News about Secure Shell/SSH clients and servers

(PuTTY and TeraTerm/SSH included)

 //////////////////////////////////////////////////////////////////////////////

2005-04-04

The second edition of this O'Reilly book is nearing publication:
"SSH, The Secure Shell: The Definitive Guide".

    http://www.oreilly.com/catalog/sshtdg2/

2005-04-20

The website associated with the SSH:TDG book is now online.

    http://www.snailbook.com/index.html

 //////////////////////////////////////////////////////////////////////////////

2003-11-16

In practice, most implementations of the telnet protocol do not contain
an encryption mechanism for passwords.  Some simple needs for security
can be satisfied by an SSH "secure shell" connection.  However, any
enterprise requiring large communication deployments probably needs
a more heavy-duty technology.  (One question of interest may be this:
"If an evil-doer steals a notebook computer containing all of a user's
SSH authentication keys, and starts using them, what do we do?"

One well known and widely available security technology is Kerberos,
which was developed at MIT in concert with a consortium of vendors. 
Centralized administration of access is easier with Kerberos than with
the individualistic SSH protocol.  See:

    "Kerberos Page"
    http://web.mit.edu/kerberos/www/

Sun Microsystems provides a full Kerberos implementation in its SEAM
(Sun Enterprise Authentication Mechanism) package for Solaris 8 and 9. 
It interoperates OK with Microsoft Windows 2000.

    http://wwws.sun.com/software/download/security.html
    http://wwws.sun.com/software/security/kerberos/ 

Hewlett-Packard has Kerberos software for OpenVMS and for HP-UX:

    http://www.hp.com/security/
    http://www.hp.com/products1/unix/operating/security/index.html#system
    http://h71000.www7.hp.com/openvms/products/kerberos/

IBM has Kerberos implementations for several of its product lines:

    http://www.ibm.com/security/
    http://www6.software.ibm.com/devcon/devcon/docs/kerb0401.htm
    http://www-1.ibm.com/servers/eserver/zseries/zos/commserver/kerberos.html
    http://www-1.ibm.com/mediumbusiness/pdf/Security28.pdf

 ..............................................................................

But perhaps SSH is appropriate for your use.

For information on the commercial SSH product, see:

    http://www.ssh.fi/

An open-source implementation, OpenSSH, can be found at

    http://www.openssh.org/

A slightly dated list of SSH and Secure Shell Resources may be seen at:

    http://www.massconfusion.com/ssh/ssh_resources.html

A circa-1997 SSH FAQ resides at

    http://ns.uoregon.edu/pgpssh/sshfaq/index.html

A better FAQ (as of 2006) center around the open-source OpenSSH:

    http://www.openssh.org/faq.html

There is available information on troubleshooting connections:

    http://www.employees.org/~satch/ssh/faq/ssh-faq-7.html

(But beware the short-password problem in old commercial SSH releases:
    http://www.theregister.co.uk/content/55/20594.html)

Alas, during 2002, a vulnerability was found in certain releases of the
OpenSSH package.  See:

    http://www.cert.org/advisories/CA-2002-18.html

 //////////////////////////////////////////////////////////////////////////////

In 2005, the IETF working group establishing a standard for Secure Shell 
connections had information at:

    http://www.ietf.org/html.charters/secsh-charter.html
and
    ftp://ftp.ietf.org/ietf-mail-archive/secsh/

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


More recently, these standards documents have become avaialable:

    http://www.ietf.org/iesg/1rfc_index.txt


4250 The Secure Shell (SSH) Protocol Assigned Numbers. S. Lehtinen, C.
     Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes) (Status:
     PROPOSED STANDARD)

4251 The Secure Shell (SSH) Protocol Architecture. T. Ylonen, C.
     Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes) (Status:
     PROPOSED STANDARD)

4252 The Secure Shell (SSH) Authentication Protocol. T. Ylonen, C.
     Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes) (Status:
     PROPOSED STANDARD)

4253 The Secure Shell (SSH) Transport Layer Protocol. T. Ylonen, C.
     Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes) (Status:
     PROPOSED STANDARD)

4254 The Secure Shell (SSH) Connection Protocol. T. Ylonen, C.
     Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes) (Status:
     PROPOSED STANDARD)

4255 Using DNS to Securely Publish Secure Shell (SSH) Key
     Fingerprints. J. Schlyter, W. Griffin. January 2006. (Format:
     TXT=18399 bytes) (Status: PROPOSED STANDARD)

4256 Generic Message Exchange Authentication for the Secure Shell
     Protocol (SSH). F. Cusack, M. Forssen. January 2006. (Format:
     TXT=24728 bytes) (Status: PROPOSED STANDARD)


4335 The Secure Shell (SSH) Session Channel Break Extension. J.
     Galbraith, P. Remaker. January 2006. (Format: TXT=11370 bytes)
     (Status: PROPOSED STANDARD)

4344 The Secure Shell (SSH) Transport Layer Encryption Modes. M.
     Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521
     bytes) (Status: PROPOSED STANDARD)

4345 Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer
     Protocol. B. Harris. January 2006. (Format: TXT=8967 bytes) (Status:
     PROPOSED STANDARD)

4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH)
     Transport Layer Protocol. M. Friedl, N. Provos, W. Simpson. March
     2006. (Format: TXT=18356 bytes) (Status: PROPOSED STANDARD)

4432 RSA Key Exchange for the Secure Shell (SSH) Transport Layer
     Protocol. B. Harris. March 2006. (Format: TXT=16077 bytes) (Status:
     PROPOSED STANDARD)

4462 Generic Security Service Application Program Interface (GSS-API)
     Authentication and Key Exchange for the Secure Shell (SSH) Protocol.
     J. Hutzelman, J. Salowey, J. Galbraith, V. Welch. May 2006. (Format:
     TXT=65280 bytes) (Status: PROPOSED STANDARD)

4716 The Secure Shell (SSH) Public Key File Format. J. Galbraith, R.
     Thayer. November 2006. (Format: TXT=18395 bytes) (Status:
     INFORMATIONAL)

4742 Using the NETCONF Configuration Protocol over Secure SHell (SSH).
     M. Wasserman, T. Goddard. December 2006. (Format: TXT=17807 bytes)
     (Status: PROPOSED STANDARD)

4819 Secure Shell Public Key Subsystem. J. Galbraith, J. Van Dyke, J.
     Bright. March 2007. (Format: TXT=32794 bytes) (Status: PROPOSED
     STANDARD)

 //////////////////////////////////////////////////////////////////////////////

Sun's Solaris 9 operating environment incorporated a Sun-supported package
"Secure Shell" on CD 1, which is based on release 2.5.1p1 of OpenSSH; the
version shipped with Solaris 9 (SSH-2.0_Sun_SSH_1.0) included enhancements
made by Sun.  Sun added BSM (auditing) support, proxy commands, L10N/I18N
support, and configurable login attempts. Also, TCP wrappers were compiled
and the ssh-keygen command was set to create an RSA key by default.

    http://wwws.sun.com/software/whitepapers/solaris9/secureaccess.pdf
    http://docs.sun.com/?q=ssh&p=prod%2Fsolaris.9

For earlier Solaris releases, Sun does not support any SSH product;
however, the third-party SSH product is available with support from 
SSH Communications Security Oyj. of Finland:

    http://www.ssh.fi/

There is also the open-source OpenSSH.  The following BluePrint documents
tell how to configure OpenSSH under Solaris 2.6, Solaris 7, and Solaris 8.

    http://www.sun.com/blueprints/0103/817-1307.pdf
    http://www.sun.com/blueprints/0701/openSSH.pdf
    http://www.sun.com/blueprints/0102/configssh.pdf

And advice is available from other non-Sun sources:

    http://www.bolthole.com/solaris/companioncd.html
    http://www.sunfreeware.com/openssh8.html

Sun's BSM patches have been donated back to the OpenSSH developers:

    http://bugzilla.mindrot.org/show_bug.cgi?id=2

If, using Solaris 9's Secure Shell to connect to commercial SSH, you see a
session error like "Dispatch protocol error: type 2", you are experiencing
a problem inherited from the original open-source code.  Until a fix is
announced by Sun, see:

    http://www.openssh.com/faq.html#2.4

For enterprises that wish to lift the burden of security configuration from
the individual users and rely more on a centralized support staff, IPsec
should be preferred over Secure Shell:

    http://wwws.sun.com/software/whitepapers/solaris9/ipsec.pdf

IPsec provides security at the Network layer, rather than in the
Transport layer.  IPsec passes UDP packets, which SSH does not,
and IPsec may be used to construct VPNs between consenting equipment.

    #

 ..............................................................................

If, during connection attempts using the OpenSSH client, you are seeing
an error message like this:

    no matching comp found: client zlib server none

you may be able to work around the problem by turning off compression in
the session.  Compression may be configured to a default of "no" in either

    /etc/ssh_config
or
    ~/.ssh/config

Compression may be turned back on for a given connection with the command-line
switch of "-C" (uppercase).

 //////////////////////////////////////////////////////////////////////////////

What most people call the "SFTP" protocol, as in "Secure FTP", is
a file-transfer shim laid over the Secure Shell protocol--the same
fundamental SSH protocol that most people now use for interactive
keyboard sessions instead of good old telnet.  Both SSH interactive
sessions and SFTP file-transfer sessions operate over TCP port 22.

Another protocol of similar intent, if not as wide use, is 
"FTP over TLS/SSL", on TCP ports 989 (data) and 990 (control). 

I think that the OpenBSD Project claims to have produced the open-source
"sftp" program.  Here is the client "man" page:

    http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1

See also "sftp-server" man page:

    http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8

Cygwin produced an equivalent command-line SFTP.EXE program for Windows:

    http://www.cygwin.com/

Yes, PuTTY fans, Simon Tatham includes a basic PSFTP utility for Windows.

    http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter6.html#psftp


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.sys.sun.admin,comp.security.ssh
Message-ID: <help-20031210150001@helpful.aq>
Date: Wed, 10 Dec 2003 15:00:01 -0500
From: "Helpful Observer" <observer@helpful.aq>
Subject: Solaris 9 Secure Shell connection logging

Under Solaris 9, using the included Solaris Secure Shell,  
I wanted to log connections, so I did this (as root):

    # cat > /etc/ssh/sshrc
    /usr/bin/logger -p daemon.notice -t 'sshd' "$USER connected $SSH_CLIENT."
    ^D
    # chgrp sys /etc/ssh/sshrc
    # chmod 755 /etc/ssh/sshrc

In systems using the open-source OpenSSH, the corresponding file is

    /etc/sshrc
    
--
H.O.

 ..............................................................................

Newsgroups: comp.sys.sun.admin,comp.security.ssh
Message-ID: <help-20031213093512@helpful.aq>
Date: Sat, 13 Dec 2003 09:35:12 -0500
From: "Helpful Observer" <observer@helpful.aq>
Subject: Re: Solaris 9 Secure Shell connection logging

"Helpful Observer" wrote:
>
> Under Solaris 9, using the included Solaris Secure Shell,
> I wanted to log connections, so I did this (as root)...
    
Neil W Rickert replied:
>
> On my reading of the man pages, that breaks X-forwarding.
    
Darren Tucker replied:
> 
> OpenSSH already logs this kind of info to wherever you point
> its syslog to, see the SyslogFacility and LegLevel config options.

 
OK, thank you for pointing this out.  The target environment
does not presently require X forwarding, but to prevent future
difficulties, logging will be this way:

With the following in /etc/ssh/sshd_config:

    # Syslog facility and level
    SyslogFacility auth
    LogLevel info
 
inserting the following line into /etc/syslog.conf:
    
    auth.info      /var/adm/auth.log
      
doing:
    
    # touch /var/adm/auth.log
    # chgrp sys /var/adm/auth.log
    # chmod 644 /var/adm/auth.log
    
and doing:
  
    # /etc/init.d/syslog stop
    # /etc/init.d/syslog start

-- 
H.O.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
References: <gJLR8.1895$eH2.1003459@ruti.visi.com>
Message-ID: <m1lbsa0ovv6.fsf@syrinx.oankali.net>
Organization: Primus Canada
Date: 24 Jun 2002 23:55:25 -0400
From: Richard E. Silverman <slade@shore.net>
Subject: Re: ssh 1.5 and cisco

There are known security weaknesses with SSH-1; however, none of them are
so bad that it would be better to stick with Telnet instead...

--
  Richard Silverman
  slade@shore.net

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <3fbbf859@buckaroo.cs.rit.edu>
References: <98c767fe.0311180204.62c1d3dc@posting.google.com>
    <3fba15d2$1@buckaroo.cs.rit.edu>
    <Qwxub.125598$sd5.16842115@twister.columbus.rr.com>
Organization: RIT, Department of Computer Science
Date: Wed, 19 Nov 2003 18:07:30 -0500
From: Carl Holtje <cwh0803@cs.rit.edu>
Subject: Re: SSHv1 vs SSHv2

Here's a small collection of some deadly vulnerabilities of SSHv1:

  http://www.kb.cert.org/vuls/id/684820

  http://www.kb.cert.org/vuls/id/850440

  http://www.kb.cert.org/vuls/id/19124

More can be found, along with a bunch of other nifty insights into SSH 
at http://www.cert.org/ with a search of 'SSH v1'...

The short of these is that SSHv1 is not as secure as you'd like, and 
SSHv2+ is; so don't use v1.. :)

Enjoy..

Carl

 //////////////////////////////////////////////////////////////////////////////

An SSH problem perhaps worse in theory than in practice:

    http://www.kb.cert.org/vuls/id/958563

(Note "bits", not "bytes".)

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals
Message-ID: <20020323165940.3560.qmail@gacracker.org>
Organization: mail2news@dizum.com
Date: 23 Mar 2002 16:59:40 -0000
From: Mach <mach@redneck.gacracker.org>
Subject: Bare bones ssh for Windows

Windows comes with an application named telnet that does a fair
job of emulating a terminal, but a very poor job of securing a
session. In fact, only a fool would use telnet in today's hostile
networked world.

Instead, most people use secure shell (ssh) to provide encrypted
telnet sessions that keep prying eyes at bay. Unfortunately,
Microsoft does not yet bundle ssh with Windows. They leave it up
to you to find your own ssh app for Windows.

Lots of ssh apps exist, but, from my perspective, they do ugly
things like sparsely install files all over a file system, muck
with the registry, and upgrade Dynamic Link Libraries (DLLs).

I like to keep things simple by using a command line unix / MSDOS
installation methodology that consists of creating a parent
directory then copying files under it.

cygwin ( http://www.cygwin.com/ ) allows you to run traditional,
open source, unix applications under Windows. You need to install
it along with ssh to obtain the necessary files that we use in
our bare bones cygwin ssh.

After you install cygwin with ssh you need to locate the
following files and copy them into a parent directory:

    CYGCRYPTO.DLL
    CYGWIN1.DLL
    CYGZ.DLL
    SCP.EXE
    SFTP.EXE
    SSH.EXE
    SSH-ADD.EXE
    SSH-AGENT.EXE
    SSH-KEYGEN.EXE
    SSH-KEYSCAN.EXE

You only need to copy those files to install ssh (and a couple
of handy, secure file copying programs named scp and sftp) into
any Windows PC. If you want, you can even remove cygwin from the
PC that you originally used to obtain the files.

Those files fit on a pair of 3.5" diskettes. I always keep a pair
handy in the field in case I need to use a Windows PC to download
software from my server.

An example of how to use scp:

   scp -S ./ssh mach@192.168.1.1:data .

In the example, a user named mach wants to copy a file named data
from mach's home directory on a server with an IP address of
192.168.1.1 to the current directory of Windows.

You need to enter the -S argument to explicitly specify the path
to the ssh binary otherwise scp defaults to a path of usr/bin.
Notice that the -S argument uses forward slashes in place of the
reverse slashes typically found in Windows.

-- 
finger mach @ nym.alias.net for public key
If you send mail post a message telling me to check my mail.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals
References: <20020323165940.3560.qmail@gacracker.org>
Message-ID: <a7jduc$qlo$1@tron.sci.fi>
Organization: SAUNALAHDEN asiakas
Date: Sun, 24 Mar 2002 04:34:28 +0200
From: Jukka Aho <jukka.aho@iki.fi>
Subject: Re: Bare bones ssh for Windows

"Mach" <mach@redneck.gacracker.org> wrote:

> After you install cygwin with ssh you need to locate the
> following files and copy them into a parent directory:
>
> [list of files]
>
> You only need to copy those files to install ssh [...] into
> any Windows PC. If you want, you can even remove cygwin from
> the PC that you originally used to obtain the files. Those
> files fit on a pair of 3.5" diskettes. 


PuTTY would be yet easier, as it only consists of one executable
which nicely fits on a single floppy. No need to fool around with
cygwin, either.

You can find PuTTY (which is open source and free to download) at

    http://www.chiark.greenend.org.uk/~sgtatham/putty/
    http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

 -- znark


    [See documentation at http://the.earth.li/~sgtatham/putty/0.58/htmldoc/]


 //////////////////////////////////////////////////////////////////////////////

For a Windows PC, see also TeraTerm's SSH extensions:

    http://www.zip.com.au/~roca/ttssh.html

or the MIT FiSSH Secure Shell Client package:

    http://pgpdist.mit.edu/FiSSH/index.html

 ..............................................................................

I've seen the announcement of a new open-source client for Windows PCs,
called MSSH (Metro's Secure Shell) providing a GUI front end to OpenSSH;
two versions, one limited version running native under Windows, the
other using OpenSSH under Cygwin:
    
    http://cs.mscd.edu/MSSH/index.html

 ..............................................................................

HOWTO documents

    SSH with Keys 
    http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html

    Encrypted Tunnels using SSH and MindTerm HOWTO
    http://en.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals
Message-ID: <5f471bece67c97b3@mayday.cix.co.uk>
Organization: Mayday Technology Ltd
Date: Sun, 24 Mar 2002 10:13:49 +0000
From: robert$1@mayday.cix.co.uk
Subject: Re: PuTTy is also a good one...

On Sat, 23 Mar 2002, ThePsyko wrote:

> I prefer SecureCRT to putty though :)

Okay, as I have an interest in this I'll bite.

CRT 3.4.3
  2.4 Mb Includes a windows installer.

PuTTY
  400k Bare exe only needed. Other tools, agent, keygen, psftp etc are
  around 200k each. Total 1.2Mb.

PuTTY provides full source code, CRT is binaries only.
  Source code is, approx, another 400k.

PuTTY has better emulation.
  CRT doesn't 'eat' all VTxxx sequences that it doesn't support.
  CRT has no support for alternate host character encodings.
  PuTTY can use many different host character encodings including UTF-8
  PuTTY has some support for DBCS character encodings.
  PuTTY has compose key support (on the windows menu key or AltGr)
  PuTTY understands more of the real VT100 codes.
  CRT understands more of the real VT220 codes.
  PuTTY works out of the 'box' as an accurate colour Xterm.
  CRT fails various vttest tests including 'BUG F' and the funny scroll
    regions test, PuTTY does not.

PuTTY has better display
  CRT will only double size it's own font, putty will do any unless
    told not to in which case it will double space.
  CRT can only display VT graphics with it's own font PuTTY can use any
     windows font and even does the 'stepped lines' properly.
  CRT's fullscreen mode either has 'too small' characters or no line
     drawing characters.

CRT has modem and TAPI connectivity PuTTY has only ssh, telnet and rlogin.
CRT can do in channel zmodem file transfers.
CRT has some scripting support PuTTY does not.
CRT has easier selection of emulation, however PuTTY can emulate all the
  terminals CRT can _if_ you set it up.  (In fact PuTTY's Linux terminal
  support actually works, unlike CRT)

CRT's scrollback is limited to 32000 lines, PuTTY's is limited by memory.
CRT has inline printing support.
CRT has a generic keymap editor.

And finally, PuTTY will not let the host overwhelm it.  Eg: cat /dev/zero
will lockup CRT's network module but PuTTY doesn't even notice.

I prefer PuTTY as I don't need the extra features that CRT gives however
before I found and contributed to PuTTY my favorite was CRT (I even _paid_
for a copy!)

-- 
Rob.                          (Robert de Bath <robert$ @ debath.co.uk>)
                                       http://www.cix.co.uk/~mayday

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals
References: <5f471bece67c97b3@mayday.cix.co.uk>
    <Xns91DB5A00147BAIWishIWas@marashouse.org>
Message-ID: <3C9E05F1.ED36336D@someoneelse.com>
Organization: Theoretical
Date: Sun, 24 Mar 2002 16:58:26 GMT
From: HiEv <spam@someoneelse.com>
Subject: Re: PuTTy is also a good one...

ThePsyko wrote:
[snip]
> hmmm... perhaps PuTTY deserves another looksee then... it's been a couple
> years since I switched over... what version is it at now?

It's up to v0.52 now.  (Last update 2002-01-14)  See:

    http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

-- 
The difference between intelligence and stupidity is that intelligence
has its limits.

    [Archivist's Note: Version 0.56 was released on 2004-10-26.]
    [In 2006, 0.58 appears to be current.]

 //////////////////////////////////////////////////////////////////////////////
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html

From the PuTTY FAQ: 

    A.10.3 What does "PuTTY" mean?

    It's the name of a popular SSH and Telnet client. Any other meaning
    is in the eye of the beholder. It's been rumoured that "PuTTY" is the
    antonym of "getty", or that it's the stuff that makes your Windows
    useful, or that it's a kind of plutonium Teletype.   We couldn't
    possibly comment on such allegations. 

 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 //////////////////////////////////////////////////////////////////////////////

For more information on the quality and quirks of the terminal emulation
implemented in the "PuTTY" package, see 

    http://www.cs.utk.edu/~shuford/terminal/term_emulator_products.txt

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <ad3qat$n49@portal.gmu.edu>
Organization: George Mason University, Fairfax, Virginia, USA
Date: 30 May 2002 00:04:45 GMT
From: Markus Gyger <mgyger@gmu.edu>
Subject: PuTTY Mouse Pointer Color

On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that makes it
difficult to select words (e.g. using double click) on the default black
background. Does anybody know how to change the mouse pointer color or
how to have it a mask or shadow in a different color?

Markus

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
References: <ad3qat$n49@portal.gmu.edu>
Message-ID: <uUp*HGxpp@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 30 May 2002 09:19:16 +0100 (BST)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: PuTTY Mouse Pointer Color

Markus Gyger <mgyger@gmu.edu> wrote:
|
| On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that
| makes it difficult to select words (e.g. using double click)
| on the default black background.


PuTTY itself doesn't do this. PuTTY asks the system for its default
I-beam mouse pointer, and uses whatever it gets.

I've seen the phenomenon you mention myself on NT 4, but I think it's
due to the graphics driver - on other NT 4 boxes the same thing didn't
happen.

The default I-beam mouse pointer is composed of `reverse' pixels, which
are supposed to invert the colour under them, so the pointer should show
up as black when on a white background and white when on a black
background. When I checked carefully on the NT 4 box that had the
problem, the mouse pointer was indeed composed of `reverse' pixels, but
they simply weren't doing their job properly. This is the graphics
driver's fault; the only thing PuTTY does to provoke it is to have a
black background by default.

The only solution I could find (apart from changing my graphics driver)
was to design myself a fixed-colour mouse pointer, with a white I-beam
surrounded by a black outline so it would be visible everywhere.
Installing that in place of the standard I-beam solved my problem,
though it looked a bit ugly on white backgrounds.

-- 
Simon Tatham         These are my opinions. There are many
<anakin@pobox.com>   like them but these ones are mine.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals
References: <20020323165940.3560.qmail@gacracker.org>
    <a7jduc$qlo$1@tron.sci.fi>
Message-ID: <20020324203605.5536.qmail@gacracker.org>
Organization: mail2news@dizum.com
Date: 24 Mar 2002 20:36:05 -0000
From: Mach <mach@redneck.gacracker.org>
Subject: Re: Bare bones ssh for Windows

In alt.hacker Jukka Aho <jukka.aho@iki.fi> wrote:
|
| PuTTY would be yet easier, as it only consists of one executable
| which nicely fits on a single floppy. No need to fool around with 
| cygwin, either.

Agreed - if you just want a Win* ssh client, PuTTY looks like
the better choice.

That said, one of the primary objectives in my original article 
was to explore the minimal installation required for cygwin. My 
research provided the following info:

1. You only need CYGWIN1.DLL to run an app compiled for
   cygwin, unless the app itself relies upon other
   package. (i.e. SSH relies upon the gzip and crypto
   packages, which means you also need CYGCRYPTO.DLL and
   CYGZ.DLL in order to run SSH.EXE.)

2. You DO NOT need to use a cygwin bash shell to invoke
   an app.

3. Although cygwin's bash shell app updates the Win*
   registry, you can invoke cygwin apps directly and
   they leave the registry alone.
 
Granted, those points may seem intuitively obvious to smarter
people. ;)

> You can find PuTTY (which is open source and free to download)
                               ^^^^^^^^^^^

I *demand* open source these days. When I fiddled with PuTTY a 
few years ago, I overlooked its open source.

Here's my reasons for continuing to use cygwin's ssh:

1) Both unix and Win* ssh use the same source. I like to make
   open source apps do double duty in the unix and Win* worlds
   whenever possible. It helps me keep my sanity. :)

2) My perception that ssh enjoys a wider, more diverse user
   base that may allow bugs to surface faster to ensure a
   robust app.

-- 
finger mach @ nym.alias.net for public key
If you send mail post a message telling me to check my mail.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1118781223.896983.100610@g14g2000cwa.googlegroups.com>
Message-ID: <83psuo4jsk.fsf@chiark.greenend.org.uk>
Organization: University of Cambridge, England
Date: Wed, 15 Jun 2005 00:10:03 +0100
From: Owen Dunn <owend@chiark.greenend.org.uk>
Subject: Re: Can i copy my putty shortcuts from one computer to another.?

"Naras" <roopanaras@gmail.com> writes:
>
> Can i copy my putty shortcuts from one computer to another.?

Yes.

From a Command Prompt (DOS window) on your old computer, run:

   REGEDIT /EA  putty.reg HKEY_CURRENT_USER\Software\SimonTatham\PuTTY

Copy the putty.reg file this creates to your new computer.  Find that
file on your new computer in Explorer and double-click it.  This
should import all your PuTTY saved sessions on the new computer.

(S)


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: 207.34.94.246
NNTP-Posting-Date: Mon, 17 Jan 2005 13:28:54 MST
References: <3037a80c.0501150758.37662745@posting.google.com>
Message-ID: <41ec1e4a@news.nucleus.com>
Date: Mon, 17 Jan 2005 20:28:54 GMT
From: Colin B. <cbigam@somewhereelse.nucleus.com>
Subject: Re: NEW version of TeraTerm released on January 10th 2005.

boris <lmcbmai@hotmail.com> wrote:
>
> This is good news for all TeraTerm users. New version is supporting
> SSH2, UTF-8, IPv6 and much more. Scroll buffer increased from 10000
> to 500000 80-character lines, command broadcasting to multiple open
> TeraTerm windows is coming soon. Linux version of TeraTerm is also
> not far away.
>
> Support forum was set up a week ago at
>
> http://www.neocom.ca/forum/index.php
>
> You can ask your questions, post suggestions and report bugs there.
> Yutaka Hirata is the one who started developing TeraTerm further last
> summer. To download the latest version, visit Yutaka's home page at
>
> http://sleep.mat-yan.jp/~yutaka/windows/index.html
>
> Last release is also available from the mirror in North America. You
> will find the link to it under 'Announcements' forum.


This is great news! I've had both TeraTerm and Putty on all of my
Intel machines, so I can do serial connections (from TeraTerm),
and SSH2 (from Putty). Now I can eliminate one.

Thanks Boris, and thanks to Yutaka as well.

Colin

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, comp.terminals
References: <CMwB9.19759$%m4.6633@rwcrnsc52.ops.asp.att.net>
Message-ID: <YUy*oaFDp@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 17 Nov 2002 16:13:46 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: man pages in PuTTY ver.53b - stange characters

(note Followup-To)

KS <k_shepard*hotmail.com> writes:
>
> When I do a man page from PuTTY (from an Windows XP Professional system
> connecting to Redhat 8.0) I get a lot of random "ậ" characters. Only
> without the period underneath. Is there setting that will eliminate this
> or is it just a small but that probably will not get fixed? 
>
> When I do these man pages directly on my Linux box, I do not have the
> same problem. Thanks in advance!

Have you tried using UTF-8 translation in PuTTY? See my recent posting 
<http://groups.google.com/groups?q=msgid%3AXtD%2ARtLCp%40news.chiark.greenend.org.uk>.

This is turning into an FAQ for us, so please reply or mail
putty@projects.tartarus.org if you resolve this issue.

If RH8 has switched to expecting a UTF-8 terminal by default, I'm not
sure what the right solution is -- for the RH system to send an
appropriate escape code at some point, or to expect users to switch
PuTTY into UTF-8 mode, or what.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
References: <3d0eb77f.0@139.142.84.10> <aeq592$iru$1@kermit.esat.net>
    <cWy*WEgrp@news.chiark.greenend.org.uk> <3D11CE15.6070702@hotmail.com>
Message-ID: <rgo*MqXrp@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 28 Jun 2002 13:03:37 +0100 (BST)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: printing with putty

vervoom <vervoom@hotmail.com> writes:
>
>Should I be issuing a command like 'lp file' ?

This is nothing to do with SSH, but never mind:

What you should do depends on your software. The way it works is that
when PuTTY sees a particular escape sequence, it starts directing all
received data to a printer instead of the screen (another sequence
turns this off).

There is a C program called 'lpansi' floating around which will do
this -- Google for it.

>And then do I need to configure mthe server to print to the printer
>that I've set up in Putty? In which case I'm not quite sure why I
>would need to tell Putty which printer to send the data to?

You need to arrange that the server sends printer data in the
appropriate format (PostScript, PCL, etc). The configuration in PuTTY
is simply to route the raw data to the right place.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
References: <3d0eb77f.0@139.142.84.10> <aeq592$iru$1@kermit.esat.net>
    <cWy*WEgrp@news.chiark.greenend.org.uk> <3D11CE15.6070702@hotmail.com>
    <rgo*MqXrp@news.chiark.greenend.org.uk>
Message-ID: <3D2053F1.6060607@hotmail.com>
Organization: British Airways PLC
Date: Mon, 01 Jul 2002 14:06:57 +0100
From: vervoom <vervoom@hotmail.com>
Subject: Re: printing with putty

Thanks Jacob,

That's excellent. I've got it to work now. Thanks very much.

JS.

ps. Sorry that it wasn't relevant to SSH. It seems to be the only place
you can get help with Putty though.

 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.security.ssh
References: <CHqS8.21613$5M2.1146444@news4.srv.hcvlny.cv.net>
    <afdnl1$gsu2@imsp212.netvigator.com>
    <FmA*UnRrp@news.chiark.greenend.org.uk>
    <DCIS8.29773$5M2.1525654@news4.srv.hcvlny.cv.net>
    <3D1C9FB5.4080106@nospam.icon-labs.com>
Message-ID: <lY2U8.86888$5M2.3502506@news4.srv.hcvlny.cv.net>
Organization: Optimum Online
Date: Mon, 1 Jul 2002 16:29:08 -0400
From: Ron <dishntwk4532@optonline4532.net>
Subject: Re: PuTTY with Linux

Ron wrote:
>
> All result in "conection reset by peer", either using PuTTY or using 'ssh
> x.x.x.x' from a command prompt.


"Pete Flugstad" <pete_flugstad@nospam.icon-labs.com> wrote in message
<3D1C9FB5.4080106@nospam.icon-labs.com>...
>
> It's likely that something else (i.e. not related to OpenSSH, PuTTy,
> etc) is causing this.  The thing that comes to mind is the firewall
> stuff that RedHat sets up.  You have to make sure that the firewall
> configuration allows incoming SSH connections.  I would guess that yours
> is not configured for this, so it's rejecting all incoming connections.
> The box can SSH back to itself since that goes over the loopback
> interface, not an external interface.
>
> Pete Flugstad
> Icon Labs


BINGO!! I temporarily dropped the FW rules, and I got in.  It was not
even being logged in /var/log/secure because it never got that far. 

Thank you so much for your help!!!

Best regards,
Ron

 //////////////////////////////////////////////////////////////////////////////

Date: Tue, 26 Oct 2004 19:25:28 +0100
To: putty-announce@lists.tartarus.org
From: Simon Tatham
Subject: SECURITY UPDATE: PuTTY version 0.56 is released

SECURITY UPDATE: PuTTY version 0.56 is released
-----------------------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    http://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

This version fixes a security hole in previous versions of PuTTY,
which can allow an SSH2 server to attack your client before host key
verification. This means that you are not even safe if you trust the
server you _think_ you're connecting to, since it could be spoofed
over the network and the host key check would not detect this before
the attack could take place. The attack can allow the server to
execute code of its choice on the client.

This vulnerability was found by iDEFENSE, who we expect to release
an advisory on the subject shortly.

In addition to this security fix, there have been some other bug
fixes and new features. Notable among them are:

 - Ability to restart a session within an inactive window, via a new
   menu option.

 - Minimal support for not running a shell or command at all in SSH
   protocol 2 (equivalent to OpenSSH's `-N' option). PuTTY/Plink
   still provide a normal window for interaction, and have to be
   explicitly killed.

 - Transparent support for CHAP cryptographic authentication in the
   SOCKS 5 proxy protocol. (Not in PuTTYtel.)

 - More diagnostics in the Event Log, particularly of SSH port
   forwarding.

 - Ability to request setting of environment variables in SSH
   (protocol 2 only). (However, we don't know of any _servers_ that
   support this.)

 - Ability to send POSIX signals in SSH (protocol 2 only) via the
   `Special Commands' menu. (Again, we don't know of any servers
   supporting this.)

 - Bug fix: The PuTTY tools now more consistently support usernames
   containing `@' signs.

 - Support for the Polish character set `Mazovia'.

 - When logging is enabled, the log file is flushed more frequently,
   so that its contents can be viewed before it is closed.

 - More flexibility in SSH packet logging: known passwords and
   session data can be omitted from the log file. Passwords are
   omitted by default. (This option isn't perfect for removing
   sensitive details; you should still review log files before
   letting them out of your sight.)

 - Unix-specific changes:
    * Ability to set environment variables in pterm.
    * PuTTY and pterm attempt to use a UTF-8 line character set by
      default if this is indicated by the locale; however, this can
      be overridden.

 - Various minor bug fixes and robustness improvements.

I repeat: PuTTY 0.56 fixes a SERIOUS SECURITY HOLE in all previous
versions of PuTTY. You should upgrade now.

Enjoy using PuTTY!

Cheers,
Simon
-- 
Simon Tatham         "What a caterpillar calls the end of the
                      world, a human calls a butterfly."

 ..............................................................................
 ..............................................................................

List-ID: Announcements of updates to PuTTY <putty-announce.lists.tartarus.org>
Message-ID: <E1D2taM-0005R1-00@ixion.tartarus.org>
Date: Sun, 20 Feb 2005 16:05:30 +0000
To: putty-announce@lists.tartarus.org
From: "Simon Tatham" <anakin@pobox.com>
Subject: SECURITY UPDATE: PuTTY version 0.57 is released

SECURITY UPDATE: PuTTY version 0.57 is released
-----------------------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    http://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
soon as possible.

This version fixes a security hole in previous versions of PuTTY,
which can allow a malicious SFTP server to attack your client. If
you use either PSCP or PSFTP, you should upgrade. Users of the main
PuTTY program are not affected. (However, note that the server must
have passed host key verification before this attack can be
launched, so a man-in-the-middle shouldn't be able to attack you if
you're careful.)

This vulnerability was found by iDEFENSE, who we expect to release
an advisory on the subject shortly.

In addition to this security patch, there are also a few very minor
bug fixes which should stop PuTTY from crashing in circumstances
involving port forwarding, or failing to correctly perform X
forwarding. Other than that, though, 0.57 is almost identical to the
previous release 0.56.

I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous
versions of PSCP and PSFTP. If you use either of those programs, you
should upgrade now.

Enjoy using PuTTY!

Cheers,
Simon

-- 
Simon Tatham         "The distinction between the enlightened and the
<anakin@pobox.com>    terminally confused is only apparent to the latter."


 ..............................................................................
 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
Message-ID: <H-j*BsFBr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: Wed, 24 Jan 2007 21:41:01 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: PuTTY version 0.59 is released

I haven't posted PuTTY release announcements here in the past, but I
thought this one might be of interest to at least some people on this
group, owing to the new serial-port functionality.

My current intention is that this posting should be a one-off; but if
consensus on this newsgroup is that I should post here about all PuTTY
releases in future, then I will. (And conversely, if consensus is that
I shouldn't even have posted this one, I'll apologise.)

PuTTY version 0.59 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    http://www.chiark.greenend.org.uk/~sgtatham/putty/

New features in this release include:

 - PuTTY can now connect to a local serial port, as an alternative
   to making a network connection.

 - Windows PuTTY now has the same local proxy support as Unix PuTTY
   (equivalent to OpenSSH's `ProxyCommand' option), allowing network
   connections to be managed by a separate proxy program of your
   choice. Plink also has a new `-nc' mode which makes it a useful
   local proxy command.

 - The manual is now provided in HTMLHelp format as well as
   old-style WinHelp, meaning that online help will be available on
   Windows Vista.

 - Support for password expiry in SSH-2.

 - Various performance improvements and cryptography upgrades.

Bug fixes in this release include:

 - PuTTY should now run on all variants of Windows XP, without
   giving the `application configuration is incorrect' error.

 - The file transfer utilities PSCP and PSFTP now support files
   bigger than 2Gb (provided the underlying operating system does
   too).

 - Font linking (the automatic use of other fonts on the system to
   provide Unicode characters not present in the selected one)
   should now work again on Windows, after being broken in 0.58.

 - On Windows, the random seed file PUTTY.RND should now be stored
   in a more sensible place by default.

 - IPv6 should now work in Windows Vista as well as earlier versions
   of Windows.

 - Numerous other small bug fixes.


Enjoy using PuTTY!

-- 
Simon Tatham         "I'm cross. I'm going to have a tantrum.
<anakin@pobox.com>    <pause> How do I start?"            - my uncle

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1171756554.323206.55710@p10g2000cwp.googlegroups.com>
Message-ID: <22q*XqGDr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 18 Feb 2007 08:39:34 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: PuTTY 0.59 crashes a lot on serial port

florin.andrei@gmail.com <florin.andrei@gmail.com> wrote:
>
> I was excited about the new serial port feature in PuTTY 0.59, but
> the problem is--it crashes all the time.


Yes, there was a very embarrassing bug in the release. 

The development snapshots should have it fixed, and we hope to put out
a bug-fix release reasonably soon.

(It's very annoying: a bug like that _should_ by rights have caused
a crash every time, but for some reason it never crashed for me, in
three months of testing, so I didn't notice it. :-/ )

-- 
Simon Tatham         These are my opinions. There are many
<anakin@pobox.com>   like them but these ones are mine.


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
Message-ID: <qTv*uAsJr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: Sun, 29 Apr 2007 14:14:56 +0100 (BST)
From: Simon Tatham <anakin@pobox.com>
Subject: PuTTY 0.60 is released

PuTTY version 0.60 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    http://www.chiark.greenend.org.uk/~sgtatham/putty/

This is a minor patch release to 0.59; it contains only bug fixes,
and only very minor new features. New features include:

 - Pressing Ctrl+Break now sends a serial break signal in the serial
   back end, and in the SSH and Telnet backends it asks the server
   to do the same (if the server supports it). The previous
   Ctrl+Break behaviour can still be triggered with Ctrl-C.

 - On Windows, it is no longer necessary to configure high-numbered
   serial lines such as COM10 as `\\.\COM10'; PuTTY does this
   automatically.

 - You can now store a host name in the Default Settings.

Bug fixes include:

 - Embarrassingly, both of the major new features in 0.59 (serial
   support and local proxy support) caused frequent crashes on many
   Windows machines. We didn't notice this because for some reason
   they never crashed for us in months of testing!

 - In 0.59, it was possible to lock yourself out of the configuration
   dialog by configuring a serial connection in Default Settings. This
   should no longer be possible.

 - We've had reports of the error message `Unable to read from
   standard input' in Plink 0.59. We've found and fixed one cause of
   this message, and added better diagnostics in case there are
   others.

 - 0.59 could emit malformed SSH-2 packets that upset some servers
   (such as Foundry routers). Fixed.

 - Other minor bug fixes.

Enjoy using PuTTY!

-- 
Simon Tatham         "A defensive weapon is one with my finger on the
<anakin@pobox.com>    trigger. An offensive weapon is one with yours."


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <4667e222@127.0.0.1>
Message-ID: <EZj*1eGMr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 07 Jun 2007 14:15:02 +0100 (BST)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: Ctrl+Break in Putty v0.60

Ken  <newsuser852@hotmail.com> wrote:
>
> In previous Putty v0.58, I can use "Control+Break" to stop the running
> program and enter into the design mode of Quick Basic 4. However, the
> Putty v0.60 changed that ***Pressing Ctrl+Break now sends a serial break
> signal***.

Before Ctrl+Break sent a serial break, it was a synonym for Ctrl+C.
So you should still be able to use Ctrl+C for anything you'd
previously have done with Ctrl+Break.

-- 
Simon Tatham         "That all men should be brothers is a
<anakin@pobox.com>    dream of people who have no brothers."


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <cvk9ei$pio$1@news.sap-ag.de>
Message-ID: <83hdk2ji4j.fsf@chiark.greenend.org.uk>
Organization: University of Cambridge, England
Date: 24 Feb 2005 11:46:04 +0000
From: Owen Dunn <owend@chiark.greenend.org.uk>
Subject: Re: PuTTY on a "Windows Terminal Server"

"Michael Pohlmann" <michael.pohlmann@sap.com> writes:
>
> we are planning to use PuTTY for a number of users in parallel on a
> Windows Terminal Server. Does anyone of you have experience in
> running PuTTY simultaniously for a number of users, say 20 or 30?
> As far as I know, PuTTY stores connection information in the registry,
> but how does it work for more users if they all share the same
> server, thus the same registry?

PuTTY stores settings in the HKEY_CURRENT_USER hive of the Registry,
so each individual Windows user will have his own PuTTY settings.

This works even when PuTTY is running on a Windows Terminal Server
or Citrix server.

(S)

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com>
Message-ID: <RFm*u73vr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 17 Nov 2006 18:11:31 +0000 (GMT)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: PuTTY and unix domain sockets / windows named pipe

roytam@gmail.com writes:
>
>It is nice to see if PuTTY can work with unix domain sockets / windows
>named pipe.

PuTTY doesn't directly support this.

However, it does support a "local proxy" where input/output come from a
process' standard input / output.

http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy

If you can find a command which will connect that to a Unix domain
socket / named pipe, you should be fine.

0.58 supports this on Unix, but on Windows you'll need a recent
development snapshot for local proxy support.

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html


 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: 210.6.239.200
NNTP-Posting-Date: Mon, 20 Nov 2006 02:12:06 +0000 (UTC)
References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com>
    <RFm*u73vr@news.chiark.greenend.org.uk>
Message-ID: <1163988722.648896.144730@f16g2000cwb.googlegroups.com>
Date: 19 Nov 2006 18:12:02 -0800
From: roytam@gmail.com
Subject: Re: PuTTY and unix domain sockets / windows named pipe

Jacob Nevins wrote:
> roytam@gmail.com writes:
> >It is nice to see if PuTTY can work with unix domain sockets / windows
> >named pipe.
>
> PuTTY doesn't directly support this.
>
> However, it does support a "local proxy" where input/output come from a
> process' standard input / output.
>
> http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy
>
> If you can find a command which will connect that to a Unix domain
> socket / named pipe, you should be fine.
>
> 0.58 supports this on Unix, but on Windows you'll need a recent
> development snapshot for local proxy support.
>
> http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html


It is hard to find a tool to attech a named pipe to telnet connection
or STDIO for windows.

As the serial backend is done, I think UNIX domain socket / named pipe
can be easily done by modify the serial backend a bit.

    named pipe example:
    http://msdn2.microsoft.com/en-us/library/aa365592.aspx

    UNIX domain socket example:
    http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html

Regards,
Roy

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
References: <afnhvq$ata$1@lnx107.hrz.tu-darmstadt.de>
    <afnr4q$1r6s$1@agate.berkeley.edu> <afpf0d$hu$1@lnx107.hrz.tu-darmstadt.de>
Message-ID: <slrnai0ur8.78.I.H.Gregory@ihg0.herts.ac.uk>
Organization: University of Hertfordshire
Date: 1 Jul 2002 15:55:21 GMT
From: Ian Gregory <I.H.Gregory@herts.ac.uk>
Subject: Re: X over ssh tunnel

In article <afpf0d$hu$1@lnx107.hrz.tu-darmstadt.de>, J wrote:
>Alan Coopersmith wrote:
>
>> J <asdf@x.de> writes in comp.security.ssh:
>> |If i open a ssh tunnel for X-display forwarding (programs i run on the
>> |server appear on my desktop), is it possible for someone else on the
>> |server to see my X-display?
>> |If so under which circumstances?
>>
>> Yes, if you do something stupid like 'xhost +' or 'xhost +server' to
>> disable X security - but that's true regardless of whether or not you
>> use ssh.  (And of course, on most UNIX systems, someone with root access
>> can always do all sorts of evil things and there's nothing you can
>> really do about that.)
>>
>
>And if i dont run xhost. is there still any danger?
>I recognised that x is listening on port 6000. does
>that have anything to do with the display?


Anyone can make a TCP connection to port 6000 and speak X.
Whether that gets them anywhere depends.

If you have done 'xhost +' they *can* use your display which includes
capturing your keystokes. You could disable xhost authentication and
then they would have to somehow steal your magic cookie to gain access.

In any case, if you use ssh with X forwarding, there is no need to have
the X server listen on 6000. If your particular X server has the option
of not listening then use this, otherwise use IP filtering to block
external access to pot 6000 if you are worried.

-- 
Ian Gregory
Systems and Applications Manager
Learning and Information Services
University of Hertfordshire


 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.security.ssh
References: <b5312766.0206241314.78b80d56@posting.google.com>
Message-ID: <slrnahu919.g19.dima@odyssey.bmrb.wisc.edu>
Organization: only myself
Date: Sun, 30 Jun 2002 15:30:48 +0000 (UTC)
From: Dimitri Maziuk <dima@127.0.0.1>
Subject: Re: Using SSH over SSL

begin 666 your_newsreader_is_broken
thus spake Kornshell:
>
> I'm wanting to do some performance tests using unencrypted SSH
> connections over SSL Vs. SSH connections using the built in ciphers.
> I'm trying to see if I can squeeze a little more performance from ssh
> and scp (without doing TCP tuning) I have been trying to use stunnel
> to tunnel my connection, but it doesn't seem to be working. I have
> stunnel and SSH (along with the daemon) running in my user space since
> I don't (and won't) have root access to the two machines that I'm
> doing the tests on.
>
> Has anyone out there used unencrypted SSH sessions over SSL? If so,
> how would I get   the stunnel server and client configured to
> correctly tunnel the SSH connection?


I suspect SSH (OpenSSH at least) uses SSL library for encryption
anyway, so you won't see any noticeable difference. (Of course,
if SSH protocol was designed properly, they'd leave encryption
to SSL in the first place.)

FWIW, when OpenSSH folks dropped the cipher=none option I did a
few tests on large-ish files. Size increase was below 1% and
transfer time increase was below the resoluton of time command.

Dima
-- 
I'm going to exit now since you don't want me to replace the printcap. If you
change your mind later, run                     -- magicfilter config script


 //////////////////////////////////////////////////////////////////////////////

Apple includes an "ssh" command in Mac OS X (as of 10.1.2), which can be
used from the "Terminal" environment (a VT100 emulator).

For "classical" MacOS 8.x and 9.x, some client programs are

    MacSSH
    http://pro.wanadoo.fr/chombier/

    NiftyTelnet SSH
    http://www.lysator.liu.se/~jonasw/freeware/niftyssh/

    dataComet-Secure
    http://www.databeast.com/

 ..............................................................................

Web/Portable SSH implementations:

   MindTerm Secure Shell Client (SSH)
   http://www.appgate.com/ag.asp?template=products&level1=product_mindterm

   Java Telnet App 
   http://javassh.org/

 ..............................................................................

And for Windows, these packages not discussed above:

   Kermit-95
   http://www.columbia.edu/kermit/k95.html

   SecureCRT
   http://www.vandyke.com/

   X-SecurePro & SSHPro
   http://www.labtam-inc.com/
   http://www.labtam-inc.com/index.php?act=products&t=overview&pid=11

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <b3pumh$lvj$1@enigma.mscd.edu>
Organization: Metro State College of Denver Computer Science
    http://cs.mscd.edu
Date: Sat, 1 Mar 2003 09:32:01 +0000 (UTC)
From: Steve Beaty <beatys@mscd.edu>
Subject: MSSH: a generic Windows 95/98 ssh client

The Metropolitan State College of Denver would like to announce the
availability of a generic ssh client for Windows (95, 98, NT, 2000, XP, and
quite possibly, WinCE).  It creates and manages ssh tunnels, allowing any
application to have a secure connection.  Creating simple VPN's is easy.
Please see the page at:

        http://cs.mscd.edu/MSSH/index.html

Documentation is included.  We also have two email discussion lists, one
for users with questions and another for developers.

--
Dr. Steve Beaty                                       Associate Professor
Metro State College of Denver               http://clem.mscd.edu/~beatys/

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: card.cc.umanitoba.ca
NNTP-Posting-Date: 30 Oct 2003 14:59:55 GMT
References: <bn3p6s$sta7j$1@ID-65957.news.uni-berlin.de>
Message-ID: <bnr91b$304$1@canopus.cc.umanitoba.ca>
Organization: The University of Manitoba
Date: Thu, 30 Oct 2003 08:59:54 -0600
From: Daryl Fonseca-Holt <fonsecah@cc.umanitoba.ca>
Subject: Re: OpenSSH e SPARC Solaris 7

Fillo wrote:
> 
> Could you help me ?!?
> 
> I've follow the faq to install SSH over Solaris 7.
> http://www.sunfreeware.com/openssh26-7.html
> On one machine it's all ok... but another one 250 accept the SSH login but
> teratermSSH immediatly shutdown... I can't read two lines of login before
> the login close...
> Wht's the problem ?!?
> 
> Thanks
> Filippo


It may be that TeraTermSSH only supports Protocol 1.    [yes]

Most SSH is shipping now  with it disabled as it is considered less secure.

Check sshd.config for a line  that should look like:

        Protocol 2,1

That line says negotiate for Protocol 2 first but if the client is unable 
fallback to Protocol 1.


 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.lang.java.programmer, comp.lang.java.softwaretools
Message-ID: <ecae9554.0311241329.7c29d55c@posting.google.com>
References: <ecae9554.0311101644.f7f5890@posting.google.com>
    <opryu9bpsnk05e3a@News.CIS.DFN.DE>
Date: 24 Nov 2003 13:29:10 -0800
From: Nuggy <nosenugget@excite.com>
Subject: Re: SSH Client

Andreas Schmidt <schmidt.2002@gmx.de> wrote in message
news:<opryu9bpsnk05e3a@News.CIS.DFN.DE>...
> Am 10 Nov 2003 16:44:42 -0800 hat Nuggy <nosenugget@excite.com> 
> geschrieben:
> 
> > I'm looking for an SSH client to imbed into my application.
>  
> > I need to incorporate this into my client app somehow, but I'm not
> > familiar enough with SSH to plod through all of the source code in
> > SSHTools's j2ssh and SSHTerm to be able to understand it all
> > (literally dozens of source files in these.. with very little
> > documentation that I could find).  I've got as far as creating and
> 
> Maybe "jsch" has a better documentation?
> Have a look at http://www.jcraft.com/jsch/

I was able to get both j2ssh and mindterm to port easily, but I was
running into display problems.  I tried jsch, and integrated it fairly
easily, but I encounter the same display problems; namely running a
script that calls an executable produces output from the script, but
not from the executable *until* the executable finishes, at which
point all output is then displayed.  It accepts input just fine.

See my post in comp.security.ssh for details.  Thanks for the
suggestion.

 ..............................................................................

Newsgroups: comp.security.ssh
Message-ID: <ecae9554.0311211316.694ee964@posting.google.com>
Date: 21 Nov 2003 13:16:49 -0800
From: Nuggy <nosenugget@excite.com>
Subject: Can't see output in SSH

I am having problems with seeing output from a program using SSH.

I need to pass in a script to execute.  Inside the script, an
executable program is called, which starts up an interactive
data-entry session with the user (display question, read input, rinse,
repeat).

If I use putty from the command line without calling the script, I get
my prompt, and can run the script and see the program execute just
fine.  But if I pass in a command file with the script in it, the
script still executes, it displays output from the script just fine,
and runs the executable, but the output from the executable is not
displayed on my screen immediately.

It can still accept input.. I can I can respond to prompts I know are
there, and it will accept and respond to my keystrokes.. but I never
see the output, UNTIL the executable finishes, as which point all the
output that it produced flashes briefly in the window before the
window closes.

I am seeing identical behavior using MindTerm's SSH java client which
I have integrated into a java application.  The window comes up and
displays shell output fine, but the executable's output isn't shown
until it's in the process of closing the window when it completes.

Again, with either putty or mindterm, if I don't pass in the command
to execute, I get my UNIX prompt, and I can type in the command to
start the script, and I see and can interact with the executable just
fine.  It's only when I pass in the script to run that I can't see the
executable's output.

What am I missing?  I need to have this dynamic; having to type in the
command at the prompt each time is not an option.  Please help!

my putty command line that works but I have to type in the command:

c:\putty.exe.lnk -ssh -t -l <user> -pw <pw> -2 <host>

The other one I tried that won't display the executable output:

c:\putty.exe.lnk -ssh -t -l <user> -pw <pw> -2 -m c:\cmdfile <host>
where "c:\cmdfile" is a text file containing the path to the UNIX
script to run.

I'd much rather use MindTerm since I've already integrated the
BasicClient into my application, as I don't really want to have 50
different "cmdfile"s on my drive for the many different commands I
will be running, so though I appreciate any help on either putty or
mindterm, information to help me get mindterm working would be
awesome.

Thanks!

-Nuggy

								(PuTTY)

 //////////////////////////////////////////////////////////////////////////////
 
Newsgroups: comp.terminals
NNTP-Posting-Host: 210.196.132.178
NNTP-Posting-Date: Thu, 24 Mar 2005 10:33:28 +0000 (UTC)
Message-ID: <1111660404.514944.231540@z14g2000cwz.googlegroups.com>
Date: 24 Mar 2005 02:33:24 -0800
From: "hakim.ron@gmail.com" <hakim.ron@gmail.com>
Subject: PuTTY GUI as windows cmd.exe replacement

Hi everyone,

Did anyone ever try to replace the PuTTY core, and just try to execute
cmd.exe instead.

I really dislike working with the command prompt, although sometimes I
have to. This is in complete contrast to the PuTTY GUI, which I find
very easy to work with.

So I was thinking about taking out the bulk of the PuTTY core, and
replacing it a call to cmd.exe. Hopefully cmd will detect it already
has a window, and not try to create on of it's own.
Did anyone try this in the past? With any success? Where can I get it?
(getting ahead of myself, as I don't see I'll have time to try to do
this myself in the near future)

Thanks,
Ron

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1111660404.514944.231540@z14g2000cwz.googlegroups.com>
Message-ID: <Q+i*ILkKq@news.chiark.greenend.org.uk>
Organization: Linux Unlimited
Date: 24 Mar 2005 11:33:30 +0000 (GMT)
From: Ben Harris <bjharris@chiark.greenend.org.uk>
Subject: Re: PuTTY GUI as windows cmd.exe replacement

In article <1111660404.514944.231540@z14g2000cwz.googlegroups.com>,
hakim.ron@gmail.com <hakim.ron@gmail.com> wrote:
>
> Did anyone ever try to replace the PuTTY core, and just try to execute
> cmd.exe instead.

    http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-command-prompt.html

The upshot of which is that it looks like Windows doesn't have Unix-like
pseudo-terminals, and just running cmd.exe in a pair of pipes loses you
command-line editing.

-- 
Ben Harris

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <B-y*1v46p@news.chiark.greenend.org.uk>
References: <RAUqb.4339$%Q5.4254@edtnps84>
    <vqr77qks81p484@news.supernews.com>
Organization: Yeah, right
Date: 09 Nov 2003 10:24:23 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: PuTTy escape sequence

> menno wrote:
>> I'm looking for an escape sequence for putty, with which I can change the
>> port forwarding/tunneling while the connection is open.

Julian Hsiao  <evil_live_ten_tod_erosinayn_ta_akodam> wrote:
> I think this is pretty close to this item on the wish list:
> <http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/osc.html>

Confusingly, some people use the phrase `escape sequence' to mean
the commands you (as the user) can send into OpenSSH by typing ~ as
the first character of a new line. So it's possible that the
original poster didn't mean it in the same way you (and I) would
naturally use the phrase.

> So, I assume it can't be done, and will never be implemented.

If your interpretation is correct, then you're quite right; having
PuTTY able to modify its port forwarding setup in response to output
sent by the server would be a major security misfeature.

However, if the original poster merely wants a way to reconfigure
port forwardings in mid-session from the client end, that is
something I do want to do:

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/portfwd-reconf.html
-- 
Simon Tatham         "My heart bleeds.
<anakin@pobox.com>    (That's how it works.)"   -- Gareth Taylor


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: c-24-128-53-74.hsd1.ma.comcast.net [24.128.53.74]
NNTP-Posting-Date: Mon, 16 May 2005 08:32:58 -0500
References: <1116244367.969917.198280@z14g2000cwz.googlegroups.com>
Message-ID: <pYmdnaon2eWWPBXfRVn-tw@comcast.com>
Date: Mon, 16 May 2005 09:35:07 -0400
From: Nico Kadel-Garcia <nkadel@comcast.net>
Subject: Re: UseLogin yes and X11 encryption

<kevin_vanw@yahoo.com> wrote in message
news:1116244367.969917.198280@z14g2000cwz.googlegroups.com...
>
> If I have UseLogin enabled, I realize that X11Forwarding is disabled
> because login can't handle it. So if I export my display, do a xhost +,
> and open an xterm, is my connection still encrypted? In other words,
> are X11 packets still encrypted even though X11Forwarding is disabled?
> I'm using recent versions of openssh.

SSH encryption of X connections via X11Forwarding creates a tunnel to carry
such traffic safely, point-to-point, instead of exposing your local machine
to the world.

What you ve done is to completely open your local X server to remote
manipulation by anyone who can reach your machine from elsewhere in your
network, and depending on your configuratiion anywhere in the world. This
can include some very nasty vulnerabilities, and some amusing ones. When I
caught someone doing that at an old workplace, despite my repeated warnings
about it and explanations of how to use SSH X11 forwarding, I ran the
"xroach" program on their unsecured display without their knowledge while
they were away at lunch.

The screams when they moved a window and the roaches popped out from under
it and ran around the screen were *prize*, followed by the shaky laughter
when they figured out what had happened, and I showed them how to *splat*
the roaches with the mouse. It did make my point, and they stopped doing
that.

 //////////////////////////////////////////////////////////////////////////////

References: <a5b78700.0411120418.4ce76172@posting.google.com>
Message-ID: <XZy*lgJzq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 15 Nov 2004 15:07:25 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: Putty vs MC numeric keypad HOW?

[followups set to comp.terminals]

Nagy Gergely <nagy.gergely@webshark.hu> writes:
>
>I use Putty for 3 years to access my servers, and i was also since
>then looking for a solution to get the numeric keypad in MC (Midnight
>Commander) working.
>
>The only thing i DON'T want, is to teach MC to the keypad, because my
>linux based terminals will not work properly after that.
>
>Is there any solution, setting Putty or the server side?


You haven't stated precisely what your problem is.

On experimenting, I find (with a Debian potato server) that checking
"Disable Application Keypad Mode" in PuTTY (on the Features panel)
allows me to use the keypad in MC in both cursor-keys-etc and numeric
mode, switching with Num Lock.

Without this, Num Lock acts as a function key (causing help to be
invoked as if F1 were typed), so only the cursor-keys mode is accessible.
It's possible that this may break other apps though--try it and see.

    http://the.earth.li/~sgtatham/putty/0.56/htmldoc/Chapter4.html#S4.6.1


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <vtLKd.496$AY3.116@trndny05>
Message-ID: <KWu*qpUFq@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 29 Jan 2005 13:27:28 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: Hot-key to minimize Putty

Barry <mail%polisource.com> wrote:
>
> Alt+Space+N usually minimizes the current window, but it doesn't
> work for Putty.

You should be able to configure it to (Window -> Behaviour -> System
menu appears on ALT-Space).

-- 
Simon Tatham         "Imagine what the world would be like if
<anakin@pobox.com>    there were no hypothetical situations..."

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Date: Sat, 29 Jan 2005 20:06:44 EST
NNTP-Posting-Host: pool-70-23-20-115.ny325.east.verizon.net [70.23.20.115]
References: <vtLKd.496$AY3.116@trndny05> <KWu*qpUFq@news.chiark.greenend.org.uk>
Message-ID: <EqWKd.3939$g_3.1304@trndny08>
Date: Sun, 30 Jan 2005 01:06:44 GMT
From: Barry <mail%polisource.com>
Subject: Re: Hot-key to minimize Putty

> You should be able to configure it to (Window -> Behaviour -> System
> menu appears on ALT-Space).
> --
> Simon Tatham         "Imagine what the world would be like if
> <anakin@pobox.com>    there were no hypothetical situations..."

Thanks guys.

Simon: That works. I configured Putty to open the system menu on ALT-Space,
so I just have to program down-arrow clicks to get to "minimize" and then
click "return." I'm glad that worked because there's no way to use sendkeys
to click the Windows icon key, and I don't want to learn C just for this.

Barry

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: ipath.rz-zw.fh-kl.de
NNTP-Posting-Date: Mon, 9 Mar 2009 09:10:39 +0000 (UTC)
Message-ID: <gp2mef$9le$1@news.uni-kl.de>
Organization: Universitaet Kaiserslautern
Date: Mon, 09 Mar 2009 10:08:15 +0100
From: Thorsten Peter <boba@apt.mine.nu>
Subject: Putty Keyboard Problem - Shift Tab

Hey folks,

I have been investigating a small issue that I have with Putty 0.60
since I started using it for my ssh/telnet sessions.
Been playing around with a lot of settings to find a solution, but no
luck yet ...

Using putty to connect to linux machines via ssh e.g. I am of course in
need of auto completion on the linux shell.

Basically auto completion works, except for when you hold down the shift
key while pressing TAB to autocomplete.

Other terminal clients can do this just fine, e.g. Teraterm or
Cygwin/rxvt. No problems there with using shift-tab.

I really can't imagine that no one ran into that "problem" before. But
it's hard to find any comments regarding this issue with putty on the web.

Especially when you have a lot of Upper-Case only files or directories,
that you want to auto complete with TAB this can get very annoying,
since you type the first few letters of the directory e.g. while holding
down shift, and usually don't let it go when pressing TAB to complete it.
Maybe someone here can help me with this. Putty gives me everything I
need from a terminal client. Finding a solution to this would be great.

thanks,

Thorsten

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <gp2mef$9le$1@news.uni-kl.de>
Message-ID: <eql*nZtBs@news.chiark.greenend.org.uk>
Organization: Tartarus.Org
Date: 09 Mar 2009 10:45:08 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: Putty Keyboard Problem - Shift Tab

Thorsten Peter  <boba@apt.mine.nu> wrote:
>
> Basically auto completion works, except for when you hold down the shift
> key while pressing TAB to autocomplete.
> Other terminal clients can do this just fine, e.g. Teraterm or
> Cygwin/rxvt. No problems there with using shift-tab.

It isn't at all clear from your report - you should make a habit of
stating precisely what you see and also explicitly stating what you
expected to see - but it _sounds_ as if you're expecting Shift+Tab
to do exactly the same thing as just pressing Tab without Shift. Is
that right?

PuTTY deliberately doesn't do this, because users _requested_ that I
turn Shift+Tab into a distinguishable control sequence, so that
applications which were displaying on-screen forms could use Tab to
move through the form fields in one order and Shift-Tab to move
through them in the reverse order, as you'd expect from the
equivalent form interface in environments like the Windows GUI.

The unavoidable effect of this is that Tab and Shift-Tab must send
different control sequences to the server, otherwise such an
application wouldn't be able to tell them apart.

A simple solution at your end would be to reconfigure your readline
settings so that PuTTY's control sequence for Shift-Tab (ESC [ Z) is
treated the same way as the sequence for Tab (equivalent to Ctrl-I).
For instance, in bash, you could write

  bind '"\e[Z": complete'

or, as a more global approach (which would benefit all readline-
using applications instead of just bash, since things like gdb also
use completion) you could add the line

  "\e[Z": complete

to ~/.inputrc.
--
Simon Tatham         What do we want?        ROT13!
<anakin@pobox.com>   When do we want it?     ABJ!

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: ipath.rz-zw.fh-kl.de
NNTP-Posting-Date: Mon, 9 Mar 2009 12:15:43 +0000 (UTC)
References: <gp2mef$9le$1@news.uni-kl.de> <eql*nZtBs@news.chiark.greenend.org.uk>
Message-ID: <gp319f$n33$1@news.uni-kl.de>
Organization: Universitaet Kaiserslautern
Date: Mon, 09 Mar 2009 13:13:19 +0100
From: Thorsten Peter <boba@apt.mine.nu>
Subject: Re: Putty Keyboard Problem - Shift Tab

Hi Simon,

sorry if I didn't explain the problem clear enough, but I think you got
what I meant ...

Your explanation makes sense to me. I will try to use your workaround
and do the respective bindings on one of my shells.

Thanks a lot for your support.

Thorsten

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: ipath.rz-zw.fh-kl.de
NNTP-Posting-Date: Mon, 9 Mar 2009 12:23:35 +0000 (UTC)
References: <gp2mef$9le$1@news.uni-kl.de> <eql*nZtBs@news.chiark.greenend.org.uk>
Message-ID: <gp31o7$nqn$1@news.uni-kl.de>
Organization: Universitaet Kaiserslautern
Date: Mon, 09 Mar 2009 13:21:10 +0100
From: Thorsten Peter <boba@apt.mine.nu>
Subject: Re: Putty Keyboard Problem - Shift Tab

Simon Tatham wrote:

> or, as a more global approach (which would benefit all readline-
> using applications instead of just bash, since things like gdb also
> use completion) you could add the line
>
>   "\e[Z": complete
>
> to ~/.inputrc.


Works like a charm Simon :-) Put the above into /etc/inputrc and I am all set ...

Thanks again,

Thorsten

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


Newsgroups: comp.terminals
NNTP-Posting-Host: 85.23.32.64
References: <luca_20090306163401@stratagy.com>
    <b2c7454d-6c8a-47db-a1cc-5f383f3bc49e@r27g2000vbp.googlegroups.com>
Message-ID: <8763hs4p7z.fsf@Astalo.kon.iki.fi>
Date: Sun, 29 Mar 2009 13:07:12 +0300
From: Kalle Olavi Niemitalo <kon@iki.fi>
Subject: Re: Terminal settings required to transmit ctrl+tab sequence

"F. Lucado" <lucado@list:stratagy.com> writes:

>  - what ASCII characters or character sequences do you want "vim"
>    to receive?

Xterm 227 can output CSI 27;5;9~ for Ctrl+Tab, if the
modifyOtherKeys resource is 1 or 2.  If one made Putty imitate
that, it would have at least some chance of being recognized by
existing applications.

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.terminals
NNTP-Posting-Host: 72.65.228.45
NNTP-Posting-Date: Sun, 29 Mar 2009 02:46:24 +0000 (UTC)
References: <b2c7454d-6c8a-47db-a1cc-5f383f3bc49e@r27g2000vbp.googlegroups.com>
    <luca_20090306163401@stratagy.com>
    <bd6e16ca-e406-4dde-8efd-ca4af26d7885@41g2000yqf.googlegroups.com>
Message-ID: <f751315c-71a9-4939-a3c4-366feb43bdd7@d19g2000yqb.googlegroups.com>
Organization: http://groups.google.com
Date: Sat, 28 Mar 2009 19:46:24 -0700 (PDT)
From: whit537 <whit537@gmail.com>
Subject: Re: Terminal settings required to transmit ctrl+tab sequence

Greetings,

> the aforementioned sequences as key bindings for tab navigation in vim

I'm looking for this too. Have you made any progress?

Like F. Lucado says, PuTTY is probably capturing Ctrl-Tab for its own
purposes and/or not passing it along. I don't see anything in its
configuration dialog. We would probably have to track this down in the
source.

Here's a reference to someone else capturing Ctrl-Tab for their own
custom version of PuTTY:

    http://www.stansell.org/tools/putty/

This makes me think that Ctrl-Tab is not used by PuTTY proper.

I've done some grepping in the source but am not seeing anything obvious
(my first time in this codebase though, lots of orientation happening).
I see a PK_TAB constant defined in putty.h that is used in terminal.c.
In general, it looks like all of the terminal emulation is done in that
file, and the unix, windows, and mac/macosx subdirectories are only for
the various GUIs.

I searched for "tab" in the Wishlist, Change Log, and FAQ, and came up
empty (although in the Change Log I did see a reference to Shift-Tab
support being added "[b]y popular demand.") At this point I think it's
safe to email the developers (putty@projects.tartarus.org), and I'll
do so if you haven't figured this out already.

-- 
chad


 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.terminals
NNTP-Posting-Host: 79.240.169.130
NNTP-Posting-Date: Sat, 25 Apr 2009 19:54:23 +0000 (UTC)
References: <b2c7454d-6c8a-47db-a1cc-5f383f3bc49e@r27g2000vbp.googlegroups.com>
Message-ID: <9a517bb6-3919-4509-a072-0cc64012cfea@v1g2000prd.googlegroups.com>
Date: Sat, 25 Apr 2009 12:54:23 -0700 (PDT)
From: livingwtf@gmail.com
Subject: Re: Terminal settings required to transmit ctrl+tab sequence

On 4 Mrz., 20:54, awifmaxz...@gmail.com wrote:
>
> I'd like to know what needs ot be done to configure my terminal
> (putty) to transmit ctrl+tab and ctrl+shift+tab character sequences to
> the (linux) server.
>
> AFAIK, this is a terminal emulation issue, and I'm hoping someone here
> might be able to help me. I've searched around for a solution but
> haven't found any references to it.
>
> The particular activity I'm trying to perform is simply to set up the
> aforementioned sequences as key bindings for tab navigation in vim.
>
> If anyone could provide me with some direction it'd be much appreciated


PuTTY doesn't act on CTRL+TAB.

You can patch PuTTY:

    http://scnr.net/blog/index.php/archives/61


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <bpkl1v$1pu8a2$1@ID-143219.news.uni-berlin.de>
References: <bpgkm0$1mlh0i$1@ID-143219.news.uni-berlin.de>
    <d8c847cd.0311200123.577cd4e4@posting.google.com>
Date: Fri, 21 Nov 2003 10:14:56 +0100
From: Oli K-u-r-t <oglimmer@yahoo.com>
Subject: Re: sftp on win

Eric wrote:
> try: sftp -s /usr/local/libexec/sftp-server user@hostname
> 
> note: assume sftp-server is located in /usr/local/libexec directory
> and on unix server.
>       checks - /usr/local/libexec is world accessable
>               /usr/local/libexec/sftp-server is world executable
>       create a symbolic links for sftp-server either in /usr/bin or
> /usr/local/bin to point to /usr/local/libexec/sftp-server
>       also, put /usr/local/libexec in the search path
> 
> hope this help.

Unfortunately it didn't work.

I uninstalled the package from

    http://lexa.mckenna.edu/sshwindows/

and in place of that I installed  the cygwin OpenSSH stuff.
And now it works pretty fine.

I don't know, but maybe that coheres with my Windows XP,
I also tested OpenSSH from 

    http://lexa.mckenna.edu/sshwindows/

on my Windows 2000 machine and there it works out of the box.

Anyhow, problem solved.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <3fba15d2$1@buckaroo.cs.rit.edu>
References: <98c767fe.0311180204.62c1d3dc@posting.google.com>
Organization: RIT, Department of Computer Science
Date: Tue, 18 Nov 2003 07:49:04 -0500
From: Carl Holtje <cwh0803@cs.rit.edu>
Subject: Re: SSH vs Telnet?

Ian Tresman wrote:
>
> What's the difference between SSH and Telnet?
> 
> Having created an RSA key for my server, I find that PuTTY does not
> need my Private RSA key if I select SSH1, just my username and
> password? In which case, what's the point of uploading my public
> RSA key?
> 
> Regards,
> Ian Tresman
> Derby, UK


SSH = encrypted
Telnet = plaintext

To see this in action, sit on a network where you can run a packet 
sniffer... log into a machine using telnet (observe your password in the 
clear), and then the same with ssh...

Telnet runs on TCP port 23, SSH on TCP port 22 for your filtering 
pleasures...

When in doubt, USE SSH!!!.. and not SSHv1...

There are ways of configuring your authentication methods.. this is 
generally a server-side thing, so you may or may not have access to this..

In either event, once your session has been established (even before the 
password is sent), your communication is secured...

For more fun, ssh someplace with the -v (for verbose) switch to ssh... 

this will show the handshake protocol in gory detail.. :)

Enjoy..

Carl

-- 
"There are 10 types of people in the world: Those who understand binary
and those that don't."

$>whoami: Carl Holtje
$>mail holtje: cwh0803@cs.rit.edu
$>cu: http://www.cs.rit.edu/~cwh0803
$>whois holtje:

   System Administrator Group
   Computer Science Department
   Rochester Institute of Technology

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
Message-ID: <pzx*wPQ7p@news.chiark.greenend.org.uk>
References: <98c767fe.0311180204.62c1d3dc@posting.google.com>
    <3fba15d2$1@buckaroo.cs.rit.edu>
    <Qwxub.125598$sd5.16842115@twister.columbus.rr.com>
Organization: WOMUMP
Date: 18 Nov 2003 23:20:59 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: SSHv1 vs SSHv2 (was: SSH vs Telnet?)

Rob Stampfli <restamp@hotmail.com> writes:
>Carl Holtje  <cwh0803@cs.rit.edu> wrote:
>>When in doubt, USE SSH!!!.. and not SSHv1...
>
>I know the conventional wisdom is that there are problems,
>or at least deficiencies, with SSHv1, but I have been unable
>to find any specifics as to why SSHv1 should be avoided on
>the internet.  Rather, it always appears as convention wisdom.

Here's something that may be somewhat better:

    http://www.snailbook.com/faq/ssh-1-vs-2.auto.html

Unfortunately the link about the CRC-32 insertion attack appears to
have rotted, but that should be enough to Google for.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 24.34.60.41
NNTP-Posting-Date: Tue, 09 Dec 2003 12:14:07 -0600
Message-ID: <K-KdnSb-oZ1tjUuiRVn-ig@comcast.com>
Date: Tue, 9 Dec 2003 13:14:32 -0500
From: Eric <ericriseman@comcast.net>
Subject: Mocana SSH and SSL

Hi All,
Don't know if I am allowed to advertise - if not - I apologize and will not
do again.....

Mocana provides SSH and SSL for embedded systems, written from the ground
up.  Very fast and very small (SSL is 50kb, SSH 70kb).  Written in C,
royalty Free, and support for any RTOS (including Linux) or any Processor.
Here are some special features unique to Mocana.........

SSH
*Highly portable, coded in ANSI-C
*Well written, designed for embedded systems
*All functions return an error status - unique to mocana wrt openssx
*Easy to read code
*70kb footprint - smallest in the industry
*Support SSHv2 standard
*Low memory utilization per connected client - unique to mocana
*Zero-threaded - unique to mocana
*Synchronous API (familiar BSD-like socket API) - unique to mocana
*Asynchronous API (packet notification based TCP/IP stack) - unique to mocana
*Key generation support
*Strong cryptology
*Any platform (RTOS not a requirement)
*Support for SRP
*File system not required
*Highly optimized

SSL
*50kb footprint - smallest in the industry
*Automatic Key Generation - unique mocana feature
*Automatic ASN.1 X509 certificate generation - unique to mocana
*All functions return an error status - unique to mocana
*Easy to read code
*Support SSLv3 standard
*Low memory utilization per connected client - unique to mocana
*Zero-threaded - unique to mocana
*Synchronous API (familiar BSD-like socket API) - unique to mocana
*Asynchronous API (packet notification based TCP/IP stack) - unique to mocana
*Key generation support
*Strong cryptology
*Any platform (RTOS not a requirement)
*File system not required
*Highly optimized

Please contact me, should you want additional information.
Eric@emRep.com


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell,
    comp.unix.programmer
References: <b9eabcba.0311171557.466c161a@posting.google.com>
Message-ID: <Rgyub.6710$3E7.55264382@newssvr21.news.prodigy.com>
Date: Tue, 18 Nov 2003 23:52:17 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Forcing SSH to timout after a certain time if it isn't responding

In comp.security.ssh andy <andy@wpi.edu> wrote:
> Hi,

> I'm wiritng a Bash script where I want to check if I can SSH into a
> certain IP-address in a function. If the SSH call does nto respont for
> 2 seconds I want to kill the process, but if it responds before 2
> seconds then it
> shudnt have to wait unnecessarily for 2 seconds.

> here the code i was trying:

[snip]

Why not just specify the connection timeout?

>         `ssh -q "$1" /bin/true &> /dev/null &`

Note that -q turns off messages, but it does not prevent the client from
asking necessary interactive questions...  You'd need BatchMode for that.

ssh -o BatchMode=yes -o ConnectTimeout=2 /bin/true > /dev/null 

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

 ..............................................................................

Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell,
    comp.unix.programmer
NNTP-Posting-Host: 63.104.116.5
NNTP-Posting-Date: Wed, 19 Nov 2003 16:43:18 EST
References: <b9eabcba.0311171557.466c161a@posting.google.com>
    <Rgyub.6710$3E7.55264382@newssvr21.news.prodigy.com>
    <b9eabcba.0311191250.2caa2325@posting.google.com>
Message-ID: <WtRub.32699$wY4.31891@newssvr25.news.prodigy.com>
Date: Wed, 19 Nov 2003 21:43:18 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Forcing SSH to timout after a certain time if it isn't responding

In comp.security.ssh andy <andy@wpi.edu> wrote:
> I tried using
> ssh -o BatchMode=yes -o ConnectTimeout=2 <ip.add.re.ss> /bin/true >
> /dev/null

> But it gives me the follwing error:
> command-line: line 0: Bad configuration option: ConnectTimeout

> I looked in my ssh_config file, and also in 'man ssh_config', and i
> didnt see ConnectTimeout mentioned in either place.

> Does this mean I have an older version of ssh? Is there any otehr way
> I can ahceive that functionality?

You could fork a program that would kill the process in 2 seconds.  If
it exits, then the kill will just not work.

Something like this.  There might be some tweaking needed.

LOOP..
...
ssh -o BatchMode=yes $host /bin/true > /dev/null &
SSH_PID=$!
(sleep 2 ; kill $SSH_PID >/dev/null 2>&1)&

STATUS=wait $SSH_PID

...

The wait should block until the ssh exits, either from a normal exit or
because it's killed.

Of course you probably want to upgrade anyway.

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 63.104.116.5
NNTP-Posting-Date: Wed, 23 Jun 2004 15:47:34 EDT
References: <2ju2t4F15tji1U1@uni-berlin.de>
Message-ID: <q7lCc.3999$%o6.200@newssvr25.news.prodigy.com>
Date: Wed, 23 Jun 2004 19:47:34 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: OpenSSH: force password authentication

cat54me <cat54me@yahoo.it> wrote:
>
> Hi all,
> I set up passwordless public key authentication from a client to a
> server to run an automated backup job (rsync).
> I am running OpenSSH 3.6.1p2 on Red Hat Enterprise Linux 3.

> I set up the public key with a forced command on the server, in order to
> run validating script and only allow the backup task, otherwise it will
> close the ssh connection, and It works fine.

And unstated, I suppose you also set up a private key on the local
client in the default location for the client identity.

> But sometimes I need to connect to the server via ssh to run some
> interactive commands and would like to use password authentication for that.

> Right now that is not possible, since when I try to connect to the
> server via ssh, the ssh client will pick up the PKI authentication first
> and the forced command (validating script) on the server won't allow me
> an interactive session, it will close the ssh connection.

> Is there any way to force the ssh client to use password authentication
> first only for interactive sessions? E.g. a command line switch or
> something like that ...

Take a look at the options available in the ssh_config file.

One way is to have the restricted key not be in the default identity
file.  Make the automated process reference it explicitly.  (I do this
preferentially)


  ssh -o IdentityFile=auto_backup ... or
  ssh -i auto_backup ...

Another way is to change the attempted authentication methods.

  ssh -o PreferredAuthentications=keyboard-interactive,password ...

Or just disable public key authentication.

  ssh -o PubkeyAuthentication=no ...

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: adsl-68-79-141-72.dsl.emhril.ameritech.net
NNTP-Posting-Date: Fri, 19 Nov 2004 23:50:33 EST
References: <cnfo4q$os6$1@neuromancer.cse.psu.edu>
Message-ID: <t2And.30352$Qv5.22908@newssvr33.news.prodigy.com>
Date: Sat, 20 Nov 2004 04:50:33 GMT
From: Neil W Rickert <rickert+nn@cs.niu.edu>
Subject: Re: dtwm and ssh-keygen

Coy Hile <hile@cse.psu.edu> writes:
>
> Is there an easy way that I'm missing to make dtwm get launched from
> ssh-agent (so that the entire window manager rather than a single shell
> is the ssh-agent for things like ssh-add) so that I can type my
> passphrase once and then be able to connect to anywhere that used the
> same RSA keys without typing my passphrase.

I just use

        eval `ssh-agent -s`

toward the end of my ".dtprofile"

 //////////////////////////////////////////////////////////////////////////////
 
Newsgroups: comp.unix.solaris
NNTP-Posting-Host: kebe.east.sun.com
NNTP-Posting-Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC)
References: <qnirqrrmrrbet.i8k9s40.pminews@text.news.ntlworld.com>
    <qnirqrrmrrbet.i8o5794.pminews@text.news.ntlworld.com>
    <mxKvd.46791$Qv5.38785@newssvr33.news.prodigy.com>
    <m3zn0ga0rc.fsf@europa.pienet>
Message-ID: <cpr5v0$4t3$1@news1brm.Central.Sun.COM>
Organization: Solaris Networking & Security Engineering
Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC)
From: Dan McDonald <danmcd*Eng.Sun.COM>
Subject: Re: SSH - securing the port

In article <m3zn0ga0rc.fsf@europa.pienet>,
Greg Menke  <gregm-news@toadmail.com> wrote:
>Gary vonBergen <gvonbe@sbcglobal.net> writes:
>
>> I had the somewhat dubious honor of doing an evaluation of SSH
>> a while back for the USAF's C2IPS program.  In a test LAN I used
>> a Solaris server and a Windows box (with the companion piece F-Secure
>> on board).  I placed a second server (Solaris) on the net and used
>> the snoop utility to inspect the network traffic.  I can tell you
>> that SSH is not (I repeat for clarity NOT) secure.  It is better than
>> open telnet but it does open negotiate crypto method and passes keys
>> in the clear as part of its startup. couple this with the open

I don't see what's wrong with open negotiation of the method.  Passing keys
in the clear, however, can be a problem.

BTW, were you looking at SSHv1?  SSHv2 fixed MANY of the problems in the
protocol.

>> I would like to stress that there is nothing better than SSH that
>> I know of. Worse with the current status of the laws governing
>> cryptography nothing better can be created.  Any commercial product
>> has to have a method or key that can be furnished to the authorities
>> on demand with court order ---- but that trapdoor has to be there
>> by law.

You are incorrect.  My commercial product may have restrictions on the
_strength_ of the ciphers involved, but I have no trapdoors or secret
entrances in my particular set of security protocols (IPsec and IKE).
Sure you can access the keys if you are root on the system, but if 
you're root, all bets are off anyway.

If you don't trust the IKE protocol for key exchanges, do manual keying.
In my previous job we used to refer to "keying by Marine guard" as a
valid option.

And now on to the actual previous poster, as opposed to the one two
before...

> How does the open negiotiation of the first phases of the crypto make
> ssh insecure?  What specific attacks can take advantage of it?  And
> please define what "not secure" means.

SSH (both v1 and v2) are vulnerable to a man-in-the-middle attack if operated
in their default modes.  The first time you see a public-key fingerprint for
a remote host, you either have seen it from the server's administrator--out of
band--or are taking it on faith.  I can theoretically intercept your traffic
and rewrite it in both directions, fooling both sides at once.  Only a
trusted third party, or other out-of-band sharing can thwart this.  (There
may be other more interesting ways... but I suspect they can reduce to some
sort of trust chain or out-of-band proof).

> If ssh really is as insecure as you suggest, I'm sure the community at
> large would be very interested in fixing it.

Hence all of the stuff that got fixed in SSHv2.

> principles of the crypto in ssh (and pgp) is that the value is in the
> keys and algorithm, not the sourcecode.  The more widely the source
> and algorithms are studied, the more its claims can be proved or
> disproved.  Please be specific about how the availability of source
> decreases the effectiveness of the encryption algorithms- I'd
> appreciate citations.

I agree with you and disagree with the previous poster.  Modulo trojans
on unwary folks, available source is nothing but goodness.

> No doubt the black helicopter folks can crack modern public crypto

"Can crack" is obvious. "At what expense" is not, and I'm sure is the
subject of much speculation.

-- 
Daniel L. McDonald  -  Solaris Networking & Security Engineering
Mail: danmcd@east.sun.com        |  * MY OPINIONS ARE NOT NECESSARILY SUN'S! *
1 Network Drive  Burlington, MA  |"rising falling at force ten
http://blogs.sun.com/danmcd/     | we twist the world and ride the wind" - Rush

 //////////////////////////////////////////////////////////////////////////////

2006-12-13

Rapid7 has a free software package, SShredder, which claims to test various
SSH (Secure Shell) vulnerabilities:

    http://www.rapid7.com/securitycenter/sshredder.jsp

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: dorado.ce.chalmers.se
References: <1105524876.765566.167120@c13g2000cwb.googlegroups.com>
Message-ID: <csk65l$9k1$1@eol.dd.chalmers.se>
Organization: Chalmers University of Technology, Sweden
Date: 18 Jan 2005 23:29:57 GMT
From: Fredrik Lundholm <dol@ce.chalmers.se>
Subject: Re: SSH'ing between Sol 8 -> Sol 10 hosts

In article <1105524876.765566.167120@c13g2000cwb.googlegroups.com>,
jrt409 <jrt409@yahoo.com> wrote:
>
> Hi,
> I have two hosts - Solaris 8 host running SSH v1.2.30 trying to connect
> to a Solaris 10 (build 72) host running the stock std version of SSH.
> When i attempt to connect to the Solaris 10 host i get the following
> error even after I've unhashed the "Protocol 2,1" line in the
> /etc/ssh/sshd_config and restarted sshd.

Yes, you will also need to regenerate you host keys in a
supported format that will work with ssh1/ssh2.

I do like this (Solaris 9) in a jumpstart script:

    echo "Solaris ssh v1 +fix"
    /etc/init.d/sshd stop
    rm /etc/ssh/ssh_host_rsa_key
    ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_rsa_key -P ''
    /etc/init.d/sshd start

 //////////////////////////////////////////////////////////////////////////////

Maybe run an X session under ssh-agent in Solaris?
http://docs.sun.com/app/docs/doc/816-4557/6maosrjjq?a=view

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: phorcys.east.sun.com
NNTP-Posting-Date: Wed, 29 Jun 2005 13:07:23 +0000 (UTC)
References: <y5OdndMngIToDVzfRVnysQ@giganews.com>
Message-ID: <xoavslz1xqes.fsf@sun.com>
Organization: Sun Microsystems
Date: 29 Jun 2005 09:07:23 -0400
From: James Carlson <james.d.carlson@sun.com>
Subject: Re: forwarding ssh explaination?

"Jerry Lee" <jerry.lee@packetfront.com> writes:
>
> If someone has a time to help me, please explain to me about following 
> question.

This isn't really a Solaris question; there's probably a better group
available for it.

> ssh -r 4242:localhost:22 mhpark@213.22.123.12 password is changeme

ssh doesn't have a "-r" option, so that's probably not the command used.
The command might be "-R".

-R is documented on the ssh(1) man page.  In short, it says that port
4242 should be opened as a "listen"-type port on the remote machine,
and when any connection is attempted to that port on the remote
machine, a separate connection is made by the local machine to
localhost:22 (the sshd port), and data is tunneled by ssh between the
two.

> I don't understand what's going on with this command correctly.
> I just know that this command is used for forwarding ssh session, etc.

Right.  The remote peer would do something like this:

    ssh -p 4242 someuser@213.22.123.12 ...

The connection would then be forwarded through to localhost:22 by the
ssh session created as you original posted.

-- 
James Carlson, KISS Network                    <james.d.carlson@sun.com>
Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.aix
NNTP-Posting-Host: adsl-68-255-16-162.dsl.emhril.ameritech.net
NNTP-Posting-Date: Sat, 14 May 2005 08:29:57 EDT
References: <Jnsge.798$L15.304@newssvr31.news.prodigy.com>
    <pan.2005.05.11.19.34.19.698732@house-from-hell.demon.co.uk>
Message-ID: <9bmhe.1264$bj5.725@newssvr31.news.prodigy.com>
Date: Sat, 14 May 2005 12:29:57 GMT
From: C C <someone@sbcglobal.net>
Subject: Re: SSH in AIX 4.3+

"Ian Northeast" <ian@house-from-hell.demon.co.uk> wrote in message
news:pan.2005.05.11.19.34.19.698732@house-from-hell.demon.co.uk...
>
> On Wed, 11 May 2005 18:43:53 +0000, C  C wrote:
> >
> > How do I startup SSH in my RS6000 with AIX 4.3?
>
> If you can find an old copy of the "toolbox for Linux" CD which comes with
> AIX nowadays, one with the "RPMS/ppc-4.3.3" subdirectory, as shipped with
> the original AIX 5.1, you can install it from that. I wouldn't expose one
> that old to the Internet though. It used to be available for download but
> I think they removed all the 4.3.3 stuff.
>
> You can get a version from
> 
>     http://www.bullfreeware.com/
>
> There are more recent ones there.
>
> Or get the source from
>
>     http://www.openssh.org/portable.html
>
> and build it yourself. I recommend this if it's exposed to the Internet.
>
> Regards, Ian


Thanks.  Is this pretty easy to install?  Does it need a reboot?


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: darwin.oankali.net [216.254.67.191]
NNTP-Posting-Date: Tue, 19 Apr 2005 20:38:29 -0500
References: <d433ot$n9b$1@reader1.imaginet.fr>
Message-ID: <m2acnu1b3e.fsf@darwin.oankali.net>
Date: 19 Apr 2005 21:38:29 -0400
From: Richard E. Silverman <res@qoxp.net>
Subject: Re: ssh and .rhosts or .shosts

http://www.snailbook.com/faq/no-passphrase.auto.html
	[includes unattended operation]

http://www.snailbook.com/faq/trusted-host-howto.auto.html

-- 
  Richard Silverman
  res@qoxp.net


 //////////////////////////////////////////////////////////////////////////////

Top Ten SSH FAQs

http://sysadmin.oreilly.com/news/sshtips_0101.html

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking
NNTP-Posting-Host: list.stratagy.com
References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com>
    <edr*KSfGq@news.chiark.greenend.org.uk>
Message-ID: <rshu_20050203125101@stratagy.com>
Organization: The Late, Great Stratagy Users Group
Date: Thu, 3 Feb 2005 12:51:01 EST
From: Richard S. Shuford <shuford@list.stratagy.REM0VE-THlS-PART.com>
Subject: evaluate the best SSH client (was: Print in PuTTy)

byrapaneni(*)gmail.com wrote:
|
| I came across ( FREE licence) TeraTerm Pro Web 3.1.3 - Enhanced
| Telnet/SSH2 Client at http://www.ayera.com/teraterm/. This Telnet has
| the print functionality built in. I also found 'Absolute Telnet' on
| http://www.celestialsoftware.net/ for $19.00 a piece when you buy 10
| or more.
|
| Could someone please post their findings/facts/reviews on these.
| I was [assigned] to a new project to find / [evaluate] the best
| SSH client for our organization.


While it is good that Yutaka Hirata has lately undertaken to enhance
TeraTerm for SSH2, I've tried the January 2005 "UTF-8 TeraTerm Pro"
release and found it unstable (at least under Windows 98SE on my
home machine).  But I hope he will keep working on it.

There are many terminal-emulation programs available in the world:
some free, and numerous commercial products.  You give no clues
about what kind of organization you belong to, but many enterprises
would be better off with a commercial product where the users can
get technical support by telephone.

In contrast, a free product must give a warning, not a warranty:

    The entire risk as to the quality and performance of the
    program is with you.  Should the program prove defective,
    you assume the cost of all necessary servicing, repair, or
    correction.

Over the last two years, many vendors of terminal-emulating Telnet
clients have enhanced them to support SSH connectivity; some also
support other secure connection types, notably Kerberos and SSL.

SSH is popular because its administrative overhead is relatively
low, compared to the other secure-connection schemes, however,
this plus can quickly become a minus--there may be no quick way to
revoke a user's access if the access keys become compromised.
(Suppose the president of a business connects to all his accounts
by SSH from his laptop computer, and then the laptop gets stolen
at the airport?)

(Just to complete the picture, security can be provided at a lower
level of the networking stack using IPsec.  With IPsec ESP beneath
it, even ordinary Telnet-over-TCP becomes secure.)

Anyway, for your investigation, you should check the following web
page, where I maintain links to nearly all terminal-emulation,
Telnet, and/or SSH client programs.

   http://www.cs.utk.edu/~shuford/terminal/pc_emulation.html

This is part of my "Video Terminal Information" archive:

   http://www.cs.utk.edu/~shuford/terminal_index.html

 ...RSS

-- 
Your cow joke might be worth a Frisbee.
http://www.stonyfield.com/weblogarchives/DailyScoop/000651.html

 ..............................................................................

Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking
NNTP-Posting-Host: darwin.oankali.net [216.254.67.191]
NNTP-Posting-Date: Thu, 03 Feb 2005 15:34:46 -0600
References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com>
    <edr*KSfGq@news.chiark.greenend.org.uk> <rshu_20050203125101@stratagy.com>
Message-ID: <m2acqliaz1.fsf@darwin.local>
Date: 03 Feb 2005 16:34:42 -0500
From: Richard E. Silverman <res@qoxp.net>
Subject: Re: evaluate the best SSH client (was: Print in PuTTy)

>>>>> "RSS" == Richard S Shuford <shuford@list.stratagy.REM0VE-THlS-PART.com>
writes:

    RSS> In contrast, a free product must give a warning, not a warranty:

    RSS>     The entire risk as to the quality and performance of the
    RSS> program is with you.  Should the program prove defective, you
    RSS> assume the cost of all necessary servicing, repair, or
    RSS> correction.

Most EULA's on commercial software say essentially the same thing --
disclaiming all warranties except replacing defective media.  Support is
certainly a valuable service, but let's not pretend that commercial
software vendors provide warranties as to the correct functioning of their
software.  Overwhelmingly, they do not.

    RSS> SSH is popular because its administrative overhead is relatively
    RSS> low, compared to the other secure-connection schemes, however,
    RSS> this plus can quickly become a minus--there may be no quick way
    RSS> to revoke a user's access if the access keys become compromised.

It is not accurate to ascribe this behavior to "SSH," as if it were a
limitation of the protocol.  Rather, it is true if you use the default,
simplistic key-management/authorization mechanisms (known_hosts,
authorized_keys, etc.).  The main SSH implementations, both free and
commercial, now support Kerberos and PKI (and they interoperate to boot).

-- 
  Richard Silverman
  res@qoxp.net

 ..............................................................................

Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking
NNTP-Posting-Host: list.stratagy.com
References: <m2acqliaz1.fsf@darwin.local>
    <rshu_20050203125101@stratagy.com> <edr*KSfGq@news.chiark.greenend.org.uk>
    <1107446624.973266.56000@z14g2000cwz.googlegroups.com>
Message-ID: <rshu_20050203225102@stratagy.com>
Organization: The Late, Great Stratagy Users Group
Date: Thu, 3 Feb 2005 22:51:02 EST
From: Richard S. Shuford <shuford@list.stratagy.REM0VE-THlS-PART.com>
Subject: Re: evaluate the best SSH client (was: Print in PuTTy)

Richard E. Silverman <res(*)qoxp.net> wrote:
|
| Most EULA's on commercial software say essentially the same
| thing--disclaiming all warranties except replacing defective media.
| Support is certainly a valuable service, but let's not pretend that
| commercial software vendors provide warranties as to the correct
| functioning of their software.  Overwhelmingly, they do not.


Perhaps I let poetic metaphor obscure the point.  With a commercial
product, when something goes wrong, you can generally get somebody
on the telephone to help you.  The "something" need not be a defect
in the program: there are many possible modes of failure.  Figuring
out the source of a problem often requires technically informed
diagnostic troubleshooting, and it is unwise to expect that a naive
user can perform such troubleshooting unassisted.

Support for free software is typically obtained from volunteers, who
frequent Usenet and certain web sites in their spare time and answer
questions out of a spirit of helpfulness.  But it is very difficult
for such a volunteer to direct a troubleshooting procedure while
communicating through casual Internet means.  For some problems,
you've got to talk interactively to solve them.

(It is possible that some third-party person or company will sell
the service of providing telephone support for a free software
product, but such support is not always available.)

If an organization's users are able to get by with volunteer support,
or if the organization contains experts who can help out when one
session's output mysteriously freezes (when somebody typed Control-S
by accident!), then there is more leeway to adopt free software.


| It is not accurate to ascribe this behavior to "SSH," as if it were
| a limitation of the protocol.  Rather, it is true if you use the
| default, simplistic key-management/authorization mechanisms
| (known_hosts, authorized_keys, etc.).  The main SSH implementations,
| both free and commercial, now support Kerberos and PKI (and they
| interoperate to boot).

I'll guess that 99 and 44/100th percent of people who are connecting
via SSH are using known_hosts and authorized_keys (or equivalents).
However, if you've got a list of implementations that can use Kerberos
and PKI, please post it, and the rest of us can be better informed.

 ...RSS

-- 
Juvenile-delinquent heifers and steers commit vandalism.
http://www.stonyfield.com/weblogarchives/BovineBugle/000798.html

 ..............................................................................

Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking
NNTP-Posting-Host: darwin.oankali.net [216.254.67.191]
NNTP-Posting-Date: Fri, 04 Feb 2005 00:06:24 -0600
References: <m2acqliaz1.fsf@darwin.local>
    <rshu_20050203125101@stratagy.com> <edr*KSfGq@news.chiark.greenend.org.uk>
    <1107446624.973266.56000@z14g2000cwz.googlegroups.com>
    <rshu_20050203225102@stratagy.com>
Message-ID: <m2zmyk3lm2.fsf@darwin.local>
Date: 04 Feb 2005 01:06:13 -0500
From: Richard E. Silverman <res@qoxp.net>
Subject: Re: evaluate the best SSH client (was: Print in PuTTy)

>>>>> "RSS" == Richard S Shuford <shuford@list.stratagy.REM0VE-THlS-PART.com>
writes:

    RSS> However, if you've got a list of implementations that can use
    RSS> Kerberos and PKI, please post it, and the rest of us can be
    RSS> better informed.

OpenSSH and VShell/SecureCRT (VanDyke) support Kerberos via GSSAPI;
Tectia (ssh.com) supports both Kerberos and X.509 certificates.

-- 
  Richard Silverman <res@oreilly.com>
  co-author: SSH, The Secure Shell (The Definitive Guide)
  http://www.oreilly.com/catalog/sshtdg

 ..............................................................................

Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking
NNTP-Posting-Host: 24.193.46.55
NNTP-Posting-Date: Sat, 05 Feb 2005 08:26:55 EST
References: <m2acqliaz1.fsf@darwin.local>
    <rshu_20050203125101@stratagy.com> <edr*KSfGq@news.chiark.greenend.org.uk>
    <1107446624.973266.56000@z14g2000cwz.googlegroups.com>
    <rshu_20050203225102@stratagy.com>
Message-ID: <4204CA45.5050906@nyc.rr.com>
Date: Sat, 05 Feb 2005 13:26:55 GMT
From: Jeffrey Altman <jaltman2@nyc.rr.com>
Subject: Re: evaluate the best SSH client (was: Print in PuTTy)

Richard S. Shuford wrote:
>
> I'll guess that 99 and 44/100th percent of people who are connecting
> via SSH are using known_hosts and authorized_keys (or equivalents).
> However, if you've got a list of implementations that can use Kerberos
> and PKI, please post it, and the rest of us can be better informed.
>  ...RSS

Kermit 95 supports SRP, GSS-Kerberos 5, in addition to the traditional
shared keys and password based authentication methods.

-- 
Jeffrey Altman

 ..............................................................................

Newsgroups: comp.terminals, comp.security.ssh
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1151582345.037066.151790@m73g2000cwd.googlegroups.com>
Message-ID: <RjE*86tkr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 30 Jun 2006 11:20:35 +0100 (BST)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: Putty Authentication

[ followups set ]

Joao <dfjbosco@gmail.com> writes:
>
>    I'd like to be authenticated  in the SSH server side using Putty,
>    so, is it possible to use a X509 Certificate?


PuTTY does _not_ support X.509 authentication with SSH.

(There may be some third-party fork/patch which does so,
but I'm not aware of one.)


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 81.5.153.194
NNTP-Posting-Date: Fri, 18 Feb 2005 15:40:26 +0000 (UTC)
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
    <1119cnrs52m7ccc@corp.supernews.com>
Message-ID: <1108741221.933727.115680@f14g2000cwb.googlegroups.com>
Date: 18 Feb 2005 07:40:21 -0800
From: Moray <X0D0F120119@aol.com>
Subject: Re: Line draw in PuTTY

Thanks for the reply - and thanks for the dialog package: we use it
extensively.  Replacing man wouldn't really help me, though - I'll need
unicode characters in filenames, too.

I have found part of the problem: with TERM=xterm or TERM=putty, dialog
outputs the old-fashioned <ESC>)0^Nlqqqqqqk^O style of line drawing -
which does not work in UTF-8 mode.  Is that a limitation of those
terminals themselves, or of the terminfo files?

With TERM=linux, dialog does output the correct line drawing characters
for PuTTY's UTF-8 mode, although the colouring of the background is not
completely filled in as it is on the console.

Does anyone know a Linux TERM setting that supports Unicode and gives
good results in PuTTY?

 ..............................................................................

Newsgroups: comp.terminals
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
    <1119cnrs52m7ccc@corp.supernews.com>
    <1108741221.933727.115680@f14g2000cwb.googlegroups.com>
Message-ID: <111cir07ptli332@corp.supernews.com>
Date: Fri, 18 Feb 2005 20:09:04 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: Line draw in PuTTY

Moray <X0D0F120119@aol.com> wrote:
>
> Thanks for the reply - and thanks for the dialog package: we use it
> extensively.  Replacing man wouldn't really help me, though - I'll need
> unicode characters in filenames, too.

> I have found part of the problem: with TERM=xterm or TERM=putty, dialog
> outputs the old-fashioned <ESC>)0^Nlqqqqqqk^O style of line drawing -
> which does not work in UTF-8 mode.  Is that a limitation of those
> terminals themselves, or of the terminfo files?


Actually that's a limitation of PuTTY (which is reflected in an accurate
terminfo file for it).  I'm told that in UTF-8 mode, PuTTY does not implement
the VT100-style shift-in and shift-out controls (the ^N and ^O characters),
but does recognize the analogous \E(B and \E(0 sequences.

For some reason, PuTTY's developers choose to not document the program(*),
e.g., by constructing appropriate terminfo/termcap entries.  I did get
some information from one of the former developers, but looking now, I
see that detail was overlooked (making a note to update & test...).

> With TERM=linux, dialog does output the correct line drawing characters
> for PuTTY's UTF-8 mode, although the colouring of the background is not
> completely filled in as it is on the console.

> Does anyone know a Linux TERM setting that supports Unicode and gives
> good results in PuTTY?

perhaps (untested)

        infocmp putty >foo

        edit foo, add/replace the strings for rmacs and smacs to read
        (keep the leading tabs on the lines)

                rmacs=\E(B, smacs=\E(0,

        tic foo

(*) this is not unusual, unfortunately (but what good is a terminal emulator
    without a correct terminal description?)

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
    <1119cnrs52m7ccc@corp.supernews.com>
    <1108741221.933727.115680@f14g2000cwb.googlegroups.com>
    <111cir07ptli332@corp.supernews.com>
Message-ID: <111f3do1s75pq36@corp.supernews.com>
Date: Sat, 19 Feb 2005 19:04:24 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: Line draw in PuTTY

Thomas Dickey <dickey*saltmine.radix.net> wrote:
>
> > I have found part of the problem: with TERM=xterm or TERM=putty, dialog
> > outputs the old-fashioned <ESC>)0^Nlqqqqqqk^O style of line drawing --
> > which does not work in UTF-8 mode.  Is that a limitation of those
> > terminals themselves, or of the terminfo files?
>
> Actually that's a limitation of PuTTY (which is reflected in an accurate
> terminfo file for it).  I'm told that in UTF-8 mode, PuTTY does not implement
> the VT100-style shift-in and shift-out controls (the ^N and ^O characters),
> but does recognize the analogous \E(B and \E(0 sequences.


Hmm--what I was told was incorrect.  Reading the 5.6 source code, I see that
PuTTY completely ignores the \E(B, etc., in UTF-8 mode.  Using dialog built
with ncursesw, of course, that's not a problem.  (There's no need for me
to modify the "putty" terminfo description).

Reading down through the code, I also see a number of comments relating to
xterm--several are inaccurate, since the comments relate to features of
different versions of xterm (something like confusing xvt and Eterm).

It would be nice if PuTTY's developers would clean those up, considering
that its documentation states that it is emulating xterm.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
    <1108741221.933727.115680@f14g2000cwb.googlegroups.com>
    <111cir07ptli332@corp.supernews.com> <111f3do1s75pq36@corp.supernews.com>
Message-ID: <quz*tuEHq@news.chiark.greenend.org.uk>
Organization: Linux Unlimited
Date: 19 Feb 2005 19:32:28 +0000 (GMT)
From: Ben Harris <bjharris@chiark.greenend.org.uk>
Subject: Re: Line draw in PuTTY

In article <111f3do1s75pq36@corp.supernews.com>,
Thomas Dickey  <dickey*saltmine.radix.net> wrote:
>
> Reading down through the code, I also see a number of comments relating to
> xterm - several are inaccurate, since the comments relate to features of
> different versions of xterm (something like confusing xvt and Eterm).  It
> would be nice if PuTTY's developers would clean those up, considering that
> its documentation states that it is emulating xterm.

I agree that the comments in terminal.c are dire in places.  If you could
tell us which ones you think are inaccurate and why, that would make
correcting them a lot easier.

-- 
Ben Harris

 ..............................................................................

Newsgroups: comp.terminals
Date: Sat, 19 Feb 2005 20:03:51 -0000
Message-ID: <111f6t7m4ed2q8d@corp.supernews.com>
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
            <1108741221.933727.115680@f14g2000cwb.googlegroups.com>
            <111cir07ptli332@corp.supernews.com>
            <111f3do1s75pq36@corp.supernews.com>
            <quz*tuEHq@news.chiark.greenend.org.uk>
User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u))
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: Line draw in PuTTY

Ben Harris <bjharris@chiark.greenend.org.uk> wrote:
>
> In article <111f3do1s75pq36@corp.supernews.com>,
> Thomas Dickey  wrote:
>>
>>Reading down through the code, I also see a number of comments relating to
>>xterm - several are inaccurate, since the comments relate to features of
>>different versions of xterm (something like confusing xvt and Eterm).  It
>>would be nice if PuTTY's developers would clean those up, considering that
>>its documentation states that it is emulating xterm.

> I agree that the comments in terminal.c are dire in places.  If you could
> tell us which ones you think are inaccurate and why, that would make
> correcting them a lot easier.

offhand -
	The comment about ENQ has been obsolete for several years:

		http://invisible-island.net/xterm/xterm.log.html#xterm_90

	The documentation refers to titlebar sequences being supported
	by DECterm, but not xterm (xterm recognizes ST as well as BEL).

	The comment for CBT is misleading - a cursor control sequence which
	is standard, versus a reference to the kcbt string emitted by xterm.

	swap_screen - not exactly.  Blame the existing usage that doesn't
	allow for a stack in things like save-cursor, alternate-screen, etc.
	The comment would read better anyway by stating what the function
	does.

	xterm-style bright foreground/background (see ctlseqs.ms - that's
	borrowed from aixterm, and is not actually "bright" colors).

Also, I agree that it would be nice to know which manual is correct regarding
the introduction of ICH and ECH.  But the VT102 manual doesn't mention either.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
Organization: Linux Unlimited
Message-ID: <ADh*N6EHq@news.chiark.greenend.org.uk>
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
 <111f3do1s75pq36@corp.supernews.com> <quz*tuEHq@news.chiark.greenend.org.uk>
 <111f6t7m4ed2q8d@corp.supernews.com>
NNTP-Posting-Host: rapun.sel.cam.ac.uk
Originator: chiark.greenend.org.uk ([193.201.200.170])
Date: 19 Feb 2005 22:15:58 +0000 (GMT)
From: Ben Harris <bjharris@chiark.greenend.org.uk>
Subject: Re: Line draw in PuTTY

In article  <111f6t7m4ed2q8d@corp.supernews.com>,
Thomas Dickey <dickey*saltmine.radix.net> wrote:
>
>	The comment about ENQ has been obsolete for several years:
>		http://invisible-island.net/xterm/xterm.log.html#xterm_90

Removed.  We blame [B] (source of much useful but horrid code,
and very few accurate comments).


>	The documentation refers to titlebar sequences being supported
>	by DECterm, but not xterm (xterm recognizes ST as well as BEL).

Where?  The only mention of DECterm in doc/*.but is in the FAQ, which merely
states that DECterm's title-changing sequences are different from xterm's
(which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses
OSC 21 ; Ps ST).


>	The comment for CBT is misleading - a cursor control sequence which
>	is standard, versus a reference to the kcbt string emitted by xterm.

Fixed.  Blame [B] again.


>	swap_screen - not exactly.  Blame the existing usage that doesn't
>	allow for a stack in things like save-cursor, alternate-screen, etc.

PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities
on xterm.  Xterm is free to pass the buck if it wants.


>	xterm-style bright foreground/background (see ctlseqs.ms - that's
>	borrowed from aixterm, and is not actually "bright" colors).

Fixed.  If they're not actually bright colours, what are they?  The aixterm
documentation I've been able to find is singularly unhelpful in this area.

-- 
Ben Harris

 ..............................................................................

Newsgroups: comp.terminals
Organization: RadixNet Internet Services
Message-ID: <111fsf5p44sut8a@corp.supernews.com>
References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com>
 <111f3do1s75pq36@corp.supernews.com> <quz*tuEHq@news.chiark.greenend.org.uk>
 <111f6t7m4ed2q8d@corp.supernews.com> <ADh*N6EHq@news.chiark.greenend.org.uk>
User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u))
Date: Sun, 20 Feb 2005 02:11:49 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: Line draw in PuTTY

Ben Harris <bjharris@chiark.greenend.org.uk> wrote:
>>
>>	The documentation refers to titlebar sequences being supported
>>	by DECterm, but not xterm (xterm recognizes ST as well as BEL).

> Where?  The only mention of DECterm in doc/*.but is in the FAQ, which merely
> states that DECterm's title-changing sequences are different from xterm's
> (which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses
> OSC 21 ; Ps ST).

ok - hadn't considered that.

>>	swap_screen - not exactly.  Blame the existing usage that doesn't
>>	allow for a stack in things like save-cursor, alternate-screen, etc.

> PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities
> on xterm.  Xterm is free to pass the buck if it wants.

1047/1048 are identical to the 47 (except that they can be disabled easily).
1049's simply a nicer packaging of the two.

Either way, they're still used in the same context as 47, and subject to
the same limitations vis subprocesses reinitializing the screen.


>>	xterm-style bright foreground/background (see ctlseqs.ms - that's
>>	borrowed from aixterm, and is not actually "bright" colors).

> Fixed.  If they're not actually bright colours, what are they?  The aixterm
> documentation I've been able to find is singularly unhelpful in this area.

16 distinct colors (the values of which are of course set by resources).

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 //////////////////////////////////////////////////////////////////////////////
 
Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <klnSd.453007$8l.376746@pd7tw1no>
Message-ID: <jOv*KhZHq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 23 Feb 2005 18:12:33 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: PuTTY / xterm / line-wrapping when "maximized"

Dave Lindquist <firstname> writes:
>I've a weird but with Putty, xterm, and just about anything else I've tried
>for terminal programs.
>
>If you resize the window of the terminal manually, everything works
>perfectly -- the new size of the window (chars x chars) is communicated
>properly to the other end, and line-wrapping works perfectly.
>
>However, if you maximize the window, something different happens.  ncurses
>apps, etc all recognize the new size and use it, but the Linux (Gentoo)
>command prompt still tries to wrap at the wrong column (the original width
>before being maximized).


PuTTY (0.57) appears to be sending the appropriate window-size message
for the protocol regardless of how the window is resized.

There's a common problem where the SSH server (or whatever) only sends a
window size change notification (SIGWINCH) to the foreground process, so
if you resize while another process is running, and then exit that
process, the shell doesn't notice that the window size has changed.

Running "kill -WINCH $$" will then cause the bash shell to notice what
has happened.

I can reproduce this on Debian woody with bash as my shell and lynx in
the foreground, whether I resize by maximising or by changing the window
size, over SSH and Telnet protocols.

 ..............................................................................

Newsgroups: comp.terminals
References: <klnSd.453007$8l.376746@pd7tw1no>
    <jOv*KhZHq@news.chiark.greenend.org.uk>
Message-ID: <111pidqplklhgd7@corp.supernews.com>
Date: Wed, 23 Feb 2005 18:21:46 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: PuTTY / xterm / line-wrapping when "maximized"

Jacob Nevins <jacobn*chiark.greenend.org.uk> wrote:
>
> I can reproduce this on Debian woody with bash as my shell and lynx in
> the foreground, whether I resize by maximising or by changing the window
> size, over SSH and Telnet protocols.

But lynx doesn't resize dynamically, so (unless you're pressing ^R to update
the display), you won't be able to test that.  That's done to limit network
activity, etc.

Most text editors will resize dynamically - that's a better test.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <klnSd.453007$8l.376746@pd7tw1no>
    <jOv*KhZHq@news.chiark.greenend.org.uk> <111pidqplklhgd7@corp.supernews.com>
Message-ID: <G3F*1EZHq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 23 Feb 2005 19:51:48 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: PuTTY / xterm / line-wrapping when "maximized"

Thomas Dickey <dickey*saltmine.radix.net> writes:
>
>Jacob Nevins <jacobn*chiark.greenend.org.uk> wrote:
>>
>> I can reproduce this on Debian woody with bash as my shell and lynx in
>> the foreground, whether I resize by maximising or by changing the window
>> size, over SSH and Telnet protocols.
>
>But lynx doesn't resize dynamically, so (unless you're pressing ^R to update
>the display), you won't be able to test that.  That's done to limit network
>activity, etc.


Since I'm demonstrating a problem with the shell, what the foreground
process does should be immaterial.

But, just for you, I reproduced it with vim too.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: host70-69.pool8255.interbusiness.it [82.55.69.70]
NNTP-Posting-Date: Sun, 27 Feb 2005 14:15:23 MET
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
Message-ID: <LJjUd.970323$35.36188419@news4.tin.it>
Date: Sun, 27 Feb 2005 13:15:23 GMT
From: Pierluigi Di Lorenzo <dilox@eprometeus.com>
Subject: Re: PuTTY and GNU screen

Jacob Nevins wrote:
>
>   The reason why this only started to be a problem in 0.54 is because
>   "screen" typically uses an unusual control sequence to switch to the
>   alternate screen, and previous versions of PuTTY did not support
>   this sequence.
>
>   http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#QA.7.19

OK, I disabled alternate screen and now I got scrollback history.
When I'm attacched on screen and I exit from vi I see text inside on the
screen, I like alternate screen but I think this is a good solution,
but.. when I'm not attacched to screen I have screen *cleared* when exit
from vi (or less).. I do not like this behaviour so much..

Thanks, Pierluigi.

-- 
Pierluigi Di Lorenzo
ePrometeus s.r.l

 ..............................................................................

Newsgroups: comp.terminals
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
Message-ID: <1123l2ihbmv7h8c@corp.supernews.com>
Date: Sun, 27 Feb 2005 14:08:18 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: PuTTY and GNU screen

Pierluigi Di Lorenzo <dilox@eprometeus.com> wrote:

> ok, I disabled alternate screen and now I got scrollback history.
> When I'm attacched on screen and I exit from vi I see text inside on the
> screen, I like alternate screen but I think this is a good solution,
> but.. when I'm not attacched to screen I have screen *cleared* when exit
> from vi (or less).. I do not like this behaviour so much..
> Thanks, Pierluigi.

That could still be related to the alternate screen.  For example,
infocmp's output (looking at xterm-r6),

        rmcup=\E[2J\E[?47l\E8,
        smcup=\E7\E[?47h,

For this example, smcup saves the cursor position (assumed to be in the
normal screen) and switches to the alternate screen.

The rmcup string is emitted by vi on exit.  It clears the screen, switches
back from the alternate screen and restores the cursor position.

Simply disabling the \E[?47l and \E[?47h (switch between normal/alternate)
won't affect the clearing with \E[2J.  Modern xterm implements escape
sequences which combine all of those pieces into a single escape sequence
which can be suppressed.

