Some new MindTerm docs
maf@appgate.com
maf@appgate.com
Mon, 13 Jan 2003 09:16:36 +0100 (CET)
--397199618-1804289383-1042445796=:20612
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-Disposition: INLINE
Hello,
I have written a couple of short documents about MindTerm. One which
explains how to run MindTerm as an applet and one which lists all the
settings you can tweak. They will be included in future releases. But to
help ease the problems people have now I have attached them to this
message as well.
/MaF
--
Martin Forssen <maf@appgate.com> Development Manager
Phone: +46 31 7744361 AppGate Network Security AB
--397199618-1804289383-1042445796=:20612
Content-Type: TEXT/PLAIN; NAME="Applet.txt"
Content-Disposition: ATTACHMENT; FILENAME="Applet.txt"
How to use MindTerm as an applet
This document explores some issues which applies when one tries to run
MindTerm as an applet.
The applet should be signed
The security model of Java requires applets to be signed if they are
going to perform certain operations. Operations which require signing
include accessing the local file-system, opening local tcp-ports and
connecting to other machines than the applet was downloaded from.
If you bought a commercial copy of MindTerm you should receive a
signed version of the applet. But if you are using the free version, or
have done modifications, you must sign it yourself. Fortunately there
are lots of tutorials on the web on how to do this. For example see
the list of tutorials at http://mindprod.com/signedapplets.html.
MindTerm does not yet use any of the never (1.2 or later) security
models.
Files needed on the server
The security model MindTerm follows requires different files for
netscape and ie. The cab file for ie should include the entire
contents of the mindterm.jar file. But when building the signed jar
file for netscape on should remove all the com/netscape classes which
MindTerm provides.
Webpage
To actually use MindTerm one needs to place it on a webpage. One this
page you place code which actually launches the applet. This code may
look like this:
<APPLET CODE="com.mindbright.application.MindTerm.class"
ARCHIVE="mindterm_ns.jar" WIDTH=0 HEIGHT=0>
<PARAM NAME="cabinets" VALUE="mindterm_ie.cab">
<PARAM NAME="sepframe" value="true">
<PARAM NAME="debug" value="true">
</APPLET>";
The first three lines of this are used to specify the applet
files. Netscape will use the ARCHIVE version and IE will use the
specified cabinet file. After that one can add an arbitrary number of
parameters to MindTerm. This example sets 'sepframe' to true (to
launch the applet in a separate frame) and enables debugging. For a
complete list of parameters see Settings.txt.
--397199618-1804289383-1042445796=:20612
Content-Type: TEXT/PLAIN; NAME="Settings.txt"
Content-Disposition: ATTACHMENT; FILENAME="Settings.txt"
Mindterm Settings
This document lists the different configuration options one may set to
configure MindTerm. Settings can be specified on the command-line,
stored in a per host file (~/mindterm/HOST.mtp) or specified in the
html code used to launch the applet.
Common connection settings
protocol Preferred protocol (auto/ssh1/ssh2)
server Name of server to connect to
port Port on server to connect to
real-server Real address of sshd if it is behind a firewall
local-bind Default local address to bind to for forwards
username Username to login as
password Password for normal authentication
(only saved if save passwords checked)
passphrase Passphrase for publickey keypair file
(only saved if save passwords checked)
proxy-type Type of proxy server to connect through
(none/http/socks4/socks5)
proxy-host Name of proxy server to connect through
proxy-port Port on proxy server to connect through
proxy-user Username if authentication on proxy server
proxy-password Password if authentication on proxy server
ssh1-cipher Name of block cipher to use in ssh1
(blowfish-cbc/3des-cbc/idea-cbc)
auth-method Method of authentication, either single or
comma-separated list (password/publickey/tis/
secureid/cryptocard/keyboard-interactive)
private-key Name of file containing private key publickey authentication
display Local X11 display definition (i.e. <host>:<screen>)
alive Connection keep-alive interval in seconds (0 means none)
compression Compression Level (0 means none, 1=fast, 9=slow/best)
x11-forward Indicates whether X11 display is forwarded or not
x11-display Local display to forward
force-pty Indicates whether to allocate a pty or not
sftpbridge-host Interface to listen on in ftp to sftp bridge
(empty if disabled)
sftpbridge-port Port to listen on in ftp to sftp bridge
strict-hostid Strict host key check, can only connect to known hosts
mtu Max packet size
key-timing-noise Add noise when sending passwords to increase security
SSH2 specific settings
kex-algorithms Kex algorithms to use in preferred order
(diffie-hellman-group1-sha1,
diffie-hellman-group-exchange-sha1)
server-host-key-algorithms Host key algorithms to accept in preferred order
(ssh-rsa, ssh-dss)
enc-algorithms-cli2srv Encryption algorithms client to server
enc-algorithms-srv2cli Encryption algorithms server to client
mac-algorithms-cli2srv Mac algorithms client to server
mac-algorithms-srv2cli Mac algorithms server to client
comp-algorithms-cli2srv Compression algorithms client to server
(none, zlib)
comp-algorithms-srv2cli Compression algorithms server to client
(none, zlib)
package-version Package version to send to server in
protocol version exchange
filelist-remote-command Remote command to list files
supported ciphers:
aes128-cbc, blowfish-cbc, twofish128-cbc, aes192-cbc, aes256-cbc,
twofish-cbc, cast128-cbc, 3des-cbc, idea-cbc, arcfour
supported macs:
hmac-md5, hmac-sha1, hmac-sha1-96, hmac-md5-96, hmac-ripemd160
Terminal window settings
rev-video Reverse video in terminal
autowrap Auto wrapping of line if output reaches edge of window
rev-autowrap Reverse autowrap when going off left edge of window
insert-mode Toggles insert mode
auto-linefeed Do auto-linefeed
repos-input Reposition scroll-area to bottom on keyboard input
repos-output Reposition scroll-area to bottom on output to screen
visible-cursor Toggles if cursor is visible or not
local-echo Do local echo
visual-bell Toggles if audible or visual bell will be used
map-ctrl-space Map <ctrl>+<space> to <NUL> (e.g. for emacs)
80x132-toggle Toggle 80/132 columns
80x132-enable Enable 80/132 toggling
local-pgkeys Use PgUp, PgDn, Home, End keys for local scroll or escape them
copy-crnl Put <CR><NL> instead of <CR> at end of lines in copy/paste
ascii-line Use ASCII Line-draw-characters instead of drawing
copy-select Copy directly on mouse-selection
font-name Name of font to use in terminal
font-size Size of font to use in terminal
geometry Geometry of terminal ('<cols>x<rows>')
term-type Name of terminal to emulate
(xterm, linux, scoansi, att6386, sun, aixterