TTSSH: An SSH Extension to Teraterm By Robert O'Callahan (roc+tt@cs.cmu.edu) What TTSSH Is TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free and its source is available too. Furthermore, TTSSH has been developed entirely in Australia, and can be exported from here to anywhere in the world (apart from places where people aren't allowed to own cryptographic software at all :-( ). To be more precise, the current version of TTSSH (1.4) includes the following features: * Compatible with SSH protocol version 1.5 * Ciphers: 3DES, IDEA, Blowfish, DES, RC4 * Server authentication using the ssh_known_hosts database (including the option of adding a server's key to the database) * Authentication using password, RSA, rhosts and rhosts+RSA * Compression support * Connection forwarding, including full support for X connection forwarding Note that TTSSH is just an SSH client and does not include any other SSH tools (scp, ssh-keygen, ssh-agent, etc). Furthermore, because it's tied into Teraterm, it's only suitable for interactive use. For non-interactive uses such as interprocess communication, you want a straight port of the Unix client. What's New * December 7, 1998: TTSSH 1.4 released! I've fixed most of the known bugs, added proper support for X forwarding and UI for all the forwarding options, and added a couple of other doodads ("/ssh-autologin" option, in particular --- see the documentation page for details. * November 3, 1998: A lot of people have been asking me when TTSSH will support SSH 2.x. Unfortunately SSH 2.x is a very big, complex protocol and looks a lot of work to implement from scratch. Also, it looks like it will be hard to integrate all its features into Teraterm without significantly modifying the design of the main Teraterm application. There's no way I'll have enough time overseas in the foreseeable future to undertake this project, sorry. I hope there are other people with more time and freedom... * July 7, 1998, version 1.3: An overseas friend (thanks jch!) was able to insert the CORE-SDI patch to guard against the SSH insertion attack. At the same time he fixed a few bugs. Download now! Note that, due to an oversight, the version number in the file was not updated. To check the version, note that TTXSSH.DLL version 1.3 is 158,208 bytes long. * June 24, 1998: I finally wrote some documentation. * June 24, 1998: I'd just like to remind everyone that I cannot fix any bugs at this time, because I will not jeopardize the worldwide distribution of TTSSH by touching the code while I'm in the United States. (I'd also like to avoid prosecution and/or deportation.) * June 24, 1998: To work around a bug that prevents TTSSH from seeing when a new configuration file is specified by the "/F" option, I have created a new version of TTSSH.EXE. See the documentation page for details. * June 6, 1998, version 1.2: Connection forwarding added and a few bugs fixed. Since I'm returning to the USA tomorrow, this will be the last release for several months unless an overseas maintainer is found. * June 3, 1998, version 1.1: RSA, rhosts, rhosts+RSA support added. Default authentication options dialog box added. ttxssh.exe added. Numerous bugs fixed (thanks DK). * June 1, 1998, version 1.02: Another bug fix. Non-SSH sessions used to crash at the end of the session. * June 1, 1998, version 1.01: Oops! I released the debug version by mistake and it didn't work for many people. Replaced it with the correct release version. * May 20, 1998, version 1.0: Initial release. How to Obtain and Install TTSSH Currently TTSSH is only available for Win32 platforms (Windows 95 and NT). Support for Windows 3.1 is plausible but I don't have the tools to build it. Perhaps someone will be able to help with this. Furthermore, it's only available for Intel platforms. Again, I don't have the tools to compile it anywhere else, and someone else may be able to help. The following instructions will also serve to update an old version of TTSSH. Just say "yes" whenever it asks to overwrite a file. 1. Download and install Teraterm 2.3 if you haven't already. 2. Download the TTSSH software package. 3. Unzip it into the directory where you've already installed Teraterm 2.3. This will create files LIBEAY32.DLL, TTXSSH.DLL and TTSSH.EXE. 4. Run "TTSSH.EXE" and the extension should be available. You should see a new "SSH" option in the "New Connection" dialog box and new menu items "Setup / SSH...", "Setup / SSH Authentication..." and "Help / About TTSSH...". 5. IMPORTANT NOTE: If you are in a country where the RSA patent applies (such as the USA), then you may need to obtain a special version of LIBEAY32.DLL that has been modified to use their implementation, if you want to be legally squeaky clean. This version of LIBEAY32.DLL can be downloaded from a US crypto site if you are a US or Canadian citizen in the US or Canada; see the downloads page for details. How to Use TTSSH There is now a TTSSH documentation page. What the Government Wants You to Know This code contains cryptographic software covered by US ITAR regulations and by the laws of various countries. Its distribution and use may be restricted by these laws and regulations. In particular, it is probably illegal to make this code publically available at a US site. When in the US (and possible in some other places) you may need to use the RSAREF-based LIBEAY32. This is discussed further in the installation section above. What I Want You to Know All the usual free software legalese applies. There are no warranties of any kind. The software is provided entirely "as is", and use is entirely at the discretion and risk of the user. Enjoy! Who to Thank * This code started with Ian Goldberg's Top Gun SSH for the Pilot. * It makes use of Eric Young's cryptographic library, taken from SSLeay 0.8.1. His copyright notice is included as LIBEAY.TXT. The LIBEAY32 used by TTXSSH is a plain "out-of-the-box" build. * This code uses the GNU zlib library (version 1.0.4). That library is (C) 1995-1996 Jean-loup Gailly and Mark Adler. * The TTSSH 1.3 upgrade was done by Jonathan Hardwick, zephyr prince. * Finally, this would not have been possible without the cooperation of T. Teranishi. Many thanks! What to Do about Bugs TTSSH has been tested in Windows 95 and NT 4.0. Mileage with other platforms may vary, but I'm interested in getting bug reports. Known bugs: * If you connect to a host, then disconnect, then quickly try to reconnect to the same host, there is about a 1 in 500 chance that the reconnection will fail (in which case you should just try again). This is because we try to allocate a privileged port between 512 and 1024 for the socket to make rhosts authentication possible. Unfortunately, if some other socket is in a TIME_WAIT state (i.e. closure in progress) then we may successfully 'bind' to the same port but then 'connect' will fail, complaining that the port is already in use. This only happens when we try to connect to the same host that the other socket was connected too. Weird, eh? We try random ports to try to prevent this from happening too much. If rhosts is not needed, all this stuff can be disabled; see the documentation. * Sometimes the remote host will disconnect and the window will not close even if you've specified "close window on disconnect". This happens when a dialog box or message box is showing when the disconnect is detected. This is actually a Teraterm "feature", and there's nothing I can do about it. * Using multiple extensions at once (e.g. having SSH and SSL installed at the same time) does not work. What the Terms and Conditions are Redistribution and use in binary forms, without modification, are permitted provided that the following conditions are met: * Redistributions must contain the file ttxssh.dll, unmodified. * The conditions of the contributors must be met. In particular, if libeay32.dll is included, then libeay.txt must be included and its conditions followed. Note that the terms for the source package are a bit looser, so if you build your own version of TTSSH then things are a bit more flexible. Also note that the README.TXT in ttssh14.zip is slightly out of date with respect to the terms and conditions. The conditions here are correct. Robert O'Callahan