Running in "screen", there are two $TERM values to take into account: the
one for screen (which as noted, does use the modern \E[?1049l), and the
external one (which could be rxvt, for instance--uses strings like xterm-r6).
rxvt doesn't implement that, BTW, though some other emulators have done so.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: 82.53.30.78
NNTP-Posting-Date: Sun, 27 Feb 2005 16:54:06 MET
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it> <1123l2ihbmv7h8c@corp.supernews.com>
Message-ID: <y2mUd.597124$b5.27288173@news3.tin.it>
Organization: TIN
Date: Sun, 27 Feb 2005 15:54:06 GMT
From: Pierluigi Di Lorenzo <dilox*NOSPAM*@eprometeus.com>
Subject: Re: PuTTY and GNU screen

Thomas Dickey wrote:
>
> That could still be related to the alternate screen.  For example,
> infocmp's output (looking at xterm-r6), ...
>
> Running in "screen", there are two $TERM values to take into account: the
> one for screen (which as noted, does use the modern \E[?1049l), and the
> external one (which could be rxvt, for instance--uses strings like xterm-r6).
> rxvt doesn't implement that, BTW, though some other emulators have done so.

Thank's a lot Thomas Dickey,

I'm sorry, but I do not understand so much.. is this a solution or an
explanation of the problem? Perhaps my english is not so good :(

My question now is:
Can I use alternate screen (I found it very usefull) and say, in some
way, to PuTTY to disable it only when it's called by screen? (so I don't
lose scrollback history)

Someone has had this problem before?

Regards, Pierluigi.

-- 
Pierluigi Di Lorenzo
ePrometeus s.r.l

 ..............................................................................

Newsgroups: comp.terminals
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
    <1123l2ihbmv7h8c@corp.supernews.com> <y2mUd.597124$b5.27288173@news3.tin.it>
Message-ID: <1124424qr0o6e19@corp.supernews.com>
Date: Sun, 27 Feb 2005 18:24:04 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: PuTTY and GNU screen

Pierluigi Di Lorenzo <dilox*NOSPAM*@eprometeus.com> wrote:
> Thank's a lot Thomas Dickey,
> I'm sorry, but I do not understand so much.. is this a solution or an
> explanation of the problem? Perhaps my english is not so good :(

Mostly an explanation.  Before running screen, what is $TERM set to?
And what does infocmp show at that point?  My guess is that it shows
strings something like I indicated.  (The "putty" terminfo entry which
I have in ncurses does this, but I thought it unlikely that you are
using that, since PuTTY defaults to setting TERM to "xterm").

If my guess is correct, you can fix that problem by changing the
terminfo entry which is set (either by modifying the terminfo entry--
a reasonably good idea if it is "putty"), or choosing one which is
closer (that's a little harder to advise).

> My question now is:
> Can I use alternate screen (I found it very usefull) and say, in some
> way, to PuTTY to disable it only when it's called by screen? (so I don't
> lose scrollback history)

I don't think so.  When screen first starts up, it uses the original $TERM's
value to initialize the display.  So it's no different from other applications
in that aspect.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: 82.55.87.133
NNTP-Posting-Date: Sun, 27 Feb 2005 21:35:04 MET
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
    <1123l2ihbmv7h8c@corp.supernews.com>
    <y2mUd.597124$b5.27288173@news3.tin.it> <1124424qr0o6e19@corp.supernews.com>
Message-ID: <Y9qUd.598160$b5.27346232@news3.tin.it>
Date: Sun, 27 Feb 2005 20:35:04 GMT
From: Pierluigi Di Lorenzo <dilox*NOSPAM*@eprometeus.com>
Subject: Re: PuTTY and GNU screen

Thomas Dickey wrote:
> Pierluigi Di Lorenzo <dilox*eprometeus.com> wrote:
>
>>Thank's a lot Thomas Dickey,
>>I'm sorry, but I do not understand so much.. is this a solution or an
>>explanation of the problem? Perhaps my english is not so good :(
>
>
> Mostly an explanation.  Before running screen, what is $TERM set to?
> And what does infocmp show at that point?  My guess is that it shows
> strings something like I indicated.  (The "putty" terminfo entry which
> I have in ncurses does this, but I thought it unlikely that you are
> using that, since PuTTY defaults to setting "xterm").


ah OK, yes you were right, before running screen $TERM is set to "xterm",

rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h.

Attached to screen $TERM is set to screen, rmcup=\E[?1049l and
smcup=\E[?1049h


> If my guess is correct, you can fix that problem by changing the
> terminfo entry which is set (either by modifying the terminfo entry -
> a reasonably good idea if it is "putty"), or choosing one which is
> closer (that's a little harder to advise).

mmm.. can you explain me better this last thing please? I have no idea
what rmcup and smcup means..

Thank's a lot, Pierluigi.

>
>
>>My question now is:
>>Can I use alternate screen (I found it very usefull) and say, in some
>>way, to PuTTY to disable it only when it's called by screen? (so I don't
>>loose scrollback history)
>
>
> I don't think so - when screen first starts up, it uses the original $TERM's
> value to initialize the display. So it's no different from other applications
> in that aspect.

-- 
Pierluigi Di Lorenzo
ePrometeus s.r.l

 ..............................................................................

Newsgroups: comp.terminals
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
    <1123l2ihbmv7h8c@corp.supernews.com>
    <y2mUd.597124$b5.27288173@news3.tin.it>
    <1124424qr0o6e19@corp.supernews.com> <Y9qUd.598160$b5.27346232@news3.tin.it>
Message-ID: <1124dpgmnu60gfe@corp.supernews.com>
Date: Sun, 27 Feb 2005 21:10:08 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: PuTTY and GNU screen

Pierluigi Di Lorenzo <dilox*eprometeus.com> wrote:
>
> ah OK, yes you was right, before running screen $TERM is set to xterm,
> rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h.
> Attached to screen $TERM is set to screen, rmcup=\E[?1049l and
> smcup=\E[?1049h

Yes.  Checking the history for ncurses' terminfo.src, I see that screen
3.9.13 added the 1049 code (and I added the corresponding change to ncurses
in late 2002).  xterm's terminfo generally has been the same as xterm-r6,
since that's been the default install for ncurses.  Most of the Linux
distributors modify that (no two alike, I think ;-).

>> If my guess is correct, you can fix that problem by changing the
>> terminfo entry which is set (either by modifying the terminfo entry -
>> a reasonably good idea if it is "putty"), or choosing one which is
>> closer (that's a little harder to advise).

>> closer (that's a little harder to advise).

> mmm.. can you explain me better this last thing please? I have no idea
> what rmcup and smcup means..

They're mentioned in the (long) terminfo manpage, and are abbreviations,
e.g., reset-mode-cursor-positioning and set-mode-cursor-positioning.

Few terminals actually require those particular strings, but by convention,
xterm's alternate-screen strings are there (because they're sent at the
right time to be useful).

The corresponding termcap names are ti and te (terminal initialize, terminal
end).  xterm has a resource "titeInhibit" which deals with this.

Anyway--you're using putty which does support the 1049 code.  I'd set putty
to make $TERM set to "putty", and then modify the putty terminfo entry to
use the 1049 codes: use infocmp to get a text of the terminfo entry, replace
the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run
tic to update it.

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: 82.57.4.29
NNTP-Posting-Date: Sun, 27 Feb 2005 23:14:23 MET
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
    <1123l2ihbmv7h8c@corp.supernews.com>
    <y2mUd.597124$b5.27288173@news3.tin.it>
    <1124424qr0o6e19@corp.supernews.com>
    <Y9qUd.598160$b5.27346232@news3.tin.it> <1124dpgmnu60gfe@corp.supernews.com>
Message-ID: <3DrUd.972836$35.36315390@news4.tin.it>
Organization: TIN
Date: Sun, 27 Feb 2005 22:14:23 GMT
From: Pierluigi Di Lorenzo <dilox*eprometeus.com>
Subject: Re: PuTTY and GNU screen

Thomas Dickey wrote:
>
> Anyway--you're using putty which does support the 1049 code.  I'd set putty
> to make $TERM set to "putty", and then modify the putty terminfo entry to
> use the 1049 codes: use infocmp to get a text of the terminfo entry, replace
> the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run
> tic to update it.
>

OK, what file I have to edit to change values on binary file
/usr/share/terminfo/p/putty?

(I hope I understand well..)
Thank's again, please be patient

-- 
Pierluigi Di Lorenzo
ePrometeus s.r.l

 ..............................................................................

Newsgroups: comp.terminals
References: <YD4Ud.594718$b5.27132246@news3.tin.it>
    <Edt*dHdIq@news.chiark.greenend.org.uk>
    <LJjUd.970323$35.36188419@news4.tin.it>
    <1123l2ihbmv7h8c@corp.supernews.com>
    <y2mUd.597124$b5.27288173@news3.tin.it>
    <1124424qr0o6e19@corp.supernews.com>
    <Y9qUd.598160$b5.27346232@news3.tin.it>
    <1124dpgmnu60gfe@corp.supernews.com> <3DrUd.972836$35.36315390@news4.tin.it>
Message-ID: <1124jfu1s5om88f@corp.supernews.com>
Date: Sun, 27 Feb 2005 22:47:26 -0000
From: Thomas Dickey <dickey*saltmine.radix.net>
Subject: Re: PuTTY and GNU screen

Pierluigi Di Lorenzo <dilox*eprometeus.com> wrote:
>
> OK, what file I have to edit to change values on binary file
> /usr/share/terminfo/p/putty?
>
> (I hope I understand well..)
> Thank's again, please be patient


"tic" and "infocmp" operate on those files.  Use infocmp to get the contents.
If I were modifing the putty (binary) file, I'd do something like

        infocmp putty > foo
        vi foo
        tic foo

For example, on this host I have terminfo entries in my user directory
(since radixnet is _not_ my home machine):

#       Reconstructed via infocmp from file:
/export/home/dickey/lib/terminfo/p/putty
putty|PuTTY terminal emulator,
        am, bw, ccc, hs, mir, msgr, xenl, xon,
        colors#8, it#8, ncv#22, pairs#64,
        acsc=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~,
        bel=^G, blink=\E[5m, bold=\E[1m, cbt=\E[Z,
        civis=\E[?25l, clear=\E[H\E[J, cnorm=\E[?25h, cr=\r,
        csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=\b,
        cud=\E[%p1%dB, cud1=\ED, cuf=\E[%p1%dC, cuf1=\E[C,
        cup=\E[%i%p1%d;%p2%dH, cuu=\E[%p1%dA, cuu1=\EM,
        dch=\E[%p1%dP, dch1=\E[P,
        dispc=%?%p1%{8}%=%t\E%%G\342\227\230\E%%@%e%p1%{10}%=%t\E%%G\342\227\231p1%{12}%=%t\E%%G\342\231\200\E%%@%e%p1%{13}%=%t\E%%G\342\231\252\E%%@%e%p1%{14}%=%t\E%%G\342\231\253\E%%@%e%p1%{15}%=%t\E%%G\342\230\274\E%%@%e%p1%{27}%=%t\E%%G\342\206\220\E%%@%e%p1%{155}%=%t\E%%G\340\202\242\E%%@%e%p1%c%;,
        dl=\E[%p1%dM, dl1=\E[M, dsl=\E]0;^G, ech=\E[%p1%dX,
        ed=\E[J, el=\E[K, el1=\E[1K, enacs=\E(B\E)0,
        flash=\E[?5h\E[?5l, fsl=^G, home=\E[H,
        hpa=\E[%i%p1%dG, ht=\t, hts=\EH, il=\E[%p1%dL,
        il1=\E[L, ind=\n, indn=\E[%p1%dS,
        initc=\E]P%p1%x%p2%{255}%*%{1000}%/%02x%p3%{255}%*%{1000}%/%02x%p4%{255}}%/%02x,
        is2=\E7\E[r\E[m\E[?7h\E[?1;4;6l\E[4l\E8\E>\E]R,
        kb2=\E[G, kbs=^?, kcan=^C, kcbt=\E[Z, kcub1=\E[D,
        kcud1=\E[B, kcuf1=\E[C, kcuu1=\E[A, kdch1=\E[3~,
        kend=\E[4~, kf1=\E[11~, kf10=\E[21~, kf11=\E[23~,
        kf12=\E[24~, kf13=\E[25~, kf14=\E[26~, kf15=\E[28~,
        kf16=\E[29~, kf17=\E[31~, kf18=\E[32~, kf19=\E[33~,
        kf2=\E[12~, kf20=\E[34~, kf3=\E[13~, kf4=\E[14~,
        kf5=\E[15~, kf6=\E[17~, kf7=\E[18~, kf8=\E[19~,
        kf9=\E[20~, khome=\E[1~, kich1=\E[2~, kmous=\E[M,
        knp=\E[6~, kpp=\E[5~, kspd=^Z, nel=\r\n, oc=\E]R,
        op=\E[39;49m, rc=\E8, rev=\E[7m, ri=\EM,
        rin=\E[%p1%dT, rmacs=^O, rmam=\E[?7l,
        rmcup=\E[2J\E[?47l, rmir=\E[4l, rmpch=\E[10m,
        rmso=\E[27m, rmul=\E[24m,
        rs2=\E<\E["p\E[50;6"p\Ec\E[?3l\E]R, s0ds=\E[10m,
        s1ds=\E[11m, s2ds=\E[12m, sc=\E7, setab=\E[4%p1%dm,
        setaf=\E[3%p1%dm,
        sgr=\E[0%?%p1%p6%|%t;1%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;m%?%p9%t^N
        sgr0=\E[m^O, smacs=^N, smam=\E[?7h, smcup=\E[?47h,
        smir=\E[4h, smpch=\E[11m, smso=\E[7m, smul=\E[4m,
        tbc=\E[3g, tsl=\E]0;, u6=\E[%i%d;%dR, u7=\E[6n,
        u8=\E[?6c, u9=\E[c, vpa=\E[%i%p1%dd,

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 198.173.15.250
NNTP-Posting-Date: Tue, 1 May 2007 19:22:44 +0000 (UTC)
Message-ID: <1178047363.809087.257420@h2g2000hsg.googlegroups.com>
Date: 1 May 2007 12:22:43 -0700
From: dcmdcm@gmail.com
Subject: PuTTY DECSED (Selective Erase) (Esc [ ? x J)


I've been using PuTTY for a while in various applications.  I really
like it, so I reached for it again for this latest application.
Unfortunately, this app requires being able to selectively erase text
on the screen ("Clear Foreground" text).  The VTxxx referes to this
capability as DECSED ("Esc [ ? x J", where x specifies the area of
erasure desired (I'm looking for x=2, the whole screen).  (There's
another similar facility called DECSEL).

I did discover that this facility is implemented in xterm, but I can't
use xterm here (sorry, it's on Windows -- not my choice).

I have a few alternatives:

1) Change the application to not use this facility.  I'd rather not,
   there's a lot of code in this app [that I "inherited"].

2) Use a different terminal emulator.  I suppose I could, but I'd
   rather do something else.  If someone has a suggestion for one,
   please let me know.  No, I don't want to pay an arm and a log for a
   commercial emulator that's otherwise not as good as PuTTY.

3) Modify PuTTY to do what I want.  This is my preferred course of
   action.  Not only will I benefit, but others will, too.  I can
   change it myself or I can ask someone else to do it.  I would
   change it myself, but I've not been in the PuTTY code and would
   take me an unknown amount of time to spin up.  If someone has a
   few pointers as to how this capability could be added -- where
   in the code to start looking -- I'd appreciate it.

Another option would be to ask someone else to do it.  Yes, I could
pay something, but not likely what the labor would be worth.

If anyone has any ideas on this, please let me know!

HELP!

Thanks!

-- 
Dave Madsen ---dcm
dcmdcm@gmail.com

 ..............................................................................

Newsgroups: comp.terminals
References: <1178047363.809087.257420@h2g2000hsg.googlegroups.com>
Message-ID: <133fb4uoea9cs25@corp.supernews.com>
Date: Tue, 01 May 2007 21:09:50 -0000
From: Thomas Dickey <dickey@saltmine.radix.net>
Subject: Re: PuTTY DECSED (Selective Erase) (Esc [ ? x J)

dcmdcm@gmail.com wrote:
>
> I've been using PuTTY for a while in various applications.  I really
> like it, so I reached for it again for this latest application.
> Unfortunately, this app requires being able to selectively erase text
> on the screen ("Clear Foreground" text).  The VTxxx referes to this
> capability as DECSED ("Esc [ ? x J", where x specifies the area of
> erasure desired (I'm looking for x=2, the whole screen).  (There's
> another similar facility called DECSEL).


This demonstrates the feature

        http://invisible-island.net/vttest/

> I did discover that this facility is implemented in xterm, but I can't
> use xterm here (sorry, it's on Windows -- not my choice).

Some people use Cygwin, which runs on windows.  (There are pros/cons to
using that, but it's certainly simpler to install it and compile a current
xterm, than to make PuTTY into a VT220-compatible terminal emulator.)

xterm supports ANSI color, VT220 emulation and UTF-8


There's an FAQ at

        http://invisible-island.net/xterm/xterm.faq.html
         ftp://invisible-island.net/xterm/

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/


 ////////////////////////////////////////////////////////////////////////////// 

Newsgroups: comp.terminals
NNTP-Posting-Host: 119.127.159.30
NNTP-Posting-Date: Tue, 17 Feb 2009 11:43:01 +0000 (UTC)
Message-ID: <ddf37c72-fb23-430b-b6e5-d64aa5c40971@a39g2000prl.googlegroups.com>
Date: Tue, 17 Feb 2009 03:43:00 -0800 (PST)
From: SwordAngel <swordangel@gmail.com>
Subject: Colours in PuTTY vs Mac OS X command-line ssh client

I have a remote Ubuntu box, the default shell of which is bash. I have
tried connecting to it using PuTTY in Windows and using the command-
line ssh client of Mac OS X Leopard.

I notice that, when I connect using the command-line ssh client of
Leopard, the "username@hostname" string at the bash prompt is
automatically green, file names and directory names would also be
coloured when I issue the "ls" command. However, the same is not true
when I connect using PuTTY. How do I make PuTTY display colours the
way the Leopard command-line ssh client would?

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <ddf37c72-fb23-430b-b6e5-d64aa5c40971@a39g2000prl.googlegroups.com>
Message-ID: <C5x*nSQzs@news.chiark.greenend.org.uk>
Organization: Tartarus.Org
Date: 17 Feb 2009 12:23:16 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: Colours in PuTTY vs Mac OS X command-line ssh client

SwordAngel  <swordangel@gmail.com> wrote:
>
> I notice that, when I connect using the command-line ssh client of
> Leopard, the "username@hostname" string at the bash prompt is
> automatically green, file names and directory names would also be
> coloured when I issue the "ls" command. However, the same is not true
> when I connect using PuTTY.


Most likely, the remote system is choosing whether or not to display
colours based on the environment variable TERM.

So, step 1: run "echo $TERM" in both environments, and see whether
the results are different.

If they are, step 2: configure PuTTY to send the same terminal type
as Leopard's client (Connection > Data > Terminal-type string) and
see if that gets you colour.

-- 
Simon Tatham         What do we want?        ROT13!
<anakin@pobox.com>   When do we want it?     ABJ!


 ////////////////////////////////////////////////////////////////////////////// 

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1110561452.739233.297810@f14g2000cwb.googlegroups.com>
Message-ID: <mXq*TNhJq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 11 Mar 2005 18:47:16 +0000 (GMT)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: PuTTY -- page-up to activate scroll back?

Neil Mansilla <neil.mansilla@gmail.com> writes:
>
> I'm a SecureCRT user, and on some of my other systems, I have PuTTY
> installed.  I was wondering if there is a way to assign the PAGE-UP
> key to activate scrollback viewing (PAGE-UP/DOWN thereafter).

No--that would seem rather intrusive--but Shift+PgUp/PgDn will do
the trick, as for some other terminals.

    http://the.earth.li/~sgtatham/putty/0.57/htmldoc/Chapter3.html#S3.1.2

(Of course, there are people who'd like Shift+PgUp to go to the server.
We should probably make this configurable.)

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1156951207.243633.225700@74g2000cwt.googlegroups.com>
    <Kdz*mdxpr@news.chiark.greenend.org.uk>
Message-ID: <Cut*PzAqr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: Tue, 12 Sep 2006 12:27:32 +0100 (BST)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: clear command of Putty!

I wrote:
>
> That page also notes that Thomas Dickey's xterm extends an existing
> escape sequence to allow the server to clear the scrollback
> (CSI 3 J).
> 
> This should be trivial to implement in PuTTY; I guess the only
> reason I haven't done it (apart from lack of time) is a slight
> unease at unilateral extensions of this kind.
>
> Does any of the readership know of any actual problems that
> implementing this might cause?


Since there were no howls of protest, this is now implemented in
the [new] PuTTY snapshots.



 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
References: <14ad014.0504190527.332fa6da@posting.google.com>
Message-ID: <116ac9hbkra6nc5@corp.supernews.com>
Date: Tue, 19 Apr 2005 16:26:25 -0000
From: Thomas Dickey <dickey@saltmine.radix.net>
Subject: Re: Putty input characters

Bjoern Wolfgardt <aalamar@gmx.de> wrote:
> Hi,

> I have a problem with Putty. I have a test tool on our host that
> displays special characters (umlaute, '' ae, '' ue...).
> They are displayed correcly. But if I press the '' key, the character
> is not displayed. The host uses my input as a control key or something
> else.

> So my question is:
> How do I get input and output to work with german keyboard (and
> umlaute)?


See PuTTY's configuration (window/translations).  Your session is
probably assuming that input is UTF-8 rather than ISO-8859-1.

(this should be in PuTTY's faq).


-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: hb-server-02.buhlmann.de [217.7.105.122]
NNTP-Posting-Date: Wed, 20 Apr 2005 07:23:28 +0000 (UTC)
References: <14ad014.0504190527.332fa6da@posting.google.com>
    <116ac9hbkra6nc5@corp.supernews.com>
Message-ID: <14ad014.0504192323.1fd18816@posting.google.com>
Date: 20 Apr 2005 00:23:27 -0700
From: Bjoern Wolfgardt <aalamar@gmx.de>
Subject: Re: Putty input characters

Thomas Dickey <dickey@saltmine.radix.net> wrote in message
news:<116ac9hbkra6nc5@corp.supernews.com>...
>
> see PuTTY's configuration (window/translations).  Your session is
> probably assuming that input is UTF-8 rather than ISO-8859-1.
>
> (this should be in PuTTY's faq).


Thank you,

It is not in the FAQ (or I didn't find it). So it is not in Putty?
It is a host configuration?

cu
Bjoern

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <14ad014.0504190527.332fa6da@posting.google.com>
    <116ac9hbkra6nc5@corp.supernews.com>
Message-ID: <837jixzqsw.fsf@chiark.greenend.org.uk>
Organization: University of Cambridge, England
Date: 20 Apr 2005 11:27:27 +0100
From: Owen Dunn <owend@chiark.greenend.org.uk>
Subject: Re: Putty input characters

Thomas Dickey <dickey@saltmine.radix.net> writes:
>
> see PuTTY's configuration (window/translations).  Your session is
> probably assuming that input is UTF-8 rather than ISO-8859-1.
>
> (this should be in PuTTY's faq).

Shockingly, we reserve our FAQ for questions which really are
frequently asked :-).

(S)

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1120695271.155912.310980@g49g2000cwa.googlegroups.com>
Message-ID: <83hdf5wbz3.fsf@chiark.greenend.org.uk>
Organization: University of Cambridge, England
Date: 08 Jul 2005 16:31:44 +0100
From: Owen Dunn <owend@chiark.greenend.org.uk>
Subject: Re: Putty UTF8

kai.hendry@gmail.com writes:
>
> Is there way of making win32 Putty's translation set to UTF-8 by
> default?
>
> >I know you can Change settings ...  but I can't be bothered.

Change the translation to UTF-8 and then save the change to the
Default Settings pseudo-session.

(S)

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 84.92.112.185
NNTP-Posting-Date: Mon, 25 Sep 2006 20:02:11 +0000 (UTC)
References: <1159197945.542259.258110@b28g2000cwb.googlegroups.com>
    <op.tgfxzaiytte90l@hyrrokkin>
Message-ID: <1159214525.805448.135470@k70g2000cwa.googlegroups.com>
Date: 25 Sep 2006 13:02:06 -0700
From: michaelrmgreen@yahoo.co.uk
Subject: Re: Saving settings in Putty

Tom Linden wrote:
>
> On Mon, 25 Sep 2006 08:25:45 -0700, <tendengarci@yahoo.com> wrote:
>
> > Everytime I open a Putty session I have to modify the foreground and
> > background settings. How can I save these settings?
> >
> > thanks
> >
> > john
> >
> Click the SAVE button staring you in the face.
>

Which of course won't get you anywhere unless you click 'default' first.



 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1117218155.383861.124560@g49g2000cwa.googlegroups.com>
Message-ID: <wGn*a5DPq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 27 May 2005 20:46:10 +0100 (BST)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: Problem displaying CJK characters in PuTTY

Ron R <r1110010*cableone.net> writes:
>
> I'm using PuTTY 0.58 to connect via SSH to a Linux RedHat (Fedora Core
> 2) host.
>
> Through this connection I run a program on the Linux host which
> displays Japanese as well as other CJK characters.  However, the CJK
> characters do not appear at all in the PuTTY terminal.  I have already
> set the Windows-Terminal panel to expect data in UTF-8 format.

There is a known issue that can cause PuTTY 0.58 on Windows to display
some characters in different scripts as blanks, described here:

    http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-font-linking.html

It's a side effect of support that was added for bidirectional text and
Arabic shaping.  Help with fixing it welcome.

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1117218155.383861.124560@g49g2000cwa.googlegroups.com>
    <wGn*a5DPq@news.chiark.greenend.org.uk>
    <1117233174.938249.270470@g43g2000cwa.googlegroups.com>
Message-ID: <n6q*okFPq@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 28 May 2005 02:32:41 +0100 (BST)
From: Jacob Nevins <jacobn*chiark.greenend.org.uk>
Subject: Re: Problem displaying CJK characters in PuTTY

Ron R <r1110010*cableone.net> writes:
>
>Thanks very much for the quick response!  I guess this means I would
>have to roll back to 0.56 or 0.57.  I understand, however, that a
>security hole was fixed in 0.58 :-(


No, there's no major security bugfixes in 0.58 over 0.57. 0.57, however,
does contain security-related fixes over 0.56.


 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Newsgroups: comp.terminals
NNTP-Posting-Host: 0x50c73e98.adsl-fixed.tele.dk [80.199.62.152]
NNTP-Posting-Date: Sat, 12 Nov 2005 23:33:08 +0000 (UTC)
Message-ID: <1131838383.242575.53900@g44g2000cwa.googlegroups.com>
Date: 12 Nov 2005 15:33:03 -0800
From: "lh@eucsyd.dk" <lh@eucsyd.dk>
Subject: PUTTY - send line ends with line feeds

when I push the return key I get two CRLF

In Windows Hyperterm I can get the same 'fault' by choosing -
Properties-Settings-ASCII setup-Send line ends with line feeds.

But I can't find where to remove that function with PUTTY

LH

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1131838383.242575.53900@g44g2000cwa.googlegroups.com>
Message-ID: <GEe*sUC3q@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 13 Nov 2005 12:15:04 +0000 (GMT)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: PUTTY - send line ends with line feeds

lh@eucsyd.dk <lh@eucsyd.dk> writes:
>
>when I push the return key I get two CRLF
>
>In Windows Hyperterm I can get the same 'fault' by choosing -
>Properties-Settings-ASCII setup-Send line ends with line feeds.
>
>But I can't find where to remove that function with PUTTY

If you're using Telnet, this setting may be relevant:

http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-telnetnl

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <dl00am$ou1$1@reader2.panix.com>
Message-ID: <obg*PUC3q@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 13 Nov 2005 12:16:38 +0000 (GMT)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: PuTTY: How to get title bar string programmatically?

kj <socyl@987jk.com.invalid> writes:
>
>Is there any way that a Unix shell script (zsh, to be precise)
>running within a PuTTY terminal could determine the string currently
>displayed on the window's title bar?

PuTTY can support an escape sequence to do this. However, it's turned
off by default for security reasons.

http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-features-qtitle

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals, comp.security.ssh
Followup-To: comp.security.ssh
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1133352801.468997.81550@z14g2000cwz.googlegroups.com>
Message-ID: <bNf*t224q@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 30 Nov 2005 14:25:17 +0000 (GMT)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: puttygen.exe: command line parameters/options

This is *not* a question about terminals. Followups set. (comp.security.ssh)

  (I assume you posted to comp.terminals because of this section of the
  PuTTY web site:
  http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html#feedback-other-fora
  Could that have been written in such a way as to make it clearer which forum
  is appropriate for which questions?)


gsh <gundolf.schellhase@siemens.com> writes:
>
> What are the command line parameters/options for the puttygen.exe under
> Windows?
>
> How can I perhaps automatically load or save a key (e. g. by calling
> puttygen.exe in a DOS batch file)?


Windows PuTTYgen has very little command-line functionality.

