoying: a bug like that _should_ by rights have caused a crash every time, but for some reason it never crashed for me, in three months of testing, so I didn't notice it. :-/ ) -- Simon Tatham These are my opinions. There are many like them but these ones are mine. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk Message-ID: Organization: Yeah, right Date: Sun, 29 Apr 2007 14:14:56 +0100 (BST) From: Simon Tatham Subject: PuTTY 0.60 is released PuTTY version 0.60 is released ------------------------------ All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a minor patch release to 0.59; it contains only bug fixes, and only very minor new features. New features include: - Pressing Ctrl+Break now sends a serial break signal in the serial back end, and in the SSH and Telnet backends it asks the server to do the same (if the server supports it). The previous Ctrl+Break behaviour can still be triggered with Ctrl-C. - On Windows, it is no longer necessary to configure high-numbered serial lines such as COM10 as `\\.\COM10'; PuTTY does this automatically. - You can now store a host name in the Default Settings. Bug fixes include: - Embarrassingly, both of the major new features in 0.59 (serial support and local proxy support) caused frequent crashes on many Windows machines. We didn't notice this because for some reason they never crashed for us in months of testing! - In 0.59, it was possible to lock yourself out of the configuration dialog by configuring a serial connection in Default Settings. This should no longer be possible. - We've had reports of the error message `Unable to read from standard input' in Plink 0.59. We've found and fixed one cause of this message, and added better diagnostics in case there are others. - 0.59 could emit malformed SSH-2 packets that upset some servers (such as Foundry routers). Fixed. - Other minor bug fixes. Enjoy using PuTTY! -- Simon Tatham "A defensive weapon is one with my finger on the trigger. An offensive weapon is one with yours." ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <4667e222@127.0.0.1> Message-ID: Organization: Yeah, right Date: 07 Jun 2007 14:15:02 +0100 (BST) From: Simon Tatham Subject: Re: Ctrl+Break in Putty v0.60 Ken wrote: > > In previous Putty v0.58, I can use "Control+Break" to stop the running > program and enter into the design mode of Quick Basic 4. However, the > Putty v0.60 changed that ***Pressing Ctrl+Break now sends a serial break > signal***. Before Ctrl+Break sent a serial break, it was a synonym for Ctrl+C. So you should still be able to use Ctrl+C for anything you'd previously have done with Ctrl+Break. -- Simon Tatham "That all men should be brothers is a dream of people who have no brothers." ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: <83hdk2ji4j.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: 24 Feb 2005 11:46:04 +0000 From: Owen Dunn Subject: Re: PuTTY on a "Windows Terminal Server" "Michael Pohlmann" writes: > > we are planning to use PuTTY for a number of users in parallel on a > Windows Terminal Server. Does anyone of you have experience in > running PuTTY simultaniously for a number of users, say 20 or 30? > As far as I know, PuTTY stores connection information in the registry, > but how does it work for more users if they all share the same > server, thus the same registry? PuTTY stores settings in the HKEY_CURRENT_USER hive of the Registry, so each individual Windows user will have his own PuTTY settings. This works even when PuTTY is running on a Windows Terminal Server or Citrix server. (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com> Message-ID: Organization: WOMUMP Date: 17 Nov 2006 18:11:31 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY and unix domain sockets / windows named pipe roytam@gmail.com writes: > >It is nice to see if PuTTY can work with unix domain sockets / windows >named pipe. PuTTY doesn't directly support this. However, it does support a "local proxy" where input/output come from a process' standard input / output. http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy If you can find a command which will connect that to a Unix domain socket / named pipe, you should be fine. 0.58 supports this on Unix, but on Windows you'll need a recent development snapshot for local proxy support. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 210.6.239.200 NNTP-Posting-Date: Mon, 20 Nov 2006 02:12:06 +0000 (UTC) References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com> Message-ID: <1163988722.648896.144730@f16g2000cwb.googlegroups.com> Date: 19 Nov 2006 18:12:02 -0800 From: roytam@gmail.com Subject: Re: PuTTY and unix domain sockets / windows named pipe Jacob Nevins wrote: > roytam@gmail.com writes: > >It is nice to see if PuTTY can work with unix domain sockets / windows > >named pipe. > > PuTTY doesn't directly support this. > > However, it does support a "local proxy" where input/output come from a > process' standard input / output. > > http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy > > If you can find a command which will connect that to a Unix domain > socket / named pipe, you should be fine. > > 0.58 supports this on Unix, but on Windows you'll need a recent > development snapshot for local proxy support. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html It is hard to find a tool to attech a named pipe to telnet connection or STDIO for windows. As the serial backend is done, I think UNIX domain socket / named pipe can be easily done by modify the serial backend a bit. named pipe example: http://msdn2.microsoft.com/en-us/library/aa365592.aspx UNIX domain socket example: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html Regards, Roy ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: University of Hertfordshire Date: 1 Jul 2002 15:55:21 GMT From: Ian Gregory Subject: Re: X over ssh tunnel In article , J wrote: >Alan Coopersmith wrote: > >> J writes in comp.security.ssh: >> |If i open a ssh tunnel for X-display forwarding (programs i run on the >> |server appear on my desktop), is it possible for someone else on the >> |server to see my X-display? >> |If so under which circumstances? >> >> Yes, if you do something stupid like 'xhost +' or 'xhost +server' to >> disable X security - but that's true regardless of whether or not you >> use ssh. (And of course, on most UNIX systems, someone with root access >> can always do all sorts of evil things and there's nothing you can >> really do about that.) >> > >And if i dont run xhost. is there still any danger? >I recognised that x is listening on port 6000. does >that have anything to do with the display? Anyone can make a TCP connection to port 6000 and speak X. Whether that gets them anywhere depends. If you have done 'xhost +' they *can* use your display which includes capturing your keystokes. You could disable xhost authentication and then they would have to somehow steal your magic cookie to gain access. In any case, if you use ssh with X forwarding, there is no need to have the X server listen on 6000. If your particular X server has the option of not listening then use this, otherwise use IP filtering to block external access to pot 6000 if you are worried. -- Ian Gregory Systems and Applications Manager Learning and Information Services University of Hertfordshire ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: only myself Date: Sun, 30 Jun 2002 15:30:48 +0000 (UTC) From: Dimitri Maziuk Subject: Re: Using SSH over SSL begin 666 your_newsreader_is_broken thus spake Kornshell: > > I'm wanting to do some performance tests using unencrypted SSH > connections over SSL Vs. SSH connections using the built in ciphers. > I'm trying to see if I can squeeze a little more performance from ssh > and scp (without doing TCP tuning) I have been trying to use stunnel > to tunnel my connection, but it doesn't seem to be working. I have > stunnel and SSH (along with the daemon) running in my user space since > I don't (and won't) have root access to the two machines that I'm > doing the tests on. > > Has anyone out there used unencrypted SSH sessions over SSL? If so, > how would I get the stunnel server and client configured to > correctly tunnel the SSH connection? I suspect SSH (OpenSSH at least) uses SSL library for encryption anyway, so you won't see any noticeable difference. (Of course, if SSH protocol was designed properly, they'd leave encryption to SSL in the first place.) FWIW, when OpenSSH folks dropped the cipher=none option I did a few tests on large-ish files. Size increase was below 1% and transfer time increase was below the resoluton of time command. Dima -- I'm going to exit now since you don't want me to replace the printcap. If you change your mind later, run -- magicfilter config script ////////////////////////////////////////////////////////////////////////////// Apple includes an "ssh" command in Mac OS X (as of 10.1.2), which can be used from the "Terminal" environment (a VT100 emulator). For "classical" MacOS 8.x and 9.x, some client programs are MacSSH http://pro.wanadoo.fr/chombier/ NiftyTelnet SSH http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ dataComet-Secure http://www.databeast.com/ .............................................................................. Web/Portable SSH implementations: MindTerm Secure Shell Client (SSH) http://www.appgate.com/ag.asp?template=products&level1=product_mindterm Java Telnet App http://javassh.org/ .............................................................................. And for Windows, these packages not discussed above: Kermit-95 http://www.columbia.edu/kermit/k95.html SecureCRT http://www.vandyke.com/ X-SecurePro & SSHPro http://www.labtam-inc.com/ http://www.labtam-inc.com/index.php?act=products&t=overview&pid=11 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: Organization: Metro State College of Denver Computer Science http://cs.mscd.edu Date: Sat, 1 Mar 2003 09:32:01 +0000 (UTC) From: Steve Beaty Subject: MSSH: a generic Windows 95/98 ssh client The Metropolitan State College of Denver would like to announce the availability of a generic ssh client for Windows (95, 98, NT, 2000, XP, and quite possibly, WinCE). It creates and manages ssh tunnels, allowing any application to have a secure connection. Creating simple VPN's is easy. Please see the page at: http://cs.mscd.edu/MSSH/index.html Documentation is included. We also have two email discussion lists, one for users with questions and another for developers. -- Dr. Steve Beaty Associate Professor Metro State College of Denver http://clem.mscd.edu/~beatys/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: card.cc.umanitoba.ca NNTP-Posting-Date: 30 Oct 2003 14:59:55 GMT References: Message-ID: Organization: The University of Manitoba Date: Thu, 30 Oct 2003 08:59:54 -0600 From: Daryl Fonseca-Holt Subject: Re: OpenSSH e SPARC Solaris 7 Fillo wrote: > > Could you help me ?!? > > I've follow the faq to install SSH over Solaris 7. > http://www.sunfreeware.com/openssh26-7.html > On one machine it's all ok... but another one 250 accept the SSH login but > teratermSSH immediatly shutdown... I can't read two lines of login before > the login close... > Wht's the problem ?!? > > Thanks > Filippo It may be that TeraTermSSH only supports Protocol 1. [yes] Most SSH is shipping now with it disabled as it is considered less secure. Check sshd.config for a line that should look like: Protocol 2,1 That line says negotiate for Protocol 2 first but if the client is unable fallback to Protocol 1. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.lang.java.programmer, comp.lang.java.softwaretools Message-ID: References: Date: 24 Nov 2003 13:29:10 -0800 From: Nuggy Subject: Re: SSH Client Andreas Schmidt wrote in message news:... > Am 10 Nov 2003 16:44:42 -0800 hat Nuggy > geschrieben: > > > I'm looking for an SSH client to imbed into my application. > > > I need to incorporate this into my client app somehow, but I'm not > > familiar enough with SSH to plod through all of the source code in > > SSHTools's j2ssh and SSHTerm to be able to understand it all > > (literally dozens of source files in these.. with very little > > documentation that I could find). I've got as far as creating and > > Maybe "jsch" has a better documentation? > Have a look at http://www.jcraft.com/jsch/ I was able to get both j2ssh and mindterm to port easily, but I was running into display problems. I tried jsch, and integrated it fairly easily, but I encounter the same display problems; namely running a script that calls an executable produces output from the script, but not from the executable *until* the executable finishes, at which point all output is then displayed. It accepts input just fine. See my post in comp.security.ssh for details. Thanks for the suggestion. .............................................................................. Newsgroups: comp.security.ssh Message-ID: Date: 21 Nov 2003 13:16:49 -0800 From: Nuggy Subject: Can't see output in SSH I am having problems with seeing output from a program using SSH. I need to pass in a script to execute. Inside the script, an executable program is called, which starts up an interactive data-entry session with the user (display question, read input, rinse, repeat). If I use putty from the command line without calling the script, I get my prompt, and can run the script and see the program execute just fine. But if I pass in a command file with the script in it, the script still executes, it displays output from the script just fine, and runs the executable, but the output from the executable is not displayed on my screen immediately. It can still accept input.. I can I can respond to prompts I know are there, and it will accept and respond to my keystrokes.. but I never see the output, UNTIL the executable finishes, as which point all the output that it produced flashes briefly in the window before the window closes. I am seeing identical behavior using MindTerm's SSH java client which I have integrated into a java application. The window comes up and displays shell output fine, but the executable's output isn't shown until it's in the process of closing the window when it completes. Again, with either putty or mindterm, if I don't pass in the command to execute, I get my UNIX prompt, and I can type in the command to start the script, and I see and can interact with the executable just fine. It's only when I pass in the script to run that I can't see the executable's output. What am I missing? I need to have this dynamic; having to type in the command at the prompt each time is not an option. Please help! my putty command line that works but I have to type in the command: c:\putty.exe.lnk -ssh -t -l -pw -2 The other one I tried that won't display the executable output: c:\putty.exe.lnk -ssh -t -l -pw -2 -m c:\cmdfile where "c:\cmdfile" is a text file containing the path to the UNIX script to run. I'd much rather use MindTerm since I've already integrated the BasicClient into my application, as I don't really want to have 50 different "cmdfile"s on my drive for the many different commands I will be running, so though I appreciate any help on either putty or mindterm, information to help me get mindterm working would be awesome. Thanks! -Nuggy (PuTTY) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 210.196.132.178 NNTP-Posting-Date: Thu, 24 Mar 2005 10:33:28 +0000 (UTC) Message-ID: <1111660404.514944.231540@z14g2000cwz.googlegroups.com> Date: 24 Mar 2005 02:33:24 -0800 From: "hakim.ron@gmail.com" Subject: PuTTY GUI as windows cmd.exe replacement Hi everyone, Did anyone ever try to replace the PuTTY core, and just try to execute cmd.exe instead. I really dislike working with the command prompt, although sometimes I have to. This is in complete contrast to the PuTTY GUI, which I find very easy to work with. So I was thinking about taking out the bulk of the PuTTY core, and replacing it a call to cmd.exe. Hopefully cmd will detect it already has a window, and not try to create on of it's own. Did anyone try this in the past? With any success? Where can I get it? (getting ahead of myself, as I don't see I'll have time to try to do this myself in the near future) Thanks, Ron .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1111660404.514944.231540@z14g2000cwz.googlegroups.com> Message-ID: Organization: Linux Unlimited Date: 24 Mar 2005 11:33:30 +0000 (GMT) From: Ben Harris Subject: Re: PuTTY GUI as windows cmd.exe replacement In article <1111660404.514944.231540@z14g2000cwz.googlegroups.com>, hakim.ron@gmail.com wrote: > > Did anyone ever try to replace the PuTTY core, and just try to execute > cmd.exe instead. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-command-prompt.html The upshot of which is that it looks like Windows doesn't have Unix-like pseudo-terminals, and just running cmd.exe in a pair of pipes loses you command-line editing. -- Ben Harris ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: Organization: Yeah, right Date: 09 Nov 2003 10:24:23 +0000 (GMT) From: Simon Tatham Subject: Re: PuTTy escape sequence > menno wrote: >> I'm looking for an escape sequence for putty, with which I can change the >> port forwarding/tunneling while the connection is open. Julian Hsiao wrote: > I think this is pretty close to this item on the wish list: > Confusingly, some people use the phrase `escape sequence' to mean the commands you (as the user) can send into OpenSSH by typing ~ as the first character of a new line. So it's possible that the original poster didn't mean it in the same way you (and I) would naturally use the phrase. > So, I assume it can't be done, and will never be implemented. If your interpretation is correct, then you're quite right; having PuTTY able to modify its port forwarding setup in response to output sent by the server would be a major security misfeature. However, if the original poster merely wants a way to reconfigure port forwardings in mid-session from the client end, that is something I do want to do: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/portfwd-reconf.html -- Simon Tatham "My heart bleeds. (That's how it works.)" -- Gareth Taylor ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: c-24-128-53-74.hsd1.ma.comcast.net [24.128.53.74] NNTP-Posting-Date: Mon, 16 May 2005 08:32:58 -0500 References: <1116244367.969917.198280@z14g2000cwz.googlegroups.com> Message-ID: Date: Mon, 16 May 2005 09:35:07 -0400 From: Nico Kadel-Garcia Subject: Re: UseLogin yes and X11 encryption wrote in message news:1116244367.969917.198280@z14g2000cwz.googlegroups.com... > > If I have UseLogin enabled, I realize that X11Forwarding is disabled > because login can't handle it. So if I export my display, do a xhost +, > and open an xterm, is my connection still encrypted? In other words, > are X11 packets still encrypted even though X11Forwarding is disabled? > I'm using recent versions of openssh. SSH encryption of X connections via X11Forwarding creates a tunnel to carry such traffic safely, point-to-point, instead of exposing your local machine to the world. What you ve done is to completely open your local X server to remote manipulation by anyone who can reach your machine from elsewhere in your network, and depending on your configuratiion anywhere in the world. This can include some very nasty vulnerabilities, and some amusing ones. When I caught someone doing that at an old workplace, despite my repeated warnings about it and explanations of how to use SSH X11 forwarding, I ran the "xroach" program on their unsecured display without their knowledge while they were away at lunch. The screams when they moved a window and the roaches popped out from under it and ran around the screen were *prize*, followed by the shaky laughter when they figured out what had happened, and I showed them how to *splat* the roaches with the mouse. It did make my point, and they stopped doing that. ////////////////////////////////////////////////////////////////////////////// References: Message-ID: Organization: WOMUMP Date: 15 Nov 2004 15:07:25 +0000 (GMT) From: Jacob Nevins Subject: Re: Putty vs MC numeric keypad HOW? [followups set to comp.terminals] Nagy Gergely writes: > >I use Putty for 3 years to access my servers, and i was also since >then looking for a solution to get the numeric keypad in MC (Midnight >Commander) working. > >The only thing i DON'T want, is to teach MC to the keypad, because my >linux based terminals will not work properly after that. > >Is there any solution, setting Putty or the server side? You haven't stated precisely what your problem is. On experimenting, I find (with a Debian potato server) that checking "Disable Application Keypad Mode" in PuTTY (on the Features panel) allows me to use the keypad in MC in both cursor-keys-etc and numeric mode, switching with Num Lock. Without this, Num Lock acts as a function key (causing help to be invoked as if F1 were typed), so only the cursor-keys mode is accessible. It's possible that this may break other apps though--try it and see. http://the.earth.li/~sgtatham/putty/0.56/htmldoc/Chapter4.html#S4.6.1 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: Yeah, right Date: 29 Jan 2005 13:27:28 +0000 (GMT) From: Simon Tatham Subject: Re: Hot-key to minimize Putty Barry wrote: > > Alt+Space+N usually minimizes the current window, but it doesn't > work for Putty. You should be able to configure it to (Window -> Behaviour -> System menu appears on ALT-Space). -- Simon Tatham "Imagine what the world would be like if there were no hypothetical situations..." .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Date: Sat, 29 Jan 2005 20:06:44 EST NNTP-Posting-Host: pool-70-23-20-115.ny325.east.verizon.net [70.23.20.115] References: Message-ID: Date: Sun, 30 Jan 2005 01:06:44 GMT From: Barry Subject: Re: Hot-key to minimize Putty > You should be able to configure it to (Window -> Behaviour -> System > menu appears on ALT-Space). > -- > Simon Tatham "Imagine what the world would be like if > there were no hypothetical situations..." Thanks guys. Simon: That works. I configured Putty to open the system menu on ALT-Space, so I just have to program down-arrow clicks to get to "minimize" and then click "return." I'm glad that worked because there's no way to use sendkeys to click the Windows icon key, and I don't want to learn C just for this. Barry ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: Date: Fri, 21 Nov 2003 10:14:56 +0100 From: Oli K-u-r-t Subject: Re: sftp on win Eric wrote: > try: sftp -s /usr/local/libexec/sftp-server user@hostname > > note: assume sftp-server is located in /usr/local/libexec directory > and on unix server. > checks - /usr/local/libexec is world accessable > /usr/local/libexec/sftp-server is world executable > create a symbolic links for sftp-server either in /usr/bin or > /usr/local/bin to point to /usr/local/libexec/sftp-server > also, put /usr/local/libexec in the search path > > hope this help. Unfortunately it didn't work. I uninstalled the package from http://lexa.mckenna.edu/sshwindows/ and in place of that I installed the cygwin OpenSSH stuff. And now it works pretty fine. I don't know, but maybe that coheres with my Windows XP, I also tested OpenSSH from http://lexa.mckenna.edu/sshwindows/ on my Windows 2000 machine and there it works out of the box. Anyhow, problem solved. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: <3fba15d2$1@buckaroo.cs.rit.edu> References: <98c767fe.0311180204.62c1d3dc@posting.google.com> Organization: RIT, Department of Computer Science Date: Tue, 18 Nov 2003 07:49:04 -0500 From: Carl Holtje Subject: Re: SSH vs Telnet? Ian Tresman wrote: > > What's the difference between SSH and Telnet? > > Having created an RSA key for my server, I find that PuTTY does not > need my Private RSA key if I select SSH1, just my username and > password? In which case, what's the point of uploading my public > RSA key? > > Regards, > Ian Tresman > Derby, UK SSH = encrypted Telnet = plaintext To see this in action, sit on a network where you can run a packet sniffer... log into a machine using telnet (observe your password in the clear), and then the same with ssh... Telnet runs on TCP port 23, SSH on TCP port 22 for your filtering pleasures... When in doubt, USE SSH!!!.. and not SSHv1... There are ways of configuring your authentication methods.. this is generally a server-side thing, so you may or may not have access to this.. In either event, once your session has been established (even before the password is sent), your communication is secured... For more fun, ssh someplace with the -v (for verbose) switch to ssh... this will show the handshake protocol in gory detail.. :) Enjoy.. Carl -- "There are 10 types of people in the world: Those who understand binary and those that don't." $>whoami: Carl Holtje $>mail holtje: cwh0803@cs.rit.edu $>cu: http://www.cs.rit.edu/~cwh0803 $>whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: <98c767fe.0311180204.62c1d3dc@posting.google.com> <3fba15d2$1@buckaroo.cs.rit.edu> Organization: WOMUMP Date: 18 Nov 2003 23:20:59 +0000 (GMT) From: Jacob Nevins Subject: Re: SSHv1 vs SSHv2 (was: SSH vs Telnet?) Rob Stampfli writes: >Carl Holtje wrote: >>When in doubt, USE SSH!!!.. and not SSHv1... > >I know the conventional wisdom is that there are problems, >or at least deficiencies, with SSHv1, but I have been unable >to find any specifics as to why SSHv1 should be avoided on >the internet. Rather, it always appears as convention wisdom. Here's something that may be somewhat better: http://www.snailbook.com/faq/ssh-1-vs-2.auto.html Unfortunately the link about the CRC-32 insertion attack appears to have rotted, but that should be enough to Google for. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 24.34.60.41 NNTP-Posting-Date: Tue, 09 Dec 2003 12:14:07 -0600 Message-ID: Date: Tue, 9 Dec 2003 13:14:32 -0500 From: Eric Subject: Mocana SSH and SSL Hi All, Don't know if I am allowed to advertise - if not - I apologize and will not do again..... Mocana provides SSH and SSL for embedded systems, written from the ground up. Very fast and very small (SSL is 50kb, SSH 70kb). Written in C, royalty Free, and support for any RTOS (including Linux) or any Processor. Here are some special features unique to Mocana......... SSH *Highly portable, coded in ANSI-C *Well written, designed for embedded systems *All functions return an error status - unique to mocana wrt openssx *Easy to read code *70kb footprint - smallest in the industry *Support SSHv2 standard *Low memory utilization per connected client - unique to mocana *Zero-threaded - unique to mocana *Synchronous API (familiar BSD-like socket API) - unique to mocana *Asynchronous API (packet notification based TCP/IP stack) - unique to mocana *Key generation support *Strong cryptology *Any platform (RTOS not a requirement) *Support for SRP *File system not required *Highly optimized SSL *50kb footprint - smallest in the industry *Automatic Key Generation - unique mocana feature *Automatic ASN.1 X509 certificate generation - unique to mocana *All functions return an error status - unique to mocana *Easy to read code *Support SSLv3 standard *Low memory utilization per connected client - unique to mocana *Zero-threaded - unique to mocana *Synchronous API (familiar BSD-like socket API) - unique to mocana *Asynchronous API (packet notification based TCP/IP stack) - unique to mocana *Key generation support *Strong cryptology *Any platform (RTOS not a requirement) *File system not required *Highly optimized Please contact me, should you want additional information. Eric@emRep.com ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell, comp.unix.programmer References: Message-ID: Date: Tue, 18 Nov 2003 23:52:17 GMT From: Darren Dunham Subject: Re: Forcing SSH to timout after a certain time if it isn't responding In comp.security.ssh andy wrote: > Hi, > I'm wiritng a Bash script where I want to check if I can SSH into a > certain IP-address in a function. If the SSH call does nto respont for > 2 seconds I want to kill the process, but if it responds before 2 > seconds then it > shudnt have to wait unnecessarily for 2 seconds. > here the code i was trying: [snip] Why not just specify the connection timeout? > `ssh -q "$1" /bin/true &> /dev/null &` Note that -q turns off messages, but it does not prevent the client from asking necessary interactive questions... You'd need BatchMode for that. ssh -o BatchMode=yes -o ConnectTimeout=2 /bin/true > /dev/null -- Darren Dunham ddunham@taos.com Unix System Administrator Taos - The SysAdmin Company Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > .............................................................................. Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell, comp.unix.programmer NNTP-Posting-Host: 63.104.116.5 NNTP-Posting-Date: Wed, 19 Nov 2003 16:43:18 EST References: Message-ID: Date: Wed, 19 Nov 2003 21:43:18 GMT From: Darren Dunham Subject: Re: Forcing SSH to timout after a certain time if it isn't responding In comp.security.ssh andy wrote: > I tried using > ssh -o BatchMode=yes -o ConnectTimeout=2 /bin/true > > /dev/null > But it gives me the follwing error: > command-line: line 0: Bad configuration option: ConnectTimeout > I looked in my ssh_config file, and also in 'man ssh_config', and i > didnt see ConnectTimeout mentioned in either place. > Does this mean I have an older version of ssh? Is there any otehr way > I can ahceive that functionality? You could fork a program that would kill the process in 2 seconds. If it exits, then the kill will just not work. Something like this. There might be some tweaking needed. LOOP.. ... ssh -o BatchMode=yes $host /bin/true > /dev/null & SSH_PID=$! (sleep 2 ; kill $SSH_PID >/dev/null 2>&1)& STATUS=wait $SSH_PID ... The wait should block until the ssh exits, either from a normal exit or because it's killed. Of course you probably want to upgrade anyway. -- Darren Dunham ddunham@taos.com Unix System Administrator Taos - The SysAdmin Company Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 63.104.116.5 NNTP-Posting-Date: Wed, 23 Jun 2004 15:47:34 EDT References: <2ju2t4F15tji1U1@uni-berlin.de> Message-ID: Date: Wed, 23 Jun 2004 19:47:34 GMT From: Darren Dunham Subject: Re: OpenSSH: force password authentication cat54me wrote: > > Hi all, > I set up passwordless public key authentication from a client to a > server to run an automated backup job (rsync). > I am running OpenSSH 3.6.1p2 on Red Hat Enterprise Linux 3. > I set up the public key with a forced command on the server, in order to > run validating script and only allow the backup task, otherwise it will > close the ssh connection, and It works fine. And unstated, I suppose you also set up a private key on the local client in the default location for the client identity. > But sometimes I need to connect to the server via ssh to run some > interactive commands and would like to use password authentication for that. > Right now that is not possible, since when I try to connect to the > server via ssh, the ssh client will pick up the PKI authentication first > and the forced command (validating script) on the server won't allow me > an interactive session, it will close the ssh connection. > Is there any way to force the ssh client to use password authentication > first only for interactive sessions? E.g. a command line switch or > something like that ... Take a look at the options available in the ssh_config file. One way is to have the restricted key not be in the default identity file. Make the automated process reference it explicitly. (I do this preferentially) ssh -o IdentityFile=auto_backup ... or ssh -i auto_backup ... Another way is to change the attempted authentication methods. ssh -o PreferredAuthentications=keyboard-interactive,password ... Or just disable public key authentication. ssh -o PubkeyAuthentication=no ... -- Darren Dunham ddunham@taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: adsl-68-79-141-72.dsl.emhril.ameritech.net NNTP-Posting-Date: Fri, 19 Nov 2004 23:50:33 EST References: Message-ID: Date: Sat, 20 Nov 2004 04:50:33 GMT From: Neil W Rickert Subject: Re: dtwm and ssh-keygen Coy Hile writes: > > Is there an easy way that I'm missing to make dtwm get launched from > ssh-agent (so that the entire window manager rather than a single shell > is the ssh-agent for things like ssh-add) so that I can type my > passphrase once and then be able to connect to anywhere that used the > same RSA keys without typing my passphrase. I just use eval `ssh-agent -s` toward the end of my ".dtprofile" ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: kebe.east.sun.com NNTP-Posting-Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC) References: Message-ID: Organization: Solaris Networking & Security Engineering Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC) From: Dan McDonald Subject: Re: SSH - securing the port In article , Greg Menke wrote: >Gary vonBergen writes: > >> I had the somewhat dubious honor of doing an evaluation of SSH >> a while back for the USAF's C2IPS program. In a test LAN I used >> a Solaris server and a Windows box (with the companion piece F-Secure >> on board). I placed a second server (Solaris) on the net and used >> the snoop utility to inspect the network traffic. I can tell you >> that SSH is not (I repeat for clarity NOT) secure. It is better than >> open telnet but it does open negotiate crypto method and passes keys >> in the clear as part of its startup. couple this with the open I don't see what's wrong with open negotiation of the method. Passing keys in the clear, however, can be a problem. BTW, were you looking at SSHv1? SSHv2 fixed MANY of the problems in the protocol. >> I would like to stress that there is nothing better than SSH that >> I know of. Worse with the current status of the laws governing >> cryptography nothing better can be created. Any commercial product >> has to have a method or key that can be furnished to the authorities >> on demand with court order ---- but that trapdoor has to be there >> by law. You are incorrect. My commercial product may have restrictions on the _strength_ of the ciphers involved, but I have no trapdoors or secret entrances in my particular set of security protocols (IPsec and IKE). Sure you can access the keys if you are root on the system, but if you're root, all bets are off anyway. If you don't trust the IKE protocol for key exchanges, do manual keying. In my previous job we used to refer to "keying by Marine guard" as a valid option. And now on to the actual previous poster, as opposed to the one two before... > How does the open negiotiation of the first phases of the crypto make > ssh insecure? What specific attacks can take advantage of it? And > please define what "not secure" means. SSH (both v1 and v2) are vulnerable to a man-in-the-middle attack if operated in their default modes. The first time you see a public-key fingerprint for a remote host, you either have seen it from the server's administrator--out of band--or are taking it on faith. I can theoretically intercept your traffic and rewrite it in both directions, fooling both sides at once. Only a trusted third party, or other out-of-band sharing can thwart this. (There may be other more interesting ways... but I suspect they can reduce to some sort of trust chain or out-of-band proof). > If ssh really is as insecure as you suggest, I'm sure the community at > large would be very interested in fixing it. Hence all of the stuff that got fixed in SSHv2. > principles of the crypto in ssh (and pgp) is that the value is in the > keys and algorithm, not the sourcecode. The more widely the source > and algorithms are studied, the more its claims can be proved or > disproved. Please be specific about how the availability of source > decreases the effectiveness of the encryption algorithms- I'd > appreciate citations. I agree with you and disagree with the previous poster. Modulo trojans on unwary folks, available source is nothing but goodness. > No doubt the black helicopter folks can crack modern public crypto "Can crack" is obvious. "At what expense" is not, and I'm sure is the subject of much speculation. -- Daniel L. McDonald - Solaris Networking & Security Engineering Mail: danmcd@east.sun.com | * MY OPINIONS ARE NOT NECESSARILY SUN'S! * 1 Network Drive Burlington, MA |"rising falling at force ten http://blogs.sun.com/danmcd/ | we twist the world and ride the wind" - Rush ////////////////////////////////////////////////////////////////////////////// 2006-12-13 Rapid7 has a free software package, SShredder, which claims to test various SSH (Secure Shell) vulnerabilities: http://www.rapid7.com/securitycenter/sshredder.jsp ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: dorado.ce.chalmers.se References: <1105524876.765566.167120@c13g2000cwb.googlegroups.com> Message-ID: Organization: Chalmers University of Technology, Sweden Date: 18 Jan 2005 23:29:57 GMT From: Fredrik Lundholm Subject: Re: SSH'ing between Sol 8 -> Sol 10 hosts In article <1105524876.765566.167120@c13g2000cwb.googlegroups.com>, jrt409 wrote: > > Hi, > I have two hosts - Solaris 8 host running SSH v1.2.30 trying to connect > to a Solaris 10 (build 72) host running the stock std version of SSH. > When i attempt to connect to the Solaris 10 host i get the following > error even after I've unhashed the "Protocol 2,1" line in the > /etc/ssh/sshd_config and restarted sshd. Yes, you will also need to regenerate you host keys in a supported format that will work with ssh1/ssh2. I do like this (Solaris 9) in a jumpstart script: echo "Solaris ssh v1 +fix" /etc/init.d/sshd stop rm /etc/ssh/ssh_host_rsa_key ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_rsa_key -P '' /etc/init.d/sshd start ////////////////////////////////////////////////////////////////////////////// Maybe run an X session under ssh-agent in Solaris? http://docs.sun.com/app/docs/doc/816-4557/6maosrjjq?a=view ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: phorcys.east.sun.com NNTP-Posting-Date: Wed, 29 Jun 2005 13:07:23 +0000 (UTC) References: Message-ID: Organization: Sun Microsystems Date: 29 Jun 2005 09:07:23 -0400 From: James Carlson Subject: Re: forwarding ssh explaination? "Jerry Lee" writes: > > If someone has a time to help me, please explain to me about following > question. This isn't really a Solaris question; there's probably a better group available for it. > ssh -r 4242:localhost:22 mhpark@213.22.123.12 password is changeme ssh doesn't have a "-r" option, so that's probably not the command used. The command might be "-R". -R is documented on the ssh(1) man page. In short, it says that port 4242 should be opened as a "listen"-type port on the remote machine, and when any connection is attempted to that port on the remote machine, a separate connection is made by the local machine to localhost:22 (the sshd port), and data is tunneled by ssh between the two. > I don't understand what's going on with this command correctly. > I just know that this command is used for forwarding ssh session, etc. Right. The remote peer would do something like this: ssh -p 4242 someuser@213.22.123.12 ... The connection would then be forwarded through to localhost:22 by the ssh session created as you original posted. -- James Carlson, KISS Network Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.aix NNTP-Posting-Host: adsl-68-255-16-162.dsl.emhril.ameritech.net NNTP-Posting-Date: Sat, 14 May 2005 08:29:57 EDT References: Message-ID: <9bmhe.1264$bj5.725@newssvr31.news.prodigy.com> Date: Sat, 14 May 2005 12:29:57 GMT From: C C Subject: Re: SSH in AIX 4.3+ "Ian Northeast" wrote in message news:pan.2005.05.11.19.34.19.698732@house-from-hell.demon.co.uk... > > On Wed, 11 May 2005 18:43:53 +0000, C C wrote: > > > > How do I startup SSH in my RS6000 with AIX 4.3? > > If you can find an old copy of the "toolbox for Linux" CD which comes with > AIX nowadays, one with the "RPMS/ppc-4.3.3" subdirectory, as shipped with > the original AIX 5.1, you can install it from that. I wouldn't expose one > that old to the Internet though. It used to be available for download but > I think they removed all the 4.3.3 stuff. > > You can get a version from > > http://www.bullfreeware.com/ > > There are more recent ones there. > > Or get the source from > > http://www.openssh.org/portable.html > > and build it yourself. I recommend this if it's exposed to the Internet. > > Regards, Ian Thanks. Is this pretty easy to install? Does it need a reboot? ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Tue, 19 Apr 2005 20:38:29 -0500 References: Message-ID: Date: 19 Apr 2005 21:38:29 -0400 From: Richard E. Silverman Subject: Re: ssh and .rhosts or .shosts http://www.snailbook.com/faq/no-passphrase.auto.html [includes unattended operation] http://www.snailbook.com/faq/trusted-host-howto.auto.html -- Richard Silverman res@qoxp.net ////////////////////////////////////////////////////////////////////////////// Top Ten SSH FAQs http://sysadmin.oreilly.com/news/sshtips_0101.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: list.stratagy.com References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Organization: The Late, Great Stratagy Users Group Date: Thu, 3 Feb 2005 12:51:01 EST From: Richard S. Shuford Subject: evaluate the best SSH client (was: Print in PuTTy) byrapaneni(*)gmail.com wrote: | | I came across ( FREE licence) TeraTerm Pro Web 3.1.3 - Enhanced | Telnet/SSH2 Client at http://www.ayera.com/teraterm/. This Telnet has | the print functionality built in. I also found 'Absolute Telnet' on | http://www.celestialsoftware.net/ for $19.00 a piece when you buy 10 | or more. | | Could someone please post their findings/facts/reviews on these. | I was [assigned] to a new project to find / [evaluate] the best | SSH client for our organization. While it is good that Yutaka Hirata has lately undertaken to enhance TeraTerm for SSH2, I've tried the January 2005 "UTF-8 TeraTerm Pro" release and found it unstable (at least under Windows 98SE on my home machine). But I hope he will keep working on it. There are many terminal-emulation programs available in the world: some free, and numerous commercial products. You give no clues about what kind of organization you belong to, but many enterprises would be better off with a commercial product where the users can get technical support by telephone. In contrast, a free product must give a warning, not a warranty: The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair, or correction. Over the last two years, many vendors of terminal-emulating Telnet clients have enhanced them to support SSH connectivity; some also support other secure connection types, notably Kerberos and SSL. SSH is popular because its administrative overhead is relatively low, compared to the other secure-connection schemes, however, this plus can quickly become a minus--there may be no quick way to revoke a user's access if the access keys become compromised. (Suppose the president of a business connects to all his accounts by SSH from his laptop computer, and then the laptop gets stolen at the airport?) (Just to complete the picture, security can be provided at a lower level of the networking stack using IPsec. With IPsec ESP beneath it, even ordinary Telnet-over-TCP becomes secure.) Anyway, for your investigation, you should check the following web page, where I maintain links to nearly all terminal-emulation, Telnet, and/or SSH client programs. http://www.cs.utk.edu/~shuford/terminal/pc_emulation.html This is part of my "Video Terminal Information" archive: http://www.cs.utk.edu/~shuford/terminal_index.html ...RSS -- Your cow joke might be worth a Frisbee. http://www.stonyfield.com/weblogarchives/DailyScoop/000651.html .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Thu, 03 Feb 2005 15:34:46 -0600 References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Date: 03 Feb 2005 16:34:42 -0500 From: Richard E. Silverman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) >>>>> "RSS" == Richard S Shuford writes: RSS> In contrast, a free product must give a warning, not a warranty: RSS> The entire risk as to the quality and performance of the RSS> program is with you. Should the program prove defective, you RSS> assume the cost of all necessary servicing, repair, or RSS> correction. Most EULA's on commercial software say essentially the same thing -- disclaiming all warranties except replacing defective media. Support is certainly a valuable service, but let's not pretend that commercial software vendors provide warranties as to the correct functioning of their software. Overwhelmingly, they do not. RSS> SSH is popular because its administrative overhead is relatively RSS> low, compared to the other secure-connection schemes, however, RSS> this plus can quickly become a minus--there may be no quick way RSS> to revoke a user's access if the access keys become compromised. It is not accurate to ascribe this behavior to "SSH," as if it were a limitation of the protocol. Rather, it is true if you use the default, simplistic key-management/authorization mechanisms (known_hosts, authorized_keys, etc.). The main SSH implementations, both free and commercial, now support Kerberos and PKI (and they interoperate to boot). -- Richard Silverman res@qoxp.net .