13-APR-1999
This directory contains the sources for a crude SSH server for VMS.  Some
local customization may be needed to build and install this program.

Requirements:
	OpenVMS 6.2 or higher.
	DEC C compiler, 5.4 or higher.
        DEC TCP/IP Services for OpenVMS (UCX) or Multinet with UCX emulation.
	OpenSSL 0.9.2b or SLeay 0.8.1, with patch to support RSA_NO_PADDING.
	   (do not use RSAREF option with SSLeay/OpenSSL, it DOES NOT WORK)
	   (SSLeay is available from http://www.free.lp.se/ssleay/).
   (optional):
	DECnet (for SSH 'command' mode when not using initiator program).

Building:
   First edit ssl_location.mms and change the lines that begin "!ssllib =" and
   "!sslinc =", removing the "!" and making the values reflect the correct
   directories for your SSLeay installation.

   Use one of the following commands to build the executables:

        $ MMS all
	$ @build_ssh_server.com

   There are 6 executables and 1 shareable image produced by the build:

	SSH_SERVER.EXE		Main server, runs in detached process and
				accepts multiple incoming SSH connections via
				DECthreads multi-threading.

	RSA_ENGINE.EXE		Runs in sub-process created by SSH_SERVER
				and handles the computationally intensive
				RSA decryption used to exchange the session
				key.

	KEY_GENERATOR.EXE	Runs in sub-process created by SSH_SERVER
				and handles periodic generation of new
				RSA server key (skey.pem).

	INITIATOR.EXE		Runs in sub-process created by SSH_SERVER and
				handles creating the login processes (under 
				client's username) for client connections.

	SETHOST_SSH.EXE		Primitive client program for exercising SSH 
				server when other client's aren't available.

	SSH_LOGINOUT.EXE	Program run by user processes to mimic
				normal loginout reporting (last login, newmail,
				etc).  To work properly, this program must be
				installed with sysprv.

	SSHCRYPTOSHR.EXE	Shareable image that provides the common 
				cryptographics routines (SSLeay) used by
				4 of the executable images.

Installation:

   First, you must generate 2 RSA private keys, each in a separate key 
   file: skey.pem and hkey.pem.  Invoking the ssh_server_startup.com
   procedure with a P1 value of "INITIAL_KEY" will generate these key files.
   You can alternatively generate the files using the genrsa application
   provided with SSLeay with the following restrictions:
      - The key lengths must differ by 256 or more bits (e.g. 768, 1024).  
      - The files must be in PEM format and must NOT be password protected.
   Protect the key files against access from non-privileged users.

   Copy the SSHEXEC.COM command procedure to the same directory as the
   login file pointed to by the sys$sylogin logical and make world readable.

   Edit ssh_parameters.dat so the parameter file lines host_key and
   server_key point to the pem files created in the previous step.

   Test the server by invoking ssh_server_startup.com with a P1 value of
   "TEST" (i.e. "$ @ssh_server_startup test").  In test mode, the server
   is run interactively rather than creating a detached process to run
   the server.

   Modify your system startup procedures to invoke ssh_server_startup
   during boot and install ssh_loginout.exe with sysprv.

   Edit your system's sys$sylogin procedure to include ssh_login.com
   so that logins via SSH mimic the informational displays of a conventional 
   login.  This step is mandatory for X11 support to function properly.

Notes and caveats:
   If you are running UCX 4.1, be sure you have are at least eco 7, there
   are bugs in earlier version that cause corrupted packets.

   The sethost_ssh program is provided to aid in server testing only.

   The only cipher types supported are none, idea, des, 3des, RC4, and
   blowfish.  By default all ciphers are but none are enabled, you can exit
   the parameters file to change the ilst of allowed ciphers.

   The only authentication types supported are password and RSA.  The user 
   password must match the SYSUAF entry.

   X-11 tunneling is supported but has serious security considerations.
   Any logged in VMS user may connect to the X11 server being proxied through
   the SSH connection.

   There are three methods by which the SSH server creates user processes
   in response to a new request, which is used depends upon the parameter
   file options chosen:

      1. Via the initiator helper program, run as a sub-process of the
         server process.  This method will be used if the parameter file
         contains a definition for the initiator parameter.

      2. Via DECnet task (SSHEXEC), used for 'command' (non-PTY) mode.
         This method uses username and password in the DECnet access control
         string to run the task as the target user and can therefore only
         be used with password authentication (no RSA).

      3. Via latent login to a pseudo-terminal (PDT), capturing "Username: "
         and "Password: " prompts and responding appropriately.  This method
         too is limited to password authentication only.  Note that if your 
         system does not use these prompts, you will have to edit cport_pty.c
         to look for the right strings.

   The PTY's for 'shell' mode are created with default terminal characteristics
   set by SYSGEN parameters TTY_DEFCHAR and TTY_DEFCHAR2 plus any changes
   specified in the parameters file.  The screen size (rows, columns) and 
   echo state specified in the ssh PTY request are the only client-specified 
   parameters observed.

   Window_size requests send during interactive phase are ignored.

   Do not set the PTY /nohostsync.  The PTY control routines disable input
   when the typeahead buffer is full and if /nohostsync is set the terminal 
   will never get a signal to resume input.

   If the typeahead buffer on the PTY fills, control-Ys sent by the client
   will sit in the TCP stream until all pending input is read.

   The sethost_ssh program sets the local terminal /pasthru/noecho.  If the
   program crashes without executing the exit handler, the terminal may
   be left in this state.  Since /pasthru inhibits control-Y from 
   interrupting the program, it uses control-\ as an escape character, forcing
   immediate exit of the program.

-------------------------------------------------------------------------------
David L. Jones               |      Phone:    (614) 292-6929
Ohio State University        |      Internet:
140 W. 19th St. Rm. 231a     |               jonesd@kcgl1.eng.ohio-state.edu
Columbus, OH 43210           |               vman+@osu.edu