About the only thing you can do is specify a key filename on the command
line, for it to load in initially.  The reasons for this are outlined at

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/puttygen-batch.html


 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: dsl017-112-205.lax1.dsl.speakeasy.net [69.17.112.205]
NNTP-Posting-Date: Mon, 23 May 2005 10:58:08 -0500
References: <d6sn6l$krb$1@reader1.imaginet.fr>
Message-ID: <0OKdnVIV4ZkMYAzfRVn-pg@speakeasy.net>
Date: Mon, 23 May 2005 08:58:08 -0700
From: Robert Lawhead <news0000.5.unixguru@spamgourmet.com>
Subject: Re: Logon script with SSH

ns wrote:
> Hi all,
> 
> I am using this two files to run script when users Telnet the server
> (sol8-sparc) :
> 
> /etc/profile
> /etc/.login
> 
> Now, i installed OpenSSH 4.
> How can i use the same file for ssh connections ?
> 
> If it's not possible, what's file i need to use
> to run script at logon with ssh ?
> 
> Thank You very much
> 
> Best Regards
> NS

You can probaly get the behavior you want by modifying your sshd_config
to allow "permituserenvironment" (and forcing sshd to reread the file)
and creating an appropriate ~/.ssh/environment file.  It should probably
define "ENV" and "PATH".  Note that it is your shell that is responsible
for this behavior, not ssh itself.

- Bob

 //////////////////////////////////////////////////////////////////////////////
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Newsgroups: comp.unix.solaris
References: <UNTqd.385598$%k.196048@pd7tw2no>
Message-ID: <337rd.391892$nl.2385@pd7tw3no>
Date: Tue, 30 Nov 2004 23:07:43 GMT
From: shea martin <smartin@arcis.com>
Subject: Re: ssh dsa passphrase

shea martin wrote:
> I am trying to get passwordless ssh working.  I have done it before and 
> it seemed really simple, but it doesn't seem to be working for me now.
> 
> ssh-keygen -t dsa
> scp ~/.ssh/id_dsa wendy:.ssh/
> cat ~/.ssh/id_dsa.pub | ssh wendy 'cat - >>
>      ~/.ssh/authorized_keys'
> 
> Now when I ssh to wendy, I should be asked for my passphrase, but I am 
> not, I am just asked for my password.  Wendy is behind a firewall and 
> has port 22 forwarded. The hostname wendy is an entry in my hosts file. 
>
>  I have same user name on wendy and localhost.
> 
> The sshd_config on wendy has the following relevant entries:
> HostKey /usr/local/etc/ssh_host_dsa_key
> DSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile      .ssh/authorized_keys
> HostbasedAuthentication yes
> 
> 
> Any I ideas why this isn't working?  My ssh client is the default one 
> with solaris 10, and the server is running on 8 with opensshd from 
> sunfreeware.
> 
> Thanks,
> 
> ~S

problem was home dir was chmod 775, not chmod 755.

~S

 ..............................................................................

Newsgroups: comp.unix.solaris
References: <UNTqd.385598$%k.196048@pd7tw2no>
Message-ID: <9H_qd.5829$6o5.114@trnddc08>
Date: Tue, 30 Nov 2004 13:36:05 GMT
From: Richard Smith <richard.c.smith@verizon.net>
Subject: Re: ssh dsa passphrase


"shea martin" <smartin@arcis.com> wrote in message
news:UNTqd.385598$%k.196048@pd7tw2no...
> I am trying to get passwordless ssh working.  I have done it before and
> it seemed really simple, but it doesn't seem to be working for me now.
>
> ssh-keygen -t dsa
> scp ~/.ssh/id_dsa wendy:.ssh/


You don't want to copy your private key to "wendy", only the public key...


> cat ~/.ssh/id_dsa.pub | ssh wendy 'cat - >>
>       ~/.ssh/authorized_keys'
>
> Now when I ssh to wendy, I should be asked for my passphrase, but I am
> not, I am just asked for my password.  Wendy is behind a firewall and
> has port 22 forwarded. The hostname wendy is an entry in my hosts file.
>   I have same user name on wendy and localhost.
>
> The sshd_config on wendy has the following relevant entries:
> HostKey /usr/local/etc/ssh_host_dsa_key
> DSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile      .ssh/authorized_keys
> HostbasedAuthentication yes
>
>
> Any I ideas why this isn't working?  My ssh client is the default one
> with solaris 10, and the server is running on 8 with opensshd from
> sunfreeware.
>
> Thanks,
>
> ~S

 ..............................................................................

From fbianchi@arte.unipi.it Thu Jul 15 07:03:45 2004
Message-ID: <0407151241290.5433@www.arte.unipi.it>
Date: Thu, 15 Jul 2004 13:10:59 +0200 (CEST)
To: Richard Shuford
From: Federico Bianchi <fbianchi@arte.unipi.it>
Subject: terminal clients for J2ME-enabled cell phones


FYI, I have tried a couple free (GPL) TELNET and SSH clients for
J2ME-enabled cell phones. The display are _REALLY_ small (my own Siemens
C60 is 101x80 pixels) and using those keyboards is going to make anyone
nervous, but nevertheless I have been positively impressed by the overall
quality of the programs themselves. And at least for emergency management
they still make a viable alternative...

Best regards
	 		Federico Bianchi
			Dipartimento di Storia delle Arti
			Universita` degli Studi di Pisa
			p.zza S.Matteo in Soarta, 2 - 56127 Pisa (Italy)
			tel. +39-050-587111 (cent.), +39-050-587224 (uff.)
			fax. +39-050-580128; e-mail: <f.bianchi@arte.unipi.it>
			===================================================
			!DISCLAIMER!: my e-mail reflects _my_own_ opinions!
			===================================================

 ..............................................................................


References: <0407151241290.5433@www.arte.unipi.it>
            <Pine.GSO.4.58.0407151319420.10814@cetus10.cs.utk.edu>
Message-ID: <3121.131.114.56.117.1089914692.squirrel@www.arte.unipi.it>
Date: Thu, 15 Jul 2004 20:04:52 +0200 (CEST)
To: Richard S. Shuford
From: Federico Bianchi <fbianchi@server.humnet.unipi.it>
Subject: Re: terminal clients for J2ME-enabled cell phones

For example, a very cute TELNET/SSH midlet may be found at

    http://phoenix.inf.upol.cz/~polakr/

(This is the one I am actually planning to use myself, if only because
it is working well on my own cell phone.)

Another nice app which may be of interest is the wapsh/htsh which you can
see at

    http://www.exolution.de/geschaeft/produkte/wapsh.en.htm

Best regards again. I actually should thank you for your site!

> Sir Federico:
>
> Thank you for informing me about this technology.
>
> Is there a web URL I can include among my links?
>
> --
>  ...Richard S. Shuford  | "If a man loudly blesses his neighbor--early
>  ...shuford%cs.utk.edu  |  in the morning--it will be taken as a curse."
>  ...................... |  Proverbs 27:14
>
>>FYI, I have tried a couple free (GPL) TELNET and SSH clients for
>>J2ME-enabled cell phones. The display are _REALLY_ small (my own Siemens
>>C60 is 101x80 pixels) and using those keyboards is going to make anyone
>>nervous, but nevertheless I have been positively impressed by the overall
>>quality of the programs themselves. And at least for emergency management
>>they still make a viable alternative...
>>
>>Best regards

 ..............................................................................

Newsgroups: comp.unix.solaris
References: <F89xc.18956$sS2.635793@news20.bellglobal.com>
Message-ID: <barmar-A1572A.22280707062004@comcast.dca.giganews.com>
Organization: Looking for work
Date: Mon, 07 Jun 2004 22:28:07 -0400
From: Barry Margolin <barmar@alum.mit.edu>
Subject: Re: SSH question

In article <F89xc.18956$sS2.635793@news20.bellglobal.com>,
 "gusmeister" <gusmeister_NOSPAM_@sympatico.ca> wrote:

> When a user copies files (using scp) from his home directory on one server
> to his home directory on another server, the permissions of the newly
> created files do not correspond to the umask on either the source server or
> the destination server.
> 
> Where does scp (or ssh) get the permission mask from?

The shell on the remote system is not a login shell, so it doesn't run 
the user's .profile, so no user-specific umask is set.  So the 
system-wide default will be used.

You should probably use the -p option, which causes scp to copy the 
permissions from the original file.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: bonnieblue.clemson.edu
NNTP-Posting-Date: Fri, 17 Jun 2005 20:42:36 +0000 (UTC)
References: <3heeo0FgmuvfU1@individual.net> <d8udjl$5ek$1@news.mie>
    <3hgkftFgtib6U1@individual.net> <m3ll5892cp.fsf@athena.pienet>
    <3hgqc0Fh26phU1@individual.net>
Message-ID: <d8vcjs$3j9$1@hubcap.clemson.edu>
Organization: Clemson University
Date: Fri, 17 Jun 2005 20:42:36 +0000 (UTC)
From: hubcap <hubcap@clemson.edu>
Subject: Re: ssh disconnecting

>> This is often a sign of a mis-configured NAT...

>so any hints what could be wrong...

Last week, a fellow sysadmin was complaining that her SSH sessions kept
being dropped from the Solaris 10 box she is configuring.

Later, when walking by the console, she saw the message which indicates
that someone else on our LAN was using the same IP address...

-Mike

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: 66.159.78.167
NNTP-Posting-Date: Fri, 17 Jun 2005 17:26:32 EDT
References: <3heeo0FgmuvfU1@individual.net> <d8udjl$5ek$1@news.mie>
    <3hgkftFgtib6U1@individual.net> <m3ll5892cp.fsf@athena.pienet>
    <3hgq67Fh072uU1@individual.net>
Message-ID: <m3fyvg8yk8.fsf@athena.pienet>
Date: 17 Jun 2005 17:26:31 -0400
From: Greg Menke <gregm-xyzpdq@toadmail.com>
Subject: Re: ssh disconnecting
Michael Laajanen <michael_laajanen@yahoo.com> writes:

> HI,
> 
> Greg Menke wrote:
>
> > Michael Laajanen <michael_laajanen@yahoo.com> writes:
>
> > HI,
> > 
> > > Ever since my ISP upgraded our DSL modem at home, all SSH sessions die
> > > after about 5 minutes of being idle.  I have to run "top" or anything
> > > that sends text at short intervals to keep the connection open.
> > > The DSL modem works as a NAT router/firewall and is braindead about
> > > "keep alives"
> > 
> > That problem I don't have.
> > 
> > But I wounder how robust SSH is actually, is IP-SEC a better way for
> > daily work perhaps?
>
> >
> > This is often a sign of a mis-configured NAT, so affects TCP in general
> > not just SSH.  SSH is as robust as TCP as far as comms are concerned,
> > its crypto characteristics are certainly well suited for ad-hoc
> > networking or in those cases where you don't have influence over network
> > infrastructure.
> > Gregm
>
> If I put a huge file ~1-200MB on a http server on the same server as
> sshd resides I can download the file, but I have problems during sftp,
> however I have a "feeling" that scp works better!

I prefer scp myself, but its fundamentally the same stuff going on
regardless.  That said, I have seen problems with socket close semantics
between Solaris and other operating systems, Solaris waiting for the
connection close after the other end is long gone.  I've not worked
through the rfc's but I get the impression Solaris is trying to do the
right thing and other ip stacks don't do it properly in some cases.
vxWorks being the most notable offender- no suprise there.


> Anyclue what could be missconfigured?

I've also run into the connection drop issue using Samba, and solved it
similarly- in this case a bash script that ran find on the top level
directories then slept for a minute or two w/ repeat.  Adding
SO_KEEPALIVE to the Samba connections also helped solve the same problem
in other circumstances.

In regard to the NAT case, it was due to IP masquerading records on a
Linux box that were expiring and causing the connection to drop.
ipfilter uses much longer default timeouts.

I'm sort of wondering if there is a router involved which isn't
forwarding entirely properly.


> Also, since I am a HW ENG I often use X for displaying waveforms from
> my company's central Sparc cluster when visiting customers, and that
> takes alot of bandwidth thus very quickly (10-30 seconds) hangs the SSH
> link, any comments and does any of you use it for Mozilla, for instance,
> which also uses a lot of bandwidth.

Could there be some packet loss going on during your traffic spikes
thats causing the TCP connections trouble?

Gregm


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 84.92.112.185
NNTP-Posting-Date: Mon, 25 Sep 2006 20:04:23 +0000 (UTC)
References: <1158867800.275830.96510@m7g2000cwm.googlegroups.com>
Message-ID: <1159214658.067508.53750@b28g2000cwb.googlegroups.com>
Date: 25 Sep 2006 13:04:18 -0700
From: michaelrmgreen@yahoo.co.uk
Subject: Re: More Puttytel strife. Keyboard mapping this time

michaelrmgreen@yahoo.co.uk wrote:
>
> In my business we are in transition between serial terminals and PCs..
> In order to ease the transition we are using the Puttytel telnet client
> on the PCs. The server is running FreeBSD 4.11 and Samba 2.?, the PCs
> are running Win2kSP4. The program we are using is MS FoxPro Unix (which
> is compiled for SCO products and indeed it ran well on SCO Xenix!).
>
> The problem we are having is that, while the PC keyboard keys all work
> normally at the shell prompt, in the FoxPro application, some keys act
> abnormally.  The numeric keypad acts as though two key were pressed,
> additionally each sequence appears to be preceeded by a 'clear to
> begininng of line' command. The output is as per Table 1 below.
>
> Can anyone offer ANY advice? TIA.
>
> Table 1.
> The 0 might be nought or zero. I can't tell.
>
> Keypress      Key sequence sent
> [Num Lock]    0P
> 0             0p
> /             0Q
> [Del]         0n
> [Enter]       0M
> [+]           0l
> [-]           0S
> 1             0q
> 2             0r
> 3             0s
> 4             0t
> 5             0u
> 6             0v
> 7             0w
> 8             0x
> 9             0y


And the answer is:

 * disable keypad application mode in ' Session - Function '


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: polly.par.univie.ac.at
Message-ID: <42d4d0b9$0$11094$3b214f66@usenet.univie.ac.at>
Date: 13 Jul 2005 08:28:44 GMT
From: Martin Paul <map@par.univie.ac.at>
Subject: ssh-throttle

I got tired of all the script-kiddies with their hundreds of ssh
accesses, filling the log file when trying out invalid logins
and guessing the root password. I can't restrict ssh access
to a list of known hosts, as my users login from various systems
at home, on conferences etc.

So I came up with a simple way to lock out hosts after a certain
number of ssh accesses in a given time (3 in one minute works for me).

You'll need an ssh daemon that's linked against tcp-wrappers (default
with Sun's SSH, optional with OpenSSH). In /etc/hosts.deny you need:

 # ssh-throttle  sshd: ALL: spawn (/usr/sbin/ssh-throttle %a): ALLOW

Like this, on any ssh connection the script ssh-throttle will be called,
supplied with the IP address of the source host, and the connectionwill be allowed. ssh-throttle keeps track of the connections, and
adds a DENY rule right after "# ssh-throttle" to /etc/hosts.deny.

You can add default ALLOW rules for friendly hosts or networks above
the "# ssh-throttle", so those connections will never be throttled.

Here's the ssh-throttle script:

  #!/bin/sh

  clog="/var/run/ssh-throttle"
  clogt="/tmp/ssh-throttle.$$"  deny="/etc/hosts.deny"
  tdeny="/tmp/hosts.deny.$$"
  limit=3

  hh=`/usr/bin/date +%H`
  mm=`/usr/bin/date +%M`
  ip=$1

  # Log connection
  echo "$hh $mm $ip" >> $clog

  # See if there were more than $limit connections from $ip in one minute
  count=`grep "$hh $mm $ip" $clog | wc -l`
  if test $count -gt $limit  then
    # Check if the IP address is already listed in hosts.deny
    #
    exist=`grep "$ip" $deny`    if test "$exist" = ""
    then
      # Log a warning, and add an entry to hosts.deny
      #
      logger -p auth.warn -t ssh-throttle "Denying $ip ($hh:$mm)"
      cat $deny | sed "/# ssh-throttle/a\\
sshd: $ip: DENY
" > $tdeny
      mv $tdeny $deny
    fi
  fi

  # Only keep current entries in the connection log
  grep "$hh $mm " $clog > $clogt
  mv $clogt $clog

Maybe it's of use for someone else, too. The basic concept isn't
restricted to ssh, it could easily be extended to protect other
services, too.

mp. 
-- 
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: 193.95.146.5
NNTP-Posting-Date: Wed, 17 Aug 2005 15:49:30 +0000 (UTC)
References: <1124291527.955814.311540@g14g2000cwa.googlegroups.com>
Message-ID: <1124293765.037412.312790@f14g2000cwb.googlegroups.com>
Date: 17 Aug 2005 08:49:25 -0700
From: Ciccio <lserena@gmail.com>
Subject: Re: SunSSH erratic behaviour after applying SST (Jass) 4.2 to a
    Solaris 10 x86 box.

Answer:

Basically, SST puts in place its own /etc/hosts.allow and
/etc/hosts.deny . In /etc/hosts.allow I modified the sshd entry from
sshd:           LOCAL
to
sshd:           ALL
and it all worked as expected.

Happy days!

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: libra.cus.cam.ac.uk
References: <dvs1cb$4cu$1@gemini.csx.cam.ac.uk>
    <1225agpmhfr01a0@corp.supernews.com>
Message-ID: <e0ec0r$hs5$1@gemini.csx.cam.ac.uk>
Organization: University of Cambridge, England
Date: 29 Mar 2006 16:18:35 GMT
From: Chris Thompson <cet1@cus.cam.ac.uk>
Subject: Re: New ssh/sshd patches for Solaris 9

In article <1225agpmhfr01a0@corp.supernews.com>,
Richard L. Hamilton <Richard.L.Hamilton@mindwarp.smart.net> wrote:
>
>In article <dvs1cb$4cu$1@gemini.csx.cam.ac.uk>,
>       cet1@cus.cam.ac.uk (Chris Thompson) writes:
>>
>> I have just tried applying the following clutch of new Solaris 9 patches
>>
>>    112908-24  krb5, gss Patch
>>    113273-11  /usr/lib/ssh/sshd Patch
>>    114356-07  /usr/bin/ssh Patch
>>    117177-02  lib/gss module Patch
>>
>> on a couple of workstations. They can still ssh to each other, but while
>> doing so generate messages like
>>
>> ssh[4690]: Kerberos mechanism library initialization error: No profile file open.
>> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
>> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
>>
>> (and similar messages from sshd on the ssh'd-to workstation once it
>> has been rebooted and the new sshd is running). These hosts don't have
>> any Kerberos setup at all.
>>
>> Anyone else seen this? or know how to fix it?
>
>
>Just tried ssh'ing to myself after having put those on a day or so ago;
>saw the same messages too.  No idea what it means (yet).  Commenting
>out the kerberos_v5 line in /etc/gss/mech leads to a different error
>message.
>
>The code on opensolaris.org may be sufficient to get a better idea what
>it means, however I'm not awake enough right now (or interested enough,
>insofar as it's mostly a nuisance more than a critical problem) to attempt
>that myself just now; which is to say that I didn't stumble into just what
>it means at the first couple of places I looked, and it's involved enough
>to find it that I'm not going to postpone much needed beauty sleep further,
>lest I frighten every living creature nearby, get charged with vandalizing
>traffic cameras, etc.


OK--an update including a circumvention which may even be the right fix.
Thanks to my colleagues locally for assistance, especially Steve Ison.

It seems that the problem arises if you started from a sufficiently
ancient Solaris 9 MU, and have been maintaining via patches since
then. The fix is to modify /etc/krb5/krb5.conf as follows:

  1. comment out ___slave_kcds___ in the [realms] section
  2. comment out ___domain_mapping___ in the [domain_realm] section
  3. add "___domainname___ = ___default_realm___" in the latter
     (actually, this third seems not to be neccesary)

Similar problems have arisen before in a different context, see:

    http://unix.derkeiler.com/Newsgroups/comp.unix.solaris/2004-06/0632.html

The patches ought to fix /etc/krb5/krb5.conf themselves (or have
a prereq patch that does) of course.

-- 
Chris Thompson
University of Cambridge Computing Service
Email: cet1 [at] cam.ac.uk

 ..............................................................................

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: deimos.its.unb.ca
NNTP-Posting-Date: Thu, 30 Mar 2006 20:05:14 +0000 (UTC)
References: <dvs1cb$4cu$1@gemini.csx.cam.ac.uk>
    <1143726149.696007.89350@v46g2000cwv.googlegroups.com>
    <1143742987.223859.226630@g10g2000cwb.googlegroups.com>
Message-ID: <1143749109.377647.26810@i39g2000cwa.googlegroups.com>
Date: 30 Mar 2006 12:05:09 -0800
From: Rob <rdm@unb.ca>
Subject: Re: New ssh/sshd patches for Solaris 9

Try adding

GSSAPIAuthentication=no
GSSAPIKeyExchange=no

if you are not using the GSSAPI features
to /etc/ssh/ssh_config
and
   /etc/ssh/sshd_config

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: redwood.taos.com [63.204.7.5]
NNTP-Posting-Date: Wed, 29 Mar 2006 21:18:41 EST
References: <1143527027.831199.179900@i39g2000cwa.googlegroups.com>
    <1143530900.462561.242580@t31g2000cwb.googlegroups.com>
Message-ID: <5eHWf.10303$tN3.8154@newssvr27.news.prodigy.net>
Date: Thu, 30 Mar 2006 02:18:41 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: ssh known_hosts

Tim Bradshaw <tfb+google@tfeb.org> wrote:
>
> The solution to this is either to use an address which does not change
> during a cluster failover, or to make the host keys of the machines the
> same.  The host keys live in /etc/ssh, and I think it's probably safe
> to just make these directories the same on each machine - you'll need
> to restart sshd on the machine you copied to though.


Or add the shared name to each key explicitly.  Then you can use either
the shared or private name, and each host can have separate keys.

    http://groups.google.com/group/comp.security.ssh/browse_frm/thread/9fbaf299c0478a4/4faeb295c9e0bfd2
    http://groups.google.com/group/comp.security.unix/browse_frm/thread/1614b3e46eba10a3/7dcce3ccc5b46c02

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

 //////////////////////////////////////////////////////////////////////////////

Message-Id: <110957694-2071882310@hermes.sun.com>
Date: 12 Jun 2006 10:12:05 -0800
From: "Sun Microsystems - Sun Alert Team" <sunmail@hermes.sun.com>
Subject: Sun[sm] Alert Weekly Summary Report

SUN(SM) ALERT WEEKLY SUMMARY REPORT
Week of 04-Jun-2006 - 10-Jun-2006

Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter
that provides you with a weekly listing of newly released and
updated Sun Alert Notifications.  It is being distributed
to inform you about critical hardware and software issues that
could impact the availability, security, and data integrity of
your computing environment.

-------------------------------------------------------------------
Sun Alert ID:  102451
Synopsis:      Solaris 9 SSH "Resync" Patches May Cause ssh(1) or
               sshd(1M) to Fail
Product:       Solaris 9 Operating System
Category:      Availability
Date Released: 07-Jun-2006

To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102451-1

-------------------------------------------------------------------

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
References: <pa-dnXVc-bTraDzZnZ2dnUVZ_o-dnZ2d@comcast.com>
Message-ID: <4gejefF1mueflU5@individual.net>
Organization: n. See disorganized.
Date: Wed, 28 Jun 2006 06:46:55 +0100
From: Chris Ridd <chrisridd@mac.com>
Subject: Re: SSH on Solaris 10 w/public keys and pam_ldap

On 2006-06-28 04:20:16 +0100, "Raymond Scott"
<raymond@nospam-rlscott.com> said:

> Is it possible to use public/private keys to logon to Solaris 10 when the
> destination is configured to use LDAP as a naming service?
>
> I can get it to work if the account is listed in /etc/passwd
> But, if the account is in LDAP, then SSH prompts for a password;
> the pub/priv key stuff is bypassed.
>
> Pub/Priv keys work fine on Solaris 9 when using LDAP. Something
> changed in Solaris 10 to cause it to stop working.
>
> Anyone know a way to get it to work?


I've got it working, with quite a bit of help from some folks here.
Google this group for "pam query ldap" - there's some links to
recommended pam.conf files which should help.

I'd recommend setting up a zone so you can play around^W^Wtest this
stuff properly. It'll save a few blushes and reboots ;-)

Cheers,
-- 
Chris

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 203-217-17-96.perm.iinet.net.au
References: <pan.2005.07.26.13.28.27.321726@thomas-guettler.de>
Message-ID: <42e640be$0$5406$5a62ac22@per-qv1-newsreader-01.iinet.net.au>
Date: 26 Jul 2005 13:55:10 GMT
From: Darren Tucker <dtucker@gate.dodgy.net.au>
Subject: Re: Display username and host when prompting for password

On 2005-07-26, Thomas Guettler <guettli@thomas-guettler.de> wrote:
>
> Older versions did display username and hostname when
> ssh asks for a password.
>
> Is there a way to get this again?
>
> Version: OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004


I assume you're using PAM?  The usual reason for this is that you're
using keyboard-interactive authentication for PAM and the "Password: "
prompt is directly from PAM.  If so, there are two possible options:

a) Configure PAM to provide the host's name in its password prompt
somehow.

b) Use password authentication instead of keyboard-interactive either
by removing keyboard-interactive from PreferredAuthentications on the
client or by disabling ChallengeResponseAuthentication on the server.

(on OpenSSH 3.7x and 3.8x this would have authenticated without using PAM,
however on 3.9 and up, and 3.6x and below it will use PAM).


-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgment comes with experience. Unfortunately, the experience usually
comes from bad judgment.

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, comp.os.linux.security
NNTP-Posting-Host: spc1-bexl3-5-0-cust11.asfd.broadband.ntl.com
NNTP-Posting-Date: Mon, 11 Jul 2005 22:48:09 BST
References: <42cd272b$0$10808$9b4e6d93@newsread4.arcor-online.net>
Message-ID: <tOBAe.30075$y86.5796@newsfe1-win.ntli.net>
Organization: ntl Cablemodem News Service
Date: Mon, 11 Jul 2005 21:48:09 GMT
From: Chris Lowth <my.address.is@chris.at.lowth.dot.com>
Subject: Re: Question concerning remote port-forwarding with SSH

Peter Meister wrote:
>
> I have difficulties to find out when I should use SSH remote port-forwarding
> e.g.,
>
> ssh sshserver -R 7777:localhost:110
>
> Notice the -R and instead of -L
>
> This would cause a data traffic (with the syntax: in-port:machine:out-port):
>
> MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):*
-> 110:MailServer(on localhost)
>
> Are the following statement correct:
>
> - Use remote port-forwarding (-R) when the connection between SSH-Server
>   and ApplicationServer (e.g.MailServer) should be encrypted
> - Use "normal" port-forwarding (-L) when the connection between ApplicationClient
>   (e.g.MailClient) and SSH-Server should be crypted
> - Use remote port-forwarding (-R) when the SSHClient is on the machine
>   where the ApplicationServer (e.g.MailServer) is located
> - Use "normal" port-forwarding (-L) when the SSHClient is on the machine
>   where the ApplicationClient (e.g. MailClient) is located
>
> Peter


None of the above.

SSH encrypts every time--whether -L or -R or neither are used.

The "-L" is not mnemonic for "normal" but for "local".


If I log in to CLIENT host and then run ...

        ssh -L 7777:localhost:110 SERVER

Then SSH creates a new port nunber 7777 on the CLIENT.

If I connect to localhost:7777 from the client, then I
am actually talking to SERVER:110.

But if I had run

        ssh -R 7777:localhost:110 SERVER

Then SSH creates the new port number 7777 on the SERVER
(not the client). Now if I log into the SERVER and connect
to its port 7777, I wind up talking to port 110 on the CLIENT.

So.. -L creates a local port that allows me to access a remote
        service.

     -R makes a local service available to the remote machine
        on a port that "looks" local to the remote system.

Confusing, I know--but I hope that helps to clarify things.

Chris

-- 
http://www.lowth.com/rope -- Identify and control complex protocols with
Linux, IpTables and Rope.

 //////////////////////////////////////////////////////////////////////////////
 
Newsgroups: comp.security.ssh
NNTP-Posting-Host: 203.217.17.96
References: <1122296248.645395.5040@g43g2000cwa.googlegroups.com>
Message-ID: <42e50735$0$29423$5a62ac22@per-qv1-newsreader-01.iinet.net.au>
Date: 25 Jul 2005 15:37:25 GMT
From: Darren Tucker <dtucker@gate.dodgy.net.au>
Subject: Re: Update password using ssh over remote server permission denied

On 2005-07-25, akim_ziadi@hotmail.com <akim_ziadi@hotmail.com> wrote:
> I'm trying to change a user password on another servers via ssh, and i
> always get a permission denied, someone know why ???
>
> SERVERA#ssh SERVERB "passwd USER1"
> Permission denied
> SERVERA#


The "passwd" program is trying to read its input from its controlling
terminal, and when you run it that way there's no controlling terminal,
only stdin/stdout/stderr.

If you're using OpenSSH, try adding a "-t" to request a pty (two -t's to
force it), ie:
ssh -t SERVERB "passwd USER1"

If you're using some other software then check for an equivalent option.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <1147108768.993940.114960@u72g2000cwu.googlegroups.com>
Message-ID: <Mpo*qihgr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 10 May 2006 12:02:26 +0100 (BST)
From: Jacob Nevins <jacobn(at)chiark.greenend.org.uk>
Subject: Re: putty .58    terminal issue      Not a terminal

gunsmith2233(at)msn.com writes:
>
>I am a novice with putty soory..   I have tried several settings to try
>to get around this issue but no luck..     Is ther a setting that will
>resolve this

This behaviour means that the server has not assigned a terminal device
for your session. This could be for one of several reasons:

 * (Unlikely) You're using SSH, and you've configured PuTTY not to ask
   for a terminal device (SSH panel > "Don't allocate a pseudo-terminal",
   or "-T" option).

 * PuTTY did ask for a terminal device (this is implicit with
   Telnet/Rlogin, and the default behaviour with SSH), but the server
   refused to allocate one. (You can see if this has happened in PuTTY's
   Event Log -- there will be a message "Server refused to allocate
   pty".)