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: list.stratagy.com References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Organization: The Late, Great Stratagy Users Group Date: Thu, 3 Feb 2005 22:51:02 EST From: Richard S. Shuford Subject: Re: evaluate the best SSH client (was: Print in PuTTy) Richard E. Silverman wrote: | | Most EULA's on commercial software say essentially the same | thing--disclaiming all warranties except replacing defective media. | Support is certainly a valuable service, but let's not pretend that | commercial software vendors provide warranties as to the correct | functioning of their software. Overwhelmingly, they do not. Perhaps I let poetic metaphor obscure the point. With a commercial product, when something goes wrong, you can generally get somebody on the telephone to help you. The "something" need not be a defect in the program: there are many possible modes of failure. Figuring out the source of a problem often requires technically informed diagnostic troubleshooting, and it is unwise to expect that a naive user can perform such troubleshooting unassisted. Support for free software is typically obtained from volunteers, who frequent Usenet and certain web sites in their spare time and answer questions out of a spirit of helpfulness. But it is very difficult for such a volunteer to direct a troubleshooting procedure while communicating through casual Internet means. For some problems, you've got to talk interactively to solve them. (It is possible that some third-party person or company will sell the service of providing telephone support for a free software product, but such support is not always available.) If an organization's users are able to get by with volunteer support, or if the organization contains experts who can help out when one session's output mysteriously freezes (when somebody typed Control-S by accident!), then there is more leeway to adopt free software. | It is not accurate to ascribe this behavior to "SSH," as if it were | a limitation of the protocol. Rather, it is true if you use the | default, simplistic key-management/authorization mechanisms | (known_hosts, authorized_keys, etc.). The main SSH implementations, | both free and commercial, now support Kerberos and PKI (and they | interoperate to boot). I'll guess that 99 and 44/100th percent of people who are connecting via SSH are using known_hosts and authorized_keys (or equivalents). However, if you've got a list of implementations that can use Kerberos and PKI, please post it, and the rest of us can be better informed. ...RSS -- Juvenile-delinquent heifers and steers commit vandalism. http://www.stonyfield.com/weblogarchives/BovineBugle/000798.html .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Fri, 04 Feb 2005 00:06:24 -0600 References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Date: 04 Feb 2005 01:06:13 -0500 From: Richard E. Silverman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) >>>>> "RSS" == Richard S Shuford writes: RSS> However, if you've got a list of implementations that can use RSS> Kerberos and PKI, please post it, and the rest of us can be RSS> better informed. OpenSSH and VShell/SecureCRT (VanDyke) support Kerberos via GSSAPI; Tectia (ssh.com) supports both Kerberos and X.509 certificates. -- Richard Silverman co-author: SSH, The Secure Shell (The Definitive Guide) http://www.oreilly.com/catalog/sshtdg .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: 24.193.46.55 NNTP-Posting-Date: Sat, 05 Feb 2005 08:26:55 EST References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: <4204CA45.5050906@nyc.rr.com> Date: Sat, 05 Feb 2005 13:26:55 GMT From: Jeffrey Altman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) Richard S. Shuford wrote: > > I'll guess that 99 and 44/100th percent of people who are connecting > via SSH are using known_hosts and authorized_keys (or equivalents). > However, if you've got a list of implementations that can use Kerberos > and PKI, please post it, and the rest of us can be better informed. > ...RSS Kermit 95 supports SRP, GSS-Kerberos 5, in addition to the traditional shared keys and password based authentication methods. -- Jeffrey Altman .............................................................................. Newsgroups: comp.terminals, comp.security.ssh NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1151582345.037066.151790@m73g2000cwd.googlegroups.com> Message-ID: Organization: WOMUMP Date: 30 Jun 2006 11:20:35 +0100 (BST) From: Jacob Nevins Subject: Re: Putty Authentication [ followups set ] Joao writes: > > I'd like to be authenticated in the SSH server side using Putty, > so, is it possible to use a X509 Certificate? PuTTY does _not_ support X.509 authentication with SSH. (There may be some third-party fork/patch which does so, but I'm not aware of one.) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 81.5.153.194 NNTP-Posting-Date: Fri, 18 Feb 2005 15:40:26 +0000 (UTC) References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> Message-ID: <1108741221.933727.115680@f14g2000cwb.googlegroups.com> Date: 18 Feb 2005 07:40:21 -0800 From: Moray Subject: Re: Line draw in PuTTY Thanks for the reply - and thanks for the dialog package: we use it extensively. Replacing man wouldn't really help me, though - I'll need unicode characters in filenames, too. I have found part of the problem: with TERM=xterm or TERM=putty, dialog outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing - which does not work in UTF-8 mode. Is that a limitation of those terminals themselves, or of the terminfo files? With TERM=linux, dialog does output the correct line drawing characters for PuTTY's UTF-8 mode, although the colouring of the background is not completely filled in as it is on the console. Does anyone know a Linux TERM setting that supports Unicode and gives good results in PuTTY? .............................................................................. Newsgroups: comp.terminals References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> Message-ID: <111cir07ptli332@corp.supernews.com> Date: Fri, 18 Feb 2005 20:09:04 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Moray wrote: > > Thanks for the reply - and thanks for the dialog package: we use it > extensively. Replacing man wouldn't really help me, though - I'll need > unicode characters in filenames, too. > I have found part of the problem: with TERM=xterm or TERM=putty, dialog > outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing - > which does not work in UTF-8 mode. Is that a limitation of those > terminals themselves, or of the terminfo files? Actually that's a limitation of PuTTY (which is reflected in an accurate terminfo file for it). I'm told that in UTF-8 mode, PuTTY does not implement the VT100-style shift-in and shift-out controls (the ^N and ^O characters), but does recognize the analogous \E(B and \E(0 sequences. For some reason, PuTTY's developers choose to not document the program(*), e.g., by constructing appropriate terminfo/termcap entries. I did get some information from one of the former developers, but looking now, I see that detail was overlooked (making a note to update & test...). > With TERM=linux, dialog does output the correct line drawing characters > for PuTTY's UTF-8 mode, although the colouring of the background is not > completely filled in as it is on the console. > Does anyone know a Linux TERM setting that supports Unicode and gives > good results in PuTTY? perhaps (untested) infocmp putty >foo edit foo, add/replace the strings for rmacs and smacs to read (keep the leading tabs on the lines) rmacs=\E(B, smacs=\E(0, tic foo (*) this is not unusual, unfortunately (but what good is a terminal emulator without a correct terminal description?) -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> Message-ID: <111f3do1s75pq36@corp.supernews.com> Date: Sat, 19 Feb 2005 19:04:24 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Thomas Dickey wrote: > > > I have found part of the problem: with TERM=xterm or TERM=putty, dialog > > outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing -- > > which does not work in UTF-8 mode. Is that a limitation of those > > terminals themselves, or of the terminfo files? > > Actually that's a limitation of PuTTY (which is reflected in an accurate > terminfo file for it). I'm told that in UTF-8 mode, PuTTY does not implement > the VT100-style shift-in and shift-out controls (the ^N and ^O characters), > but does recognize the analogous \E(B and \E(0 sequences. Hmm--what I was told was incorrect. Reading the 5.6 source code, I see that PuTTY completely ignores the \E(B, etc., in UTF-8 mode. Using dialog built with ncursesw, of course, that's not a problem. (There's no need for me to modify the "putty" terminfo description). Reading down through the code, I also see a number of comments relating to xterm--several are inaccurate, since the comments relate to features of different versions of xterm (something like confusing xvt and Eterm). It would be nice if PuTTY's developers would clean those up, considering that its documentation states that it is emulating xterm. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> <111f3do1s75pq36@corp.supernews.com> Message-ID: Organization: Linux Unlimited Date: 19 Feb 2005 19:32:28 +0000 (GMT) From: Ben Harris Subject: Re: Line draw in PuTTY In article <111f3do1s75pq36@corp.supernews.com>, Thomas Dickey wrote: > > Reading down through the code, I also see a number of comments relating to > xterm - several are inaccurate, since the comments relate to features of > different versions of xterm (something like confusing xvt and Eterm). It > would be nice if PuTTY's developers would clean those up, considering that > its documentation states that it is emulating xterm. I agree that the comments in terminal.c are dire in places. If you could tell us which ones you think are inaccurate and why, that would make correcting them a lot easier. -- Ben Harris .............................................................................. Newsgroups: comp.terminals Date: Sat, 19 Feb 2005 20:03:51 -0000 Message-ID: <111f6t7m4ed2q8d@corp.supernews.com> References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> <111f3do1s75pq36@corp.supernews.com> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) From: Thomas Dickey Subject: Re: Line draw in PuTTY Ben Harris wrote: > > In article <111f3do1s75pq36@corp.supernews.com>, > Thomas Dickey wrote: >> >>Reading down through the code, I also see a number of comments relating to >>xterm - several are inaccurate, since the comments relate to features of >>different versions of xterm (something like confusing xvt and Eterm). It >>would be nice if PuTTY's developers would clean those up, considering that >>its documentation states that it is emulating xterm. > I agree that the comments in terminal.c are dire in places. If you could > tell us which ones you think are inaccurate and why, that would make > correcting them a lot easier. offhand - The comment about ENQ has been obsolete for several years: http://invisible-island.net/xterm/xterm.log.html#xterm_90 The documentation refers to titlebar sequences being supported by DECterm, but not xterm (xterm recognizes ST as well as BEL). The comment for CBT is misleading - a cursor control sequence which is standard, versus a reference to the kcbt string emitted by xterm. swap_screen - not exactly. Blame the existing usage that doesn't allow for a stack in things like save-cursor, alternate-screen, etc. The comment would read better anyway by stating what the function does. xterm-style bright foreground/background (see ctlseqs.ms - that's borrowed from aixterm, and is not actually "bright" colors). Also, I agree that it would be nice to know which manual is correct regarding the introduction of ICH and ECH. But the VT102 manual doesn't mention either. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals Organization: Linux Unlimited Message-ID: References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <111f3do1s75pq36@corp.supernews.com> <111f6t7m4ed2q8d@corp.supernews.com> NNTP-Posting-Host: rapun.sel.cam.ac.uk Originator: chiark.greenend.org.uk ([193.201.200.170]) Date: 19 Feb 2005 22:15:58 +0000 (GMT) From: Ben Harris Subject: Re: Line draw in PuTTY In article <111f6t7m4ed2q8d@corp.supernews.com>, Thomas Dickey wrote: > > The comment about ENQ has been obsolete for several years: > http://invisible-island.net/xterm/xterm.log.html#xterm_90 Removed. We blame [B] (source of much useful but horrid code, and very few accurate comments). > The documentation refers to titlebar sequences being supported > by DECterm, but not xterm (xterm recognizes ST as well as BEL). Where? The only mention of DECterm in doc/*.but is in the FAQ, which merely states that DECterm's title-changing sequences are different from xterm's (which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses OSC 21 ; Ps ST). > The comment for CBT is misleading - a cursor control sequence which > is standard, versus a reference to the kcbt string emitted by xterm. Fixed. Blame [B] again. > swap_screen - not exactly. Blame the existing usage that doesn't > allow for a stack in things like save-cursor, alternate-screen, etc. PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities on xterm. Xterm is free to pass the buck if it wants. > xterm-style bright foreground/background (see ctlseqs.ms - that's > borrowed from aixterm, and is not actually "bright" colors). Fixed. If they're not actually bright colours, what are they? The aixterm documentation I've been able to find is singularly unhelpful in this area. -- Ben Harris .............................................................................. Newsgroups: comp.terminals Organization: RadixNet Internet Services Message-ID: <111fsf5p44sut8a@corp.supernews.com> References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <111f3do1s75pq36@corp.supernews.com> <111f6t7m4ed2q8d@corp.supernews.com> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) Date: Sun, 20 Feb 2005 02:11:49 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Ben Harris wrote: >> >> The documentation refers to titlebar sequences being supported >> by DECterm, but not xterm (xterm recognizes ST as well as BEL). > Where? The only mention of DECterm in doc/*.but is in the FAQ, which merely > states that DECterm's title-changing sequences are different from xterm's > (which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses > OSC 21 ; Ps ST). ok - hadn't considered that. >> swap_screen - not exactly. Blame the existing usage that doesn't >> allow for a stack in things like save-cursor, alternate-screen, etc. > PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities > on xterm. Xterm is free to pass the buck if it wants. 1047/1048 are identical to the 47 (except that they can be disabled easily). 1049's simply a nicer packaging of the two. Either way, they're still used in the same context as 47, and subject to the same limitations vis subprocesses reinitializing the screen. >> xterm-style bright foreground/background (see ctlseqs.ms - that's >> borrowed from aixterm, and is not actually "bright" colors). > Fixed. If they're not actually bright colours, what are they? The aixterm > documentation I've been able to find is singularly unhelpful in this area. 16 distinct colors (the values of which are of course set by resources). -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: WOMUMP Date: 23 Feb 2005 18:12:33 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Dave Lindquist writes: >I've a weird but with Putty, xterm, and just about anything else I've tried >for terminal programs. > >If you resize the window of the terminal manually, everything works >perfectly -- the new size of the window (chars x chars) is communicated >properly to the other end, and line-wrapping works perfectly. > >However, if you maximize the window, something different happens. ncurses >apps, etc all recognize the new size and use it, but the Linux (Gentoo) >command prompt still tries to wrap at the wrong column (the original width >before being maximized). PuTTY (0.57) appears to be sending the appropriate window-size message for the protocol regardless of how the window is resized. There's a common problem where the SSH server (or whatever) only sends a window size change notification (SIGWINCH) to the foreground process, so if you resize while another process is running, and then exit that process, the shell doesn't notice that the window size has changed. Running "kill -WINCH $$" will then cause the bash shell to notice what has happened. I can reproduce this on Debian woody with bash as my shell and lynx in the foreground, whether I resize by maximising or by changing the window size, over SSH and Telnet protocols. .............................................................................. Newsgroups: comp.terminals References: Message-ID: <111pidqplklhgd7@corp.supernews.com> Date: Wed, 23 Feb 2005 18:21:46 -0000 From: Thomas Dickey Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Jacob Nevins wrote: > > I can reproduce this on Debian woody with bash as my shell and lynx in > the foreground, whether I resize by maximising or by changing the window > size, over SSH and Telnet protocols. But lynx doesn't resize dynamically, so (unless you're pressing ^R to update the display), you won't be able to test that. That's done to limit network activity, etc. Most text editors will resize dynamically - that's a better test. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <111pidqplklhgd7@corp.supernews.com> Message-ID: Organization: WOMUMP Date: 23 Feb 2005 19:51:48 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Thomas Dickey writes: > >Jacob Nevins wrote: >> >> I can reproduce this on Debian woody with bash as my shell and lynx in >> the foreground, whether I resize by maximising or by changing the window >> size, over SSH and Telnet protocols. > >But lynx doesn't resize dynamically, so (unless you're pressing ^R to update >the display), you won't be able to test that. That's done to limit network >activity, etc. Since I'm demonstrating a problem with the shell, what the foreground process does should be immaterial. But, just for you, I reproduced it with vim too. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: host70-69.pool8255.interbusiness.it [82.55.69.70] NNTP-Posting-Date: Sun, 27 Feb 2005 14:15:23 MET References: Message-ID: Date: Sun, 27 Feb 2005 13:15:23 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Jacob Nevins wrote: > > The reason why this only started to be a problem in 0.54 is because > "screen" typically uses an unusual control sequence to switch to the > alternate screen, and previous versions of PuTTY did not support > this sequence. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#QA.7.19 OK, I disabled alternate screen and now I got scrollback history. When I'm attacched on screen and I exit from vi I see text inside on the screen, I like alternate screen but I think this is a good solution, but.. when I'm not attacched to screen I have screen *cleared* when exit from vi (or less).. I do not like this behaviour so much.. Thanks, Pierluigi. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: Message-ID: <1123l2ihbmv7h8c@corp.supernews.com> Date: Sun, 27 Feb 2005 14:08:18 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > ok, I disabled alternate screen and now I got scrollback history. > When I'm attacched on screen and I exit from vi I see text inside on the > screen, I like alternate screen but I think this is a good solution, > but.. when I'm not attacched to screen I have screen *cleared* when exit > from vi (or less).. I do not like this behaviour so much.. > Thanks, Pierluigi. That could still be related to the alternate screen. For example, infocmp's output (looking at xterm-r6), rmcup=\E[2J\E[?47l\E8, smcup=\E7\E[?47h, For this example, smcup saves the cursor position (assumed to be in the normal screen) and switches to the alternate screen. The rmcup string is emitted by vi on exit. It clears the screen, switches back from the alternate screen and restores the cursor position. Simply disabling the \E[?47l and \E[?47h (switch between normal/alternate) won't affect the clearing with \E[2J. Modern xterm implements escape sequences which combine all of those pieces into a single escape sequence which can be suppressed. Running in "screen", there are two $TERM values to take into account: the one for screen (which as noted, does use the modern \E[?1049l), and the external one (which could be rxvt, for instance--uses strings like xterm-r6). rxvt doesn't implement that, BTW, though some other emulators have done so. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.53.30.78 NNTP-Posting-Date: Sun, 27 Feb 2005 16:54:06 MET References: <1123l2ihbmv7h8c@corp.supernews.com> Message-ID: Organization: TIN Date: Sun, 27 Feb 2005 15:54:06 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > > That could still be related to the alternate screen. For example, > infocmp's output (looking at xterm-r6), ... > > Running in "screen", there are two $TERM values to take into account: the > one for screen (which as noted, does use the modern \E[?1049l), and the > external one (which could be rxvt, for instance--uses strings like xterm-r6). > rxvt doesn't implement that, BTW, though some other emulators have done so. Thank's a lot Thomas Dickey, I'm sorry, but I do not understand so much.. is this a solution or an explanation of the problem? Perhaps my english is not so good :( My question now is: Can I use alternate screen (I found it very usefull) and say, in some way, to PuTTY to disable it only when it's called by screen? (so I don't lose scrollback history) Someone has had this problem before? Regards, Pierluigi. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> Message-ID: <1124424qr0o6e19@corp.supernews.com> Date: Sun, 27 Feb 2005 18:24:04 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > Thank's a lot Thomas Dickey, > I'm sorry, but I do not understand so much.. is this a solution or an > explanation of the problem? Perhaps my english is not so good :( Mostly an explanation. Before running screen, what is $TERM set to? And what does infocmp show at that point? My guess is that it shows strings something like I indicated. (The "putty" terminfo entry which I have in ncurses does this, but I thought it unlikely that you are using that, since PuTTY defaults to setting TERM to "xterm"). If my guess is correct, you can fix that problem by changing the terminfo entry which is set (either by modifying the terminfo entry-- a reasonably good idea if it is "putty"), or choosing one which is closer (that's a little harder to advise). > My question now is: > Can I use alternate screen (I found it very usefull) and say, in some > way, to PuTTY to disable it only when it's called by screen? (so I don't > lose scrollback history) I don't think so. When screen first starts up, it uses the original $TERM's value to initialize the display. So it's no different from other applications in that aspect. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.55.87.133 NNTP-Posting-Date: Sun, 27 Feb 2005 21:35:04 MET References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> Message-ID: Date: Sun, 27 Feb 2005 20:35:04 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > Pierluigi Di Lorenzo wrote: > >>Thank's a lot Thomas Dickey, >>I'm sorry, but I do not understand so much.. is this a solution or an >>explanation of the problem? Perhaps my english is not so good :( > > > Mostly an explanation. Before running screen, what is $TERM set to? > And what does infocmp show at that point? My guess is that it shows > strings something like I indicated. (The "putty" terminfo entry which > I have in ncurses does this, but I thought it unlikely that you are > using that, since PuTTY defaults to setting "xterm"). ah OK, yes you were right, before running screen $TERM is set to "xterm", rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h. Attached to screen $TERM is set to screen, rmcup=\E[?1049l and smcup=\E[?1049h > If my guess is correct, you can fix that problem by changing the > terminfo entry which is set (either by modifying the terminfo entry - > a reasonably good idea if it is "putty"), or choosing one which is > closer (that's a little harder to advise). mmm.. can you explain me better this last thing please? I have no idea what rmcup and smcup means.. Thank's a lot, Pierluigi. > > >>My question now is: >>Can I use alternate screen (I found it very usefull) and say, in some >>way, to PuTTY to disable it only when it's called by screen? (so I don't >>loose scrollback history) > > > I don't think so - when screen first starts up, it uses the original $TERM's > value to initialize the display. So it's no different from other applications > in that aspect. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> Message-ID: <1124dpgmnu60gfe@corp.supernews.com> Date: Sun, 27 Feb 2005 21:10:08 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > > ah OK, yes you was right, before running screen $TERM is set to xterm, > rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h. > Attached to screen $TERM is set to screen, rmcup=\E[?1049l and > smcup=\E[?1049h Yes. Checking the history for ncurses' terminfo.src, I see that screen 3.9.13 added the 1049 code (and I added the corresponding change to ncurses in late 2002). xterm's terminfo generally has been the same as xterm-r6, since that's been the default install for ncurses. Most of the Linux distributors modify that (no two alike, I think ;-). >> If my guess is correct, you can fix that problem by changing the >> terminfo entry which is set (either by modifying the terminfo entry - >> a reasonably good idea if it is "putty"), or choosing one which is >> closer (that's a little harder to advise). >> closer (that's a little harder to advise). > mmm.. can you explain me better this last thing please? I have no idea > what rmcup and smcup means.. They're mentioned in the (long) terminfo manpage, and are abbreviations, e.g., reset-mode-cursor-positioning and set-mode-cursor-positioning. Few terminals actually require those particular strings, but by convention, xterm's alternate-screen strings are there (because they're sent at the right time to be useful). The corresponding termcap names are ti and te (terminal initialize, terminal end). xterm has a resource "titeInhibit" which deals with this. Anyway--you're using putty which does support the 1049 code. I'd set putty to make $TERM set to "putty", and then modify the putty terminfo entry to use the 1049 codes: use infocmp to get a text of the terminfo entry, replace the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run tic to update it. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.57.4.29 NNTP-Posting-Date: Sun, 27 Feb 2005 23:14:23 MET References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> <1124dpgmnu60gfe@corp.supernews.com> Message-ID: <3DrUd.972836$35.36315390@news4.tin.it> Organization: TIN Date: Sun, 27 Feb 2005 22:14:23 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > > Anyway--you're using putty which does support the 1049 code. I'd set putty > to make $TERM set to "putty", and then modify the putty terminfo entry to > use the 1049 codes: use infocmp to get a text of the terminfo entry, replace > the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run > tic to update it. > OK, what file I have to edit to change values on binary file /usr/share/terminfo/p/putty? (I hope I understand well..) Thank's again, please be patient -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com>