   This could be because the server has run out of pseudo-terminals, or
   is misconfigured in some way. (It's not uncommon for servers to have
   too few pseudo-terminals configured; the limit can usually be
   increased.)

It is best if you can persuade the server to allocate you a
pseudo-terminal, but if you can't, there are some settings in PuTTY that
you can set to achieve some semblance of a normal interactive session.

For instance, to deal with the "stair-stepping" you see, you can set the
option `Implicit CR in every LF'.

http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-crlf

IIRC, you may also need to enable local echo.

http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-localecho


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
Message-ID: <2rrps19s3o16h25hvv6gr4ati3jh2q4hbr@4ax.com>
Organization: IBM Systems Group
Date: Tue, 17 Jan 2006 13:26:34 GMT
From: Cindy Ross <rossc@us.ibm.com>
Subject: PuTTY - patch to allow tiling on windows

I have been using PuTTY (on windows) for a half year now, and first let
me say how nice these tools are, and how nice it is to have the source.

The one problem I have had is that windows tiling (via ctrl-right-click
on windows taskbar icons, then Tile Horizontally or Tile Vertically)
doesn't work with PuTTY.  Neither do the sizing features of utilities
such as http://www.thewonderfulicon.com/
This capability is essential for me, and would have been a deal-breaker.

I believe this is the same problem reported here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-tile.html

This capability is essential for me, and would have been a deal-breaker.
But I was able to patch PuTTY to fix this problem.  Essentially, I just
turned off some code intended to prevent "unexpected" resizes, and turned
off code that prevented resizes when is_alt_pressed() is true.

Warning!  This patch breaks full-screen (alt-enter) mode.  And I
wouldn't be surprised if it breaks other features too.  But I've been
using my patch since last June and it hasn't broken anything else that
I notice.  I would like to find time to learn enough about PuTTY's code
to do a better, cleaner patch, but I don't know when that would be.

I'm attaching my patch in case it might be useful to other users.
It is a -u format patch to the 0.58 version of the WINDOW.C file
(the release source code, not the latest development snapshot).
It can be applied like this:  patch -u window.c tilepatch

Or, since it is so short, I am also listing it here;
one could simply make the indicated changes manually:

--- window.c	Tue Apr 05 15:37:38 2005
+++ \puttysrc\windows\window.c	Wed Jun 22 14:22:51 2005
@@ -2618,6 +2618,7 @@
 	} else {
 
 	    int width, height, w, h;
+            int force_resizing = FALSE;
 
 	    width = LOWORD(lParam);
 	    height = HIWORD(lParam);
@@ -2651,6 +2652,7 @@
 		 *
 		 * This is also called with minimize.
 		 */
+                else if (wParam != SIZE_MINIMIZED) force_resizing = TRUE;
 		else reset_window(-1);
 	    }
 
@@ -2659,8 +2661,8 @@
 	     * massive numbers of resize events getting sent
 	     * down the connection during an NT opaque drag.)
 	     */
-	    if (resizing) {
-		if (cfg.resize_action != RESIZE_FONT && !is_alt_pressed()) {
+            if (resizing||force_resizing) {
+                if (cfg.resize_action != RESIZE_FONT) {
 		    need_backend_resize = TRUE;
 		    w = (width-cfg.window_border*2) / font_width;
 		    if (w < 1) w = 1;
@@ -2669,6 +2671,8 @@
 
 		    cfg.height = h;
 		    cfg.width = w;
+                    term_size(term, cfg.height, cfg.width, cfg.savelines);
+                    InvalidateRect(hwnd, NULL, TRUE);
 	        } else 
 		    reset_window(0);
 	    }

begin 644 tilepatch
M+2TM('=I;F1O=RYC"51U92!!<'(@,#4@,34Z,S<Z,S@@,C`P-0T**RLK(%QP
M=71T>7-R8UQW:6YD;W=S7'=I;F1O=RYC"5=E9"!*=6X@,C(@,30Z,C(Z-3$@
M,C`P-0T*0$`@+3(V,3@L-B`K,C8Q."PW($!`#0H@"7T@96QS92![#0H@#0H@
M"2`@("!I;G0@=VED=&@L(&AE:6=H="P@=RP@:#L-"BL@("`@("`@("`@("!I
M;G0@9F]R8V5?<F5S:7II;F<@/2!&04Q313L-"B`-"B`)("`@('=I9'1H(#T@
M3$]73U)$*&Q087)A;2D[#0H@"2`@("!H96EG:'0@/2!(25=/4D0H;%!A<F%M
M*3L-"D!`("TR-C4Q+#8@*S(V-3(L-R!`0`T*(`D)("H-"B`)"2`J(%1H:7,@
M:7,@86QS;R!C86QL960@=VET:"!M:6YI;6EZ92X-"B`)"2`J+PT**R`@("`@
M("`@("`@("`@("!E;'-E(&EF("AW4&%R86T@(3T@4TE:15]-24Y)34E:140I
M(&9O<F-E7W)E<VEZ:6YG(#T@5%)513L-"B`)"65L<V4@<F5S971?=VEN9&]W
M*"TQ*3L-"B`)("`@('T-"B`-"D!`("TR-C4Y+#@@*S(V-C$L."!`0`T*(`D@
M("`@("H@;6%S<VEV92!N=6UB97)S(&]F(')E<VEZ92!E=F5N=',@9V5T=&EN
M9R!S96YT#0H@"2`@("`@*B!D;W=N('1H92!C;VYN96-T:6]N(&1U<FEN9R!A
M;B!.5"!O<&%Q=64@9')A9RXI#0H@"2`@("`@*B\-"BT)("`@(&EF("AR97-I
M>FEN9RD@>PT*+0D):68@*&-F9RYR97-I>F5?86-T:6]N("$](%)%4TE:15]&
M3TY4("8F("%I<U]A;'1?<')E<W-E9"@I*2![#0HK("`@("`@("`@("`@:68@
M*')E<VEZ:6YG?'QF;W)C95]R97-I>FEN9RD@>PT**R`@("`@("`@("`@("`@
M("!I9B`H8V9G+G)E<VEZ95]A8W1I;VX@(3T@4D5325I%7T9/3E0I('L-"B`)
M"2`@("!N965D7V)A8VME;F1?<F5S:7IE(#T@5%)513L-"B`)"2`@("!W(#T@
M*'=I9'1H+6-F9RYW:6YD;W=?8F]R9&5R*C(I("\@9F]N=%]W:61T:#L-"B`)
M"2`@("!I9B`H=R`\(#$I('<@/2`Q.PT*0$`@+3(V-CDL-B`K,C8W,2PX($!`
M#0H@#0H@"0D@("`@8V9G+FAE:6=H="`](&@[#0H@"0D@("`@8V9G+G=I9'1H
M(#T@=SL-"BL@("`@("`@("`@("`@("`@("`@('1E<FU?<VEZ92AT97)M+"!C
M9F<N:&5I9VAT+"!C9F<N=VED=&@L(&-F9RYS879E;&EN97,I.PT**R`@("`@
M("`@("`@("`@("`@("`@26YV86QI9&%T95)E8W0H:'=N9"P@3E5,3"P@5%)5
M12D[#0H@"2`@("`@("`@?2!E;'-E(`T*(`D)("`@(')E<V5T7W=I;F1O=R@P
-*3L-"B`)("`@('T-"B`@
`
end

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <et8sa4$450$1@usenet01.boi.hp.com>
Message-ID: <fmd*h7FFr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 14 Mar 2007 13:39:41 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: starting putty from perl!

Mark Seger  <Mark.Seger@hp.com> wrote:
>
> I want to write a perl script that starts up a bunch of putty sessions.
> I'd have thought running the 'putty system -l user -pw password'
> should do it but after starting the session, control doesn't return to
> my script until the putty window closes which makes no sense to me
> because if I run that same command from a dos window control does
> return.

I think this is because the DOS window (by which you presumably mean
cmd.exe?) does something odd.

I usually get round this by using Windows's magic "start" command:
try running

  start putty system -l user -pw password

(ObSecurity: you might consider using public keys as an alternative
to saving passwords in disk files.)
-- 
Simon Tatham         "Happiness is having a large, warm, loving,
<anakin@pobox.com>    caring, close-knit family in another city."

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <et8sa4$450$1@usenet01.boi.hp.com> <45F7F9BE.9050609@hp.com>
Message-ID: <gfC*EiGFr@news.chiark.greenend.org.uk>
Organization: Yeah, right
Date: 14 Mar 2007 14:36:42 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: starting putty from perl!

Mark Seger  <Mark.Seger@hp.com> wrote:
>
> I finally figured it out.  you need to do a 'start putty'...  might be
> worthy of an entry in teh FAQ  8-)

We'll put it in the FAQ if it becomes frequently asked. So far,
you're the only person who's asked it! :-)
--
Simon Tatham         "The distinction between the enlightened and the
<anakin@pobox.com>    terminally confused is only apparent to the latter."

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


Newsgroups: comp.terminals
NNTP-Posting-Host: 24.136.247.143
NNTP-Posting-Date: Sun, 13 Dec 2009 16:34:31 -0600
References: <hg01a0$4o1$1@online.de>
Message-ID: <jtqai5hioaauietput9u1juqd9n30sbe6a@4ax.com>
Organization: IBM Systems & Technology Group
Date: Sun, 13 Dec 2009 17:34:29 -0500
From: Cindy Ross <rossc@us.ibm.com>
Subject: Re: Calling Putty to open several sessions at once

> is there a way to open several sessions at once by putty with a Windows
> command or somehow other; if yes, how?

sure, putty has command line options that let you do things like this.
For example, something this would work in a batch file:

    putty -ssh -l myid -pw mypassword whatever.whereever.com


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 70.185.194.243
NNTP-Posting-Date: Mon, 29 May 2006 19:58:03 EDT
References: <1148932456.072752.137600@j73g2000cwa.googlegroups.com>
Message-ID: <fULeg.33482$4H.10341@dukeread03>
Organization: Cox Communications
Date: Mon, 29 May 2006 23:58:03 GMT
From: mroberds@worldnet.att.net
Subject: Re: Tera Term login help needed

stew.dunn@gmail.com wrote:
>Does anybody have any experience, or macros if that's what I need here,
>of how I get the sesssion to start up automatically, with logging to
>text files, if the PC goes down and back up?

You will *probably* need some type of support in your terminal program
for scripting/macros.  I am guessing your process needs to go something
like this:

1.  PC goes down for whatever reason.

2.  PC comes back up.

3.  Several instances of your terminal program start up, because you put
    shortcuts to them in Windows' Startup folder, or equivalent technique
    in your OS.  Each instance "knows" (via command-line switches or a
    config file) what the port settings are, the name of the log file to
    open, etc.

4.  Some macro facility in your terminal program simulates you typing on
    the PC keyboard to send the characters that will cause the remote
    systems to start emitting the data of interest.

It sounds like you're stuck on #4.  I've used Tera Term before as a good
"simple" terminal emulator; I seem to recall that recent versions of Tera
Term do include a simple scripting language, but I've never tried it.

On Windows, once I get beyond what Tera Term does well, I tend to use IVT
http://home.wxs.nl/~ruurdb/IVT.HTM .  It has lots of options, so it may
take you a while to navigate them all, but you should be able to make it
do about anything you want.

As far as what keystrokes are needed to make your remote systems start
outputting the data you want to capture, that will depend on each remote
system.  IVT has a "recorder" mode - switch it on and manually type the
keystrokes to start the remote application, switch it off again, and save
the keystrokes in a script file.  Don't forget to add some error-checking
to handle the cases where the remote system won't come up.

Matt Roberds

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 24.70.95.207
NNTP-Posting-Date: Tue, 30 May 2006 08:42:26 MDT
References: <1148932456.072752.137600@j73g2000cwa.googlegroups.com> <fULeg.33482$4H.10341@dukeread03>
Message-ID: <Pine.LNX.4.61.0605300839570.21985@localhost.localdomain>
Organization: Shaw Residential Internet
Date: Tue, 30 May 2006 14:42:26 GMT
From: Rob Brown <mylastname@gmcl.com>
Subject: Re: Tera Term login help needed

On Mon, 29 May 2006 mroberds@worldnet.att.net wrote:

> It sounds like you're stuck on #4.  I've used Tera Term before as a 
> good "simple" terminal emulator; I seem to recall that recent 
> versions of Tera Term do include a simple scripting language, but 
> I've never tried it.

Like Matt, I am vaguely aware that Tera Term Pro has a scripting 
language, but don't know anything about it.

Kermit http://www.columbia.edu/kermit has a very capable scripting 
language.

The KEA series of terminal emulators from Attachmate also have a good 
scripting language.

-- 

Rob Brown                        b r o w n a t g m c l d o t c o m
G. Michaels Consulting Ltd.      (866)438-2101 (voice) toll free!
Edmonton                         (780)438-9343 (voice)
                                 (780)437-3367 (FAX)
                                 http://gmcl.com/

 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.terminals
NNTP-Posting-Host: regus-klimentska.prg.customer.vol.cz [213.175.62.122]
NNTP-Posting-Date: Tue, 10 Jun 2008 13:40:57 +0000 (UTC)
Message-ID: <3aa20ef6-ac09-4f08-9339-e3746a1c3d29@c58g2000hsc.googlegroups.com>
Date: Tue, 10 Jun 2008 06:40:57 -0700 (PDT)
From: Vladimr <vladimir.trebicky@gmail.com>
Subject: Some terminal enhancements into PuTTY

Hi all,

I was a bit sad that PuTTY filters some key combinations, so I played
around with the code this morning to get some shortcuts working in
ViM ;-)

    http://spunt.kebule.cz/home/putty-xterm-hacks.patch

1) Apps key (the one to the left from right control) is no longer
   taken as a compose key but sent as an escape sequence like in xterm.
2) Ctrl-PageUp and Ctrl-PageDown are no longer used for vertical
   scrolling.
3) Ctrl-Backspace acts like Shift-Backspace (^H <--> Ctrl-?)
4) Insert, Delete, Home, End, PageUp and PageDown are no longer
   filtered when shift/control pressed and sent with additional ";5",
   etc. modifiers.
5) Shift-arrows are no longer filtered and sent as escape sequences
   like in xterm.

Positive feedback welcome ;-)

Vladimir.

 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 //////////////////////////////////////////////////////////////////////////////

For administrative access to NetApp (Network Appliance) storage appliances
running Data ONTAP:

Because of the usual security concerns in administering storage filers and
cache appliances via the "telnet" and "rsh" protocols, NetApp provides an
SSH access method.

To initially set up a storage appliance for SSH connections, find out if
special any special key-length constraints are required on your network,
then run the short interactive dialogue by invoking:

    toaster*> secureadmin setup ssh

The keys generated will be:

    /etc/sshd/ssh_host_key
    /etc/sshd/ssh_host_rsa_k
    /etc/sshd/ssh_host_dsa_key.

There is a minor bug (187989) in some versions of the Data ONTAP (7G/Classic)
kernel in which a command prompt fails to appear upon establishment of an SSH
session.  There is an easy workaround: before trying the SSH session, use the
serial console to create an /etc/motd file (on the appliance) which ends with
a bona fide Return character.  For example:

    wrfile /etc/motd
    <return>
    <control-C>

In releases of Data ONTAP since 7.0.1, there are some options for tweaking
the interaction between serial-console and SSH sessions; contact NetApp
Global Support for information on how to set these.

If you are using PuTTY as the client software with protocol version SSH2,
and then you find that the line-editing functions do not work, then change
the following PuTTY settings: 

On the Terminal tab

 * set Local Echo to "Force off"
 * set Local Line Editing to "Force Off"

On the SSH tab

 * check "Don't Allocate a Pseudo-terminal"

(You can save this configuration for future use in the Session tab.)

For filer settings of the SSH2 protocol, consult the "secureadmin_inbound"
configuration in "/etc/local.cfg".

You should also set PuTTY *not* to repeat the key exchange every hour.
(This same restriction applies to several SSH servers derived from open source.)

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

211360 / SSH responds with message "unsupported channel request for env"

When an SSH client connects to Data ONTAP, in addition to opening a
channel for the main session, the SSH client may attempt to open an
auxiliary channel.  Such channels are typically used to forward
display-output data from X-Windows applications (using X11 Forwarding)
or to transmit shell-environment parameters for the user session.
Since Data ONTAP does not support X11 Forwarding or other uses of such
additional SSH channels, the storage controller will log a warning
message of this form:

  [toaster: openssh.invalid.channel.req:warning]:
  SSH client (SSH-2.0-OpenSSH_4.9) from 192.168.12.34
  sent unsupported channel request (10, env).

If the SSH session is otherwise authorized, the warning may be ignored.


To workaround the problem:

On the SSH client, disable features which may request to open auxiliary 
channels.  Such features include SendEnv and X11 Forwarding.  The exact 
means of disabling the features depends on the client program.

Notes:

For the OpenSSH client invoked from a Linux or Unix host, adding the
"-x" option on the command line should disable the X11 Forwarding feature.
If no users on that Linux or Unix host will ever use X11 Forwarding,
the feature can be turned off in the host-wide configuration in the file
/etc/ssh_config (or /etc/ssh/ssh_config): uncomment or otherwise insert
a line in that file which says:

    ForwardX11 no

Also, comment out or remove any "SendEnv" lines in that file.
(These features may also be controlled in per-user configuration files
or by command-line options.)


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals, comp.security.ssh
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <op.tfkhk1cgtte90l@hyrrokkin>
Message-ID: <Tpq*obhqr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 08 Sep 2006 20:15:05 +0100 (BST)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: psftp problem

[ followups set to comp.security.ssh ]

Tom Linden <tom@kednos-remove.com> writes:
>
> psftp> get STARLET.ZIP
> remote:/dpli$/decpli/starlet/ca20060906/STARLET.ZIP => local:STARLET.ZIP
> error while reading: received a short buffer from FXP_READ, but not at EOF
> psftp>

This is a known bug in PSFTP that causes trouble with VMS systems. I'm
not aware of any workaround, I'm afraid.

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/fxp-short-reads.html


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <f52qbf$p1e$1@online.de> <46754F08.F930EC4C@spam.comcast.net>
Message-ID: <z9u*AxvNr@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 17 Jun 2007 16:46:49 +0100 (BST)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: How to copy in Putty selected text into clipboard

>Thomas Wiedmann wrote:
>>
>> if in Putty 0.58 I select text of the Putty console I can insert it by
>> clicking the right mouse key at the cursor position. But how can text of
>> Putty be selected and transferred to the clipboard, e.g. of Windows XP,
>> to insert it afterwards e. g. in a textfile or a Word document outside
>> of Putty?

Text is automatically copied to the clipboard when you select it; it is
the clipboard contents that are pasted into the PuTTY window when you
right-click, and should be pasted into any other application when you
invoke the "paste" action in the usual way.

See
    http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-cutpaste

David J Dachtera <djesys.no@spam.comcast.net> writes:
>
> CTRL+C = Copy

This won't copy text in PuTTY -- the Ctrl+C will be sent to the server
(where it will probably interrupt a process, or something similar).

> SHIFT+Insert = Paste

This, however, does work to paste text _into_ PuTTY.

 ..............................................................................

Newsgroups: comp.terminals
NNTP-Posting-Host: 24.15.149.110
NNTP-Posting-Date: Sun, 17 Jun 2007 14:17:19 -0500
References: <f52qbf$p1e$1@online.de> <46754F08.F930EC4C@spam.comcast.net>
    <z9u*AxvNr@news.chiark.greenend.org.uk>
Message-ID: <467588BF.C344556D@spam.comcast.net>
Date: Sun, 17 Jun 2007 14:17:19 -0500
From: David J Dachtera <djesys.no@spam.comcast.net>
Subject: Re: How to copy in Putty selected text into clipboard

Jacob Nevins wrote:
>
> David J Dachtera <djesys.no@spam.comcast.net> writes:
> >CTRL+C = Copy
>
> This won't copy text in PuTTY -- the Ctrl+C will be sent to the server
> (where it will probably interrupt a process, or something similar).

This is user-configurable in many emulators. CTRL+ "chords" can either
be processed locally, or be forwarded to the host.

-- 
David J Dachtera
dba DJE Systems


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 67.122.246.158
NNTP-Posting-Date: Sun, 24 Sep 2006 16:51:25 EDT
Message-ID: <pan.2006.09.24.20.51.24.424383@story.net>
Date: Sun, 24 Sep 2006 20:51:25 GMT
From: Augustus SFX van Dusen <ASFXvD@story.net>
Subject: Bringing ssh connections back to life after hibernation

In my setup I sometimes have to put my computer to hibernate when I
have one or more ssh (OpenSSH, in fact) connections to remote hosts.
My hibernate setup is such that when I bring my computer back to life
the network is up and running immediately. However, my ssh connections
to remote hosts take some 10-15 minutes to revive.

Anybody know why that should be the case? Anybody know if there is some
OpenSSH configuration parameter that would get the ssh connections back
to life quickly?

 ..............................................................................

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 67.122.246.158
NNTP-Posting-Date: Mon, 25 Sep 2006 11:46:08 EDT
References: <pan.2006.09.24.20.51.24.424383@story.net>
    <ef73u3$ed5$1@nntp.itservices.ubc.ca>
Message-ID: <pan.2006.09.25.15.46.04.577658@story.net>
Organization: SBC http://yahoo.sbc.com
Date: Mon, 25 Sep 2006 15:46:08 GMT
From: Augustus SFX van Dusen <ASFXvD@story.net>
Subject: Re: Bringing ssh connections back to life after hibernation

On Sun, 24 Sep 2006 23:21:39 +0000, Unruh wrote:
>
> I have the same problem when my network goes down for a while (ISP
> problems) I sometimes find that opening a new ssh to the same host
> revives the old one. Not sure where the problem is--whether it is
> a long timeout in the local or in the remote ssh.
>
> (It has never been 15 min, but that may depend on the length of the
> down time.)

For what it's worth, I think I have found a solution to my problem.
(Not for the first time immediately after asking for a answer to some
question in the net, either.) If in my /etc/ssh/ssh_config I enter the
lines

        ServerAliveCountMax 1
        ServerAliveInterval 10

then my connections seem to come back quickly enough after reviving my
computer.

 ..............................................................................


Newsgroups: comp.security.ssh
References: <pan.2006.09.24.20.51.24.424383@story.net>
    <ef73u3$ed5$1@nntp.itservices.ubc.ca>
    <pan.2006.09.25.15.46.04.577658@story.net>
Message-ID: <ef91qf$4u8$2@nntp.itservices.ubc.ca>
Organization: ITServices, University of British Columbia
Date: 25 Sep 2006 16:57:51 GMT
From: Unruh <unruh-spam@physics.ubc.ca>
Subject: Re: Bringing ssh connections back to life after hibernation

Augustus SFX van Dusen <ASFXvD@story.net> writes:
>
> ...question in the net either.) If in my /etc/ssh/ssh_config I enter
> the lines
>
>       ServerAliveCountMax 1
>       ServerAliveInterval 10
>
> then my connections seem to come back quickly enough after reviving my
> computer.

While the latter looks useful, the former seems counterproductive,
at least in my situations. I.e., it says that, if once the server does
not respond to the ServerAlive message, you are disconnected. That
seems pretty harsh.

 ..............................................................................

Newsgroups: comp.security.ssh
References: <pan.2006.09.24.20.51.24.424383@story.net>
    <ef73u3$ed5$1@nntp.itservices.ubc.ca>
    <pan.2006.09.25.15.46.04.577658@story.net>
    <ef91qf$4u8$2@nntp.itservices.ubc.ca>
Message-ID: <5ofou3-bdj.ln1@news.heiming.de>
Date: Tue, 26 Sep 2006 22:39:01 +0200
From: Michael Heiming <michael+USENET@www.heiming.de>
Subject: Re: Bringing ssh connections back to life after hibernation

In comp.security.ssh Unruh <unruh-spam@physics.ubc.ca>:
>>>
>>> I have the same problem when my network goes down for a while (ISP
>>> problems) I sometimes find that opening a new ssh to the same host
>>> revives the old one. Not sure where the problem is-- whetehr it is
>>> a long timeout in the local or in the remote ssh. (It has never been
>>> 15 min, but that may depend on the length of the down time.)

Mostly a ssh connection can survive such thing easily with static
IP, if you just keep the xterm with the login open. YMMV


>>       ServerAliveCountMax 1
>>       ServerAliveInterval 10

> While the latter looks useful, the former seems counterproductive, at least
> in my situations. I.e., it says that if once the server does not respond to
> the ServerAlive message, you are disconnected. That seems pretty harsh.

The above would disconnect the unresponsive session 10 seconds
after the first packet got no answer as per client-side configuration.

Indeed this is more useful on the sshd side to stop firewalls from
automatic disconnecting idle sessions there are far better ways to do
this than a firewall could. but although to let sshd disconnect broken
sessions cleanly, without "filling" up utmp and associated tools with
ghost logins.

  ClientAliveCountMax
  ClientAliveInterval

Default of the later is zero, disabling sending messages to the
client at all.

-- 
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 225: It's those computer people in X {city
of world}.  They keep stuffing things up.


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.sys.sun.admin
NNTP-Posting-Host: 219.64.125.117.chn.dialup.vsnl.net.in
NNTP-Posting-Date: Thu, 2 Nov 2006 00:50:11 +0000 (UTC)
References: <1162195659.552716.15770@b28g2000cwb.googlegroups.com>
Message-ID: <1162428606.083608.30490@k70g2000cwa.googlegroups.com>
Date: 1 Nov 2006 16:50:06 -0800
From: koneruarjun@gmail.com
Subject: Re: OpenSSH Passwordless Authentication between 2 systems with different UID's

kaka.hui@gmail.com wrote:
>
> How to communicate without a passwd between 2 Unix systems where
> the communicating sessions have different uid/s? (NOTE: both systems
> are on OpenSSH)
>
> e.g.
>
> SystemA UserA SSH to SystemB UserB
>
>
> Here is what I tried but failed.
>
>
> As UserA in System A:
>
> > ssh-keygen -t dsa
> > cd ~/.ssh
> > cat id_dsa.pub > authorized_keys2
> > scp ./id_dsa.pub UserB@SystemB:.ssh/.  (when prompt for the passwd, I typed UserB's passwd)
>
>
> As UserB in System B:
>
> > cd .ssh
> > cat id_dsa.pub > authorized_keys2
>
>
> Same trick for same user ID would work in the above example (i.e.
> SystemA UserA SSH to SystemB UserA)
>
> Could someone please shed some light here?  Thank you very much!


Generate a passphrase less key-par for UserA@systemA and update

    $HOME(UserB@SystemB)/.ssh/authorized_keys

with the new pub  key .

and then ssh into the system using the privkey with -i flag

Enjoy!
//Arjun


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: 198.173.15.250
Message-ID: <1178047363.809087.257420@h2g2000hsg.googlegroups.com>
Date: Tue, 1 May 2007 12:22:43 -0700
From: dcmdcm@gmail.com
Subject: PuTTY DECSED (Selective Erase) (Esc [ ? x J)

I've been using PuTTY for a while in various applications.  I really
like it, so I reached for it again for this latest application.
Unfortunately, this app requires being able to selectively erase text
on the screen ("Clear Foreground" text).  The VTxxx referes to this
capability as DECSED ("Esc [ ? x J", where x specifies the area of
erasure desired (I'm looking for x=2, the whole screen).  (There's
another similar facility called DECSEL).

I did discover that this facility is implemented in xterm, but I can't
use xterm here (sorry, it's on Windows -- not my choice).

I have a few alternatives:

1) Change the application to not use this facility.  I'd rather not,
there's a lot of code in this app [that I "inherited"].

2)  Use a different terminal emulator.  I suppose I could, but I'd
rather do something else.  If someone has a suggestion for one, please
let me know.  No, I don't want to pay an arm and a log for a
commercial emulator that's otherwise not as good as PuTTY.

3)  Modify PuTTY to do what I want.  This is my preferred course of
action.  Not only will I benefit, but others will, too.  I can change
it myself or I can ask someone else to do it.  I would change it
myself, but I've not been in the PuTTY code and would take me an
unknown amount of time to spin up.  If someone has a few pointers as
to how this capability could be added -- where in the code to start
looking -- I'd appreciate it.

Another option would be to ask someone else to do it.  Yes, I could
pay something, but not likely what the labor would be worth.

If anyone has any ideas on this, please let me know!

HELP!

Thanks!

Dave Madsen ---dcm
dcmdcm@gmail.com

 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.os.linux.misc
NNTP-Posting-Host: 24.20.116.48
NNTP-Posting-Date: Thu, 2 Aug 2007 23:37:43 +0000 (UTC)
Message-ID: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
Organization: http://groups.google.com
Date: Thu, 02 Aug 2007 23:37:42 -0000
From: Scott <smbaker@gmail.com>
Subject: high-ascii characters in linux terminal via ssh
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"	<< here's a clue to the problem!
Content-Transfer-Encoding: quoted-printable



When I SSH into most of my newer linux machines from my windows
computer, I get some funny upper-ascii characters that appear from
time to time, particularly in manpages and gcc output. Here is a
randomly chosen snippet from a manpage:

     Use --progress=dot to switch to the
â^¬^â^¬^dotâ^¬^Ģâ^¬^Ģ display.

The character sequences look like an 'a' with a hat over it and a
cursive upper case 'E'.

It's very annoying particularly with gcc output as these characters
end up around every identifier that appears in a gcc warning.

I've tried numerous different terminal emulation settings in my ssh
program, to no avail.  [surprise, surprise]

I'm sure I used to know how to turn this off (it seems like there was
an environment variable to set), but I forgot...  Can anyone remind me?

Thanks,
Scott

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

Newsgroups: comp.os.linux.misc
NNTP-Posting-Host: eJSSGroJa5Qh6TM459JBWw.user.aioe.org
References: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
Message-ID: <f8u1d3$1es$1@aioe.org>
Organization: Aioe.org NNTP Server
Date: Fri, 3 Aug 2007 03:46:11 +0200 (CEST)
From: Kenan Kalajdzic <kenan@cced.ba>
Subject: Re: high-ascii characters in linux terminal via ssh

You need to set the TERM environment variable in your login shell.  If
you use putty, setting TERM to either "linux", "ansi" or "xterm" should
work fine in your case.

-- 
Kenan Kalajdzic

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

Newsgroups: comp.os.linux.misc
NNTP-Posting-Host: 24.20.116.48
NNTP-Posting-Date: Fri, 3 Aug 2007 02:29:13 +0000 (UTC)
References: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
    <f8u1d3$1es$1@aioe.org>
Message-ID: <1186108152.857363.135060@q3g2000prf.googlegroups.com>
Date: Fri, 03 Aug 2007 02:29:12 -0000
From: Scott <smbaker@gmail.com>
Subject: Re: high-ascii characters in linux terminal via ssh

> You need to set the TERM environment variable in your login shell.  If
> you use putty, setting TERM to either "linux", "ansi" or "xterm" should
> work fine in your case.

No luck there, it doesn't seem to make any difference. The default is
vt100, which is what my ssh client is set to.   I tried changing it
(both the term variable and the ssh client) to linux, ansi, and xterm
to no avail.


I did manage to find the previous "fix" for this issue, which was to put:

    export LANG="POSIX"

in my .bashrc file.

Strangely enough, this works for RHEL4, but on RHEL5, it changes the
funny characters to a string <E2><80><99>, which I'm assuming is the
hex values of the funny characters it was printing.

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

Newsgroups: comp.os.linux.misc
References: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
    <f8u1d3$1es$1@aioe.org>
Message-ID: <13b622ck8n9rcdc@corp.supernews.com>
Date: Fri, 03 Aug 2007 10:49:48 -0000
From: Thomas Dickey <dickey@saltmine.radix.net>
Subject: Re: high-ascii characters in linux terminal via ssh

Kenan Kalajdzic <kenan@cced.ba> wrote:
>>
>> The character sequences look like an 'a' with a hat over it and a
>> cursive upper case 'E'.

... UTF-8


>> I've tried numerous different terminal emulation settings in my ssh
>> program to no avail. I'm sure I used to know how to turn this off (it
>> seems like there was an environment variable to set), but I forgot...

> You need to set the TERM environment variable in your login shell.  If
> you use putty, setting TERM to either "linux", "ansi" or "xterm" should
> work fine in your case.

The $TERM variable is unrelated.  It's the locale settings (man locale).

-- 
Thomas E. Dickey
http://invisible-island.net/
 ftp://invisible-island.net/

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 

Newsgroups: comp.os.linux.misc
NNTP-Posting-Host: gw.roaima.co.uk
NNTP-Posting-Date: Fri, 3 Aug 2007 12:07:05 +0000 (UTC)
References: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
Message-ID: <58fbo4-r4o.ln1@news.roaima.co.uk>
Organization: Roaima. Harrogate, North Yorkshire, UK
Date: Fri, 3 Aug 2007 12:13:41 +0100
From: Chris Davies <chris-usenet@roaima.co.uk>
Subject: Re: high-ascii characters in linux terminal via ssh

>     Use --progress=dot to switch to the
>     â^¬^â^¬^dotâ^¬^Ģâ^¬^Ģ display.

> I've tried numerous different terminal emulation settings in my ssh
> program to no avail [...]

This is a consequence of a mismatched locale setting. The newer box is
(probably) configured to use UTF8 but for some reason your pager doesn't
know it.

For other people reading this post, you can probably reproduce it like
this (replacing en_GB.UTF8 with an appropriate locale):

    LANG=en_GB.UTF8 man ls | LANG= less

To avoid it, you need to ensure that everything runs in the same locale.
So either remove LANG entirely, or ensure that it's set consistently
everywhere:

        unset LANG              # Maybe in your .profile / .bash_profile
        man ls                  # Etc...

If you're using xterm windows anywhere, start using uxterm (or better,
lxterm) instead.

Chris

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 


Newsgroups: comp.os.linux.misc
NNTP-Posting-Host: 24.20.116.48
NNTP-Posting-Date: Fri, 3 Aug 2007 18:54:46 +0000 (UTC)
References: <1186097862.139456.220350@i13g2000prf.googlegroups.com>
    <58fbo4-r4o.ln1@news.roaima.co.uk>
Message-ID: <1186167285.541896.202950@i38g2000prf.googlegroups.com>
Date: Fri, 03 Aug 2007 11:54:45 -0700
From: Scott <smbaker@gmail.com>
Subject: Re: high-ascii characters in linux terminal via ssh

> This is a consequence of a mismatched locale setting. The newer box is
> (probably) configured to use UTF8 but for some reason your pager doesn't
> know it.


Thanks for the info.

Now that I know what is causing it, I think I've fixed it by telling
my SSH client to use UTF-8 instead of 'default' which was what it was
configured to use.

Scott

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.misc
NNTP-Posting-Host: 24.34.108.171
NNTP-Posting-Date: Thu, 15 May 2008 21:36:10 -0500
References: <368235fa-2308-4f60-907b-4927d3560990@u12g2000prd.googlegroups.com>
Message-ID: <barmar-429B29.22361015052008@newsgroups.comcast.net>
Date: Thu, 15 May 2008 22:36:10 -0400
From: Barry Margolin <barmar@alum.mit.edu>
Subject: Re: SSH login with other user's keys

In article <368235fa-2308-4f60-907b-4927d3560990@u12g2000prd.googlegroups.com>,
 rahul <rahulsinner@gmail.com> wrote:
>
> I have an account called mdmbuild on my machine that does not have a
> password. It's a headless account. I have ssh public and private keys
> for the account. The public keys are already there on the machine I
> want to log on to.
> But the problem is the remote machine is not accepting my private keys
> as they were generated on a different machine.
>
> Say keys were generated on saturn and public keys copied to venus. My
> mars machine has the private keys but venus won't accept it as it has
> public keys generated on saturn. Is there any way I can login on venus
> with the keys I have got?
>
> mdmbuild does not have a password. The only way to login
> is with the keys.


When you run "ssh-keygen", it creates both a public and private key.
You have to use the private key that was made at the same time as
the public key, because key generation incorporates random data.

Every time you run "ssh-keygen" you'll get different keys, even if
you enter the same passphrase, and you can't mix and match them.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: admin.sibptus.tomsk.ru
NNTP-Posting-Date: Thu, 16 Oct 2008 02:37:42 +0000 (UTC)
References: <gd1lge$1n36$1@relay.tomsk.ru>
Message-ID: <gd69dm$383$2@relay.tomsk.ru>
Organization: AO "Svyaztransneft", SibPTUS
Date: Thu, 16 Oct 2008 02:37:42 +0000 (UTC)
From: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Subject: Re: custom XLT for PuTTY

Victor Sudakov wrote:
>
> Is there a way to create a custom translation table for PuTTY (win32)?

The problem was solved with IrLex. It supports custom translation tables.

    http://sourceforge.net/projects/irlex

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.sys.sun.admin
NNTP-Posting-Host: 213.78.42.15
References:
    <faa4e7c1-3957-44bb-a4bf-27fd80edfa70@q30g2000prq.googlegroups.com>
    <4951831a@212.67.96.135>
    <490ffc81-8a84-4d50-8d5d-f667a05a4630@f3g2000vbf.googlegroups.com>
Message-ID: <49524564@212.67.96.135>
Date: Wed, 24 Dec 2008 14:21:17 +0000
From: Dave <foo@coo.com>
Subject: Re: automated ssh only works one way

didds wrote:
>
> On 24 Dec, 00:32, Dave <f...@coo.com> wrote:
>
>> I'm not sure why you are using authorized_keys2.
>
> that's what I was told to do by our Solaris support service wallahs/
> resellers.

What version of ssh are you using - the one supplied with Solaris? If
so, the server is at /usr/lib/ssh/sshd and the client at /usr/bin/ssh.

I've server up password-less ssh on numerous machines and it works every
time as I said. It *might* be possible to disable it in the server
config file, but by default it should work.

bash-3.00$ ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

If you see something mixing an ssh server from ssh.com, and a client
from OpenSSL, it might be the cause, as I don't think the keys are
compatible, although I believe you can convert from one key to the
other. I've long since stopped using the tools from ssh.com.

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.sys.sun.admin
NNTP-Posting-Host: 213.78.42.15
References:
    <faa4e7c1-3957-44bb-a4bf-27fd80edfa70@q30g2000prq.googlegroups.com>
Message-ID: <49524acd@212.67.96.135>
Date: Wed, 24 Dec 2008 14:44:19 +0000
From: Dave <foo@coo.com>
Subject: Re: automated ssh only works one way

didds wrote:
> two systems, usdb7 (v490) & usdb11 (v440) both sol 10 8/07.
> Instructions here followed to the t.
> http://www.sun.com/bigadmin/content/submitted/ssh_setting.html
> Only... connecting from usdb7 to usdb11 still requests a password,
> wheras in reverse it doesn't.
> -v option doesn't show anything obvious (to me anyway ...  !)  [but
> see below]
> any ideas?
>
> cheers
>
> ian.
>
Looking at your outputs in more detail, you don't provide sufficient
information for me to be 100% sure what you are doing.

This is my client where I log in from.

bash-3.00$ cat $HOME/.ssh/id_dsa.pub
ssh-dss
AAAAB3NzaC1kc3MAAACBAN6hOf4gqfDW8qmLtts7okHL6nHLvPQSyeZKuzGjQPkRSawDlsh9NWkzohtG
AXcnlDQjV0K5cYBzpZqBOni3w5k0oxpBrqAnJSjW7XHIN0m3fbmFclnt4Oq1bzxA2qnojtN+siKjguQ6
XTNoqEe0KGwYvShBBCLEOr07NMV6m7PrAAAAFQC1TD0OG0b7Y8HLBFCSg+oaRkSNWQAAAIBgJAOEltW3
6fZJ83ad4lNINNkR0mKq1ZONVX71NComxp0QKNV0oCv1GbO8vVuv1e9Rc15AVG+sIftlVXTA3YgNbtTj
zgAn9QyVu/TfwWjBPqqIEkKM38+QCajPdKaFfytNeI+Gqlp85pVHfYKMaxyJ92Wm7ZI+0RLrbMBfVBdo
pgAAAIAy/o2Gfh9s/B48FKw2Y0AadekIKDJyX0/GEedNVNdmRNzfjudA6/gy9biHBh9/vnqkYGXG6vJV
IJbOEKmVNgZ2+NQMd+uaOVrNsM8ftmIWMzWc7sEXUoCF7MYXQLtwlKoNimqCQly14ITV3gHwMYmaeBWp
8wQ4s7fkxpOTxgII+w==
drkirkby@sparrow

There should be only one key in $HOME/.ssh/id_dsa.pub, which is created with

$ ssh-keygen -t dsa

This is the server which I log into. In this case, there are two keys,
as I log into it from two different machines.

[drkirkby@main-webserver ~]$  cat $HOME/.ssh/authorized_keys
ssh-dss
AAAAB3NzaC1kc3MAAACBAN6hOf4gqfDW8qmLtts7okHL6nHLvPQSyeZKuzGjQPkRSawDlsh9NWkzohtG
AXcnlDQjV0K5cYBzpZqBOni3w5k0oxpBrqAnJSjW7XHIN0m3fbmFclnt4Oq1bzxA2qnojtN+siKjguQ6
XTNoqEe0KGwYvShBBCLEOr07NMV6m7PrAAAAFQC1TD0OG0b7Y8HLBFCSg+oaRkSNWQAAAIBgJAOEltW3
6fZJ83ad4lNINNkR0mKq1ZONVX71NComxp0QKNV0oCv1GbO8vVuv1e9Rc15AVG+sIftlVXTA3YgNbtTj
zgAn9QyVu/TfwWjBPqqIEkKM38+QCajPdKaFfytNeI+Gqlp85pVHfYKMaxyJ92Wm7ZI+0RLrbMBfVBdo
pgAAAIAy/o2Gfh9s/B48FKw2Y0AadekIKDJyX0/GEedNVNdmRNzfjudA6/gy9biHBh9/vnqkYGXG6vJV
IJbOEKmVNgZ2+NQMd+uaOVrNsM8ftmIWMzWc7sEXUoCF7MYXQLtwlKoNimqCQly14ITV3gHwMYmaeBWp
8wQ4s7fkxpOTxgII+w==
drkirkby@sparrow
ssh-dss
AAAAB3NzaC1kc3MAAACBAL+nRizKAJyn50owFO0RTTQ7zIHdtpbgVixoinbAuAX9P3cO49zq34evmC3t
0Fv66eVUsQUMfyJqwUpzfd080P0x9yXU8n11V19yknHtQnsqvfQMRis07YA0SxuVIZ4prULHQPDkJzuc
63o+Pb/3ZCY+aptxvf1akNdJTMBlZfozAAAAFQD+J6w8/AosRXTTVin+SaL0vgBqvQAAAIEAuhN7pZpM
zNWOhlRjUWZ7smuThlLVthElZoAkwvIB4O/iHN38wTj/pwo55Nq0+BpX33TIJ1ogpw2aoxih8Os9oHyJ
5azggho0wlb1gYwcZaGEW2MslYUEHDo8cXr1Qt2IKTWzMZsEm+8QOzeobOzr8rDufTVXp9mgCD3r/RRt
EL4AAACAKYJFjM3w4bYHNaL2B4RrRO8/z3BS/ISr16MOe5sUUuwt6+O4vt/bng37Z62mimDSLQKexn+4
hcKs+B7JlEkVY2aRZlaUzJ3OF+AQDFPmVh7oD/g4GP5yOxrwlKYR+07oraumWkHulgZesJXH0L1qVWnO
YzOuCpshcLI1IhtFqEQ=
drkirkby@kingfisher

I think the username@server is ignored - it is only there to help you
remember what key is what.

To get it to work both ways, from machine A to B and from B to A, you
need to:

1) Append $HOME/.ssh/id_dsa.pub of A to $HOME/.ssh/authorized_keys of B.
This allows you to connect from A to B.

1) Append $HOME/.ssh/id_dsa.pub of B to $HOME/.ssh/authorized_keys of A.
This allows you to connect from B to A.

I'm not sure if blank lines are allowed in $HOME/.ssh/authorized_keys

Blank lines are probably ignored, but server could just stop reading at
that point. I note you have a blank line.

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.sys.sun.admin
NNTP-Posting-Date: Wed, 24 Dec 2008 09:11:13 -0600
References:
    <faa4e7c1-3957-44bb-a4bf-27fd80edfa70@q30g2000prq.googlegroups.com>
    <4951831a@212.67.96.135>
    <490ffc81-8a84-4d50-8d5d-f667a05a4630@f3g2000vbf.googlegroups.com>
    <49524564@212.67.96.135>
Message-ID: <1230131473.645127@news1nwk>
Organization: Sun Microsystems
Date: Wed, 24 Dec 2008 10:11:12 -0500
From: Martha Starkey <martha.starkey@sun.com>
Subject: Re: automated ssh only works one way

On 12/24/08 09:21, Dave wrote:
> didds wrote:
>> On 24 Dec, 00:32, Dave <f...@coo.com> wrote:
>>
>>> I'm not sure why you are using authorized_keys2.


Good call, Dave.  The instructions that didds' support service pointed
him to mentions that ssh is provided starting with Solaris 9 and that it
uses "authorized_keys" instead of "authorized_keys2".  But that's not
mentioned until paragraph #14 or so.

Here's another reference:

docs.sun.com Home
 > Solaris 10 System Administrator Collection
  > System Administration Guide: Security Services
   > Authentication Services and Secure Communication
    > 19.  Using Solaris Secure Shell (Tasks)
     > Using Solaris Secure Shell

*How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell

*How to Reduce Password Prompts in Solaris Secure Shell


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: 128.164.129.3
NNTP-Posting-Date: Thu, 08 Jan 2009 13:38:25 -0600
References:
    <ae6b8912-757f-448c-a619-714ca9da8a8f@w1g2000prm.googlegroups.com>
    <ZR89l.13619$c45.4584@nlpi065.nbdc.sbc.com>
    <7b9d7c02-762f-4296-b449-4efd1bd978f3@l33g2000pri.googlegroups.com>
    <slrngmaa6r.nfo.syscjm@sumire.gwu.edu>
    <4975c4aa-c472-4727-8ccf-44f1474e1913@q30g2000prq.googlegroups.com>
Message-ID: <slrngmclhh.np0.syscjm@sumire.gwu.edu>
Date: Thu, 08 Jan 2009 13:38:25 -0600
From: Chris Mattern <syscjm@sumire.gwu.edu>
Subject: Re: ssh for any user

On 2009-01-08, james.bruckmann@yahoo.com <james.bruckmann@yahoo.com> wrote:
>
> Thanks ! I cannot try this at the moment, no access to the sun boxes.
> Are yiu sure? at the target box wont the operator be the the only user
> that matters?

Yes, *at the target box*, only operator matters.  So you'd put the
public keys of all the authorized users into ~operator/.ssh/authorized_keys.

That gives all the authorized users access to the operator account.


> ....
> $cmd = "ssh  operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
> \n";
> ...
> Maybe I just have to copy operator's private key into each users .ssh
> dir\?
>

Bad, bad idea.  This has all kinds of security implications, none of them
good; the worst part is you've just made it impossible to distinguish
between operator and the other users for *any* attempts to gain ssh access
via private key, anywhere.

-- 
             Christopher Mattern

NOTICE
Thank you for noticing this new notice
Your noticing it has been noted
And will be reported to the authorities


 //////////////////////////////////////////////////////////////////////////////

There is support for OpenSSH with Kerberos and GSSAPI:

    http://www.sxw.org.uk/computing/patches/openssh.html

 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.security.ssh, comp.terminals
NNTP-Posting-Host: 91.153.142.172
NNTP-Posting-Date: Sun, 26 Apr 2009 08:28:24 +0000 (UTC)
Message-ID: <9ccbda29-061e-4ae6-bc55-bbbb5f95c30a@x1g2000prh.googlegroups.com>
Date: Sun, 26 Apr 2009 01:28:24 -0700 (PDT)
From: Ronja <ronja.addams.moring@gmail.com>
Subject: Kudos to Putty developers, answer not necessary

Summary: A big thank you to the Putty team - and all who developped
ssh to the point where Putty could get started - for a *reliable*
piece of software. I have clearly spent too many years in the
Microsoft world as I had all but forgotten how it feels to leave a
program running overnight or longer and come back and find it still up
and running, without hogging virtual memory and generally just
behaving well without any extra fuss. Thanks!

Details:

I woke up to continue on some work that was left half-way yesterday
and noticed that the Putty terminals to both *nix servers that I had
left open on my laptop were alive and well. And suddenly I was washed
over with such relief and gratitude - there still is software around
that is stable and reliable, that won't crash on you the minute you
turn your back (or earlier), that won't start gobbling up virtual
memory after running more than one hour and that won't *require* an
update every one or two weeks just to stay tolerably functional.

Mostly out of professional necessity (all of my customers use Windows
and MS Office) I have used mainly Windows for the last five years or
so. Before that I used mostly Unix or Linux (my first Unix-like
experience was on a Zilog System 8000 in 1987-88, and it was love at
first sight). This experience with Putty is just one more lately that
makes me more convinced that my next laptop will be Linux-based, and
as much as possible of the software on it will be open-source. Then at
least if something does not work, I have the consolation that a) I did
not pay a cent for it anyway and b) if that particular functionality
really is important for me I can help fix it.

Thanks for making my Sunday morning & happy hacking!

Ronja
http://www.iki.fi/~ronja/


 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.security.ssh
NNTP-Posting-Host: f7aa2210.newsspool4.arcor-online.net
NNTP-Posting-Date: 15 May 2009 08:24:13 CEST
Message-ID: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net>
Organization: Arcor
Date: 15 May 2009 06:24:13 GMT
From: Paul Mueller <paulmue45@aol.com>
Subject: Are OpenSSH and Putty generated SSH keys compatible?  Default extensions?

Are SSH keys which are generated by OpenSSH compatible with those which are
generated by Putty Key Generator?

What are the default file extensions of public and private key files?

Paul

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.security.ssh
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net>
Message-ID: <wUv*yR6Gs@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 16 May 2009 13:02:42 +0100 (BST)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: Are OpenSSH and Putty generated SSH keys compatible? Default extensions?

Paul Mueller <paulmue45@aol.com> writes:
>
> Are SSH keys which are generated by OpenSSH compatible with those which
> are generated by Putty Key Generator?

The native format for keypairs is different, but PuTTYgen can freely
interconvert between OpenSSH's and its own formats.

See the PuTTYgen documentation for more information:

    http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html#pubkey-puttygen

> What are the default file extensions of public and private key files?

PuTTYgen's default extension for keypair files (which contain private
key material) is .PPK. The PuTTY suite doesn't have a "native" format
for public key files.

OpenSSH, deriving as it does from a Unix background, doesn't really use
Windows-style file extensions. Key files are traditionally called
id_rsa.pub (for the public key) and id_rsa (for the keypair), for the
example of an RSA keypair.

I don't know about other implementations.

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.security.ssh
NNTP-Posting-Host: 98.216.96.196
NNTP-Posting-Date: Sat, 16 May 2009 16:08:04 +0000 (UTC)
References: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net>
      <wUv*yR6Gs@news.chiark.greenend.org.uk>
Message-ID: <e586221f-3304-4ba8-9cc6-5e778b83cc77@n8g2000vbb.googlegroups.com>
Date: Sat, 16 May 2009 09:08:04 -0700 (PDT)
From: Nico Kadel-Garcia <nkadel@gmail.com>
Subject: Re: Are OpenSSH and Putty generated SSH keys compatible? Default extensions?


Small note: I'd urge people to use DSA keys for the use of SSH 2 and
its features, over those of SSH 1. But tastes on this vary, for both
excellent technical reasons and simple widespread rumors.

But yes, Puttygen deals well with both.

I just find myself wishing that ssh-keygen and Puttygen, both, would
insist by default that a passphrase be provided and that a command-line
option or special secret option be used to prevent the generation of
passphrase keys, because I am amazingly tired of explaining to people
that keys without passwords are like putting your housekeys under the
doormat.


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: user-0c8htsf.cable.mindspring.com [24.136.247.143]
NNTP-Posting-Date: Sat, 13 Jun 2009 06:43:46 -0500
References: <13e38c93-149d-46d2-a68e-cdabef62cccd@z8g2000prd.googlegroups.com>
Message-ID: <a64735prcagq0aal3dhc2bte9jie2j2s6q@4ax.com>
Organization: IBM Systems & Technology Group
Date: Sat, 13 Jun 2009 07:43:42 -0400
From: Cindy Ross <rossc@us.ibm.com>
Subject: Re: windows scripts for putty

>In fact, even worse, I don't see how to start a given session from a
>windows command line.

See section "3.8 The PuTTY command line" in the documentation:

    http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-cmdline


 //////////////////////////////////////////////////////////////////////////////


Newsgroups: comp.terminals
NNTP-Posting-Host: 92.232.150.252
NNTP-Posting-Date: Fri, 22 May 2009 22:08:11 BST
References: <guknbj$age$1@online.de>
Message-ID: <bqeje6-0kp.ln1@neptune.markhobley.yi.org>
Date: Fri, 22 May 2009 21:08:11 GMT
From: Mark Hobley <markhobley@hotpop.donottypethisbit.com>
Subject: Re: Sometimes Putty doesn't terminate after exit command

Thomas Wiedmann <th.wm@gmx.de> wrote:
>
> What may be the reason for this strange behavoiur, sometimes occurring?
> How can this problem be avoided?

I remember reading something in a manual about this a long time ago. I think
it was so that final output is preserved on the screen. It did not concern me,
because I was only opening windows to access a remote, and it was easy enough
to close them.

From memory there was an option to prevent this. I did a quick Google to
jog my memory, and it tells me "close window on exit" from the session menu.
It didn't jog my memory any further though. I would just try that one and see.

Mark.

-- 
Mark Hobley
Linux User: #370818  http://markhobley.yi.org/


 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.terminals
NNTP-Posting-Host: 24.136.247.143
NNTP-Posting-Date: Sat, 23 May 2009 08:51:51 -0500
References: <guknbj$age$1@online.de>
Message-ID: <cpvf15l14q0idqjsnae7ncd6lblh1lhfh5@4ax.com>
Organization: IBM Systems & Technology Group
Date: Sat, 23 May 2009 09:51:50 -0400
From: Cindy Ross <rossc@us.ibm.com>
Subject: Re: Sometimes Putty doesn't terminate after exit command

In the Session panel of the PuTTY Configuration, I see an option called
"Close window on exit with 3 options: Always, Never, Only on clean exit
See if playing with that helps...

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Newsgroups: comp.terminals
NNTP-Posting-Host: 24.40.133.27
NNTP-Posting-Date: Sat, 06 Feb 2010 06:45:01 -0600
References: <b77cbc16-661f-4968-acb9-89c9cf63402b@w12g2000vbj.googlegroups.com>
Message-ID: <21pqm5hgtn97gcgbgqsi4hpcfpqiq5rj8p@4ax.com>
Organization: IBM Systems & Technology Group
Date: Sat, 06 Feb 2010 07:45:00 -0500
From: Cindy Ross <rossc@us.ibm.com>
Subject: Re: Moving saved sessions in PuTTy from one computer to another

In message <b77cbc16-661f-4968-acb9-89c9cf63402b@w12g2000vbj.googlegroups.com>,
Putty <markcooledge(at)charter.net> wrote:
>
> Are the sessions saved, so they may be moved instead of having to
> recreate them?


See "4.26 Storing configuration in a file" in the PuTTY documenation:

    http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.html#config-file


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.unix.solaris
NNTP-Posting-Host: 128.100.48.224
NNTP-Posting-Date: Thu, 12 Nov 2009 21:49:44 +0000 (UTC)
References: <2e6e7e60-ac86-4489-b7bc-b1a0df5e3e35@z3g2000prd.googlegroups.com>
Message-ID: <9a47132c-c18e-4040-a856-7f2e07bac16c@r24g2000yqd.googlegroups.com>
Date: Thu, 12 Nov 2009 13:49:44 -0800 (PST)
From: Oscar Ivn <delrio@mie.utoronto.ca>
Subject: Re: ssh_exchange_identification: Connection closed by remote host

On Oct 21, 2:20 pm, "er.verma" <24.ash...@gmail.com> wrote:
>
> some time when i login to my server using ssh it show me error like
>
> ssh jakartassh_exchange_identification: Connection closed by remote host


This is an oldish thread but we got the same problem recently.

The problem was caused by script-kiddies running botnets, scanning the
SSH servers with a dictionary attack.

The SSH servers refuse connections after MaxStartups from the botnet
is reached.

From "man sshd_config"

 MaxStartups

         Specifies the maximum number of  concurrent  unauthenti-
         cated   connections   to  the  sshd  daemon.  Additional
         connections are dropped until authentication succeeds or
         the LoginGraceTime expires for a connection. The default
         is 10.

The solution was to increase the MaxStartups in /etc/sshd_config and
block the botnets with something like "DenyHosts"

    http://denyhosts.sourceforge.net/


 //////////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <20100104065656761@webuse.net>
Message-ID: <5sg*qVg0s@news.chiark.greenend.org.uk>
Organization: Tartarus.Org
Date: 04 Jan 2010 09:05:05 +0000 (GMT)
From: Simon Tatham <anakin@pobox.com>
Subject: Re: Numeric Keyboard Does NOT Work when Using /usr/bin/less

shyl <yu.lei.sjtu@gmail.com> wrote:
>
> That is, when I was trying to search for some digit texts 123, I
> typed /123 but got /ESCOqESCOrESCOs.  I wonder how could that happen.

"less" has deliberately asked for it, by sending a terminal control
code which  changes the mode of the numeric keypad.

There's an option in PuTTY to disable that code: try

    Terminal > Features > Disable application keypad mode.


-- 
Simon Tatham         "loop, infinite _see_ infinite loop"
<anakin@pobox.com>     - Index, Borland Pascal Language Guide


 ////////////////////////////////////////////////////////////////////////

Newsgroups: comp.terminals
NNTP-Posting-Host: rapun.sel.cam.ac.uk
References: <hj01oj$o1h$1@ulric.tng.de>
Message-ID: <CLs*e0R1s@news.chiark.greenend.org.uk>
Organization: WOMUMP
Date: 23 Jan 2010 13:05:20 +0000 (GMT)
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Subject: Re: Putty selection screen of predefined connection

Thomas Arthur Seidel <thomas@seidel-gammelby.de> writes:
>
>I have a list of predefined connections, roughly 50 of them, and
>because there is not a hierarchical structure possible in Putty, this
>list is long. I have found a way to select one, then press one
>character, so the marked line moves down. If you now press ENTER,
>something funny happens: It does NOT start the highlighted line as a
>connection, but starts the default session.
>
>To work around, I have to double-click that highlighted line. Is
>there a way to start that highlighted line by keyboard instead?

In 0.60, the following method is cumbersome, but works:

 - Press Alt+E to focus the saved-session box
 - Type the session name or a prefix
 - Press Alt+L to load the session
 - Press Alt+O to open the loaded session

(Clearly the experience of keyboard-only users could be improved.)

 //////////////////////////////////////////////////////////////////////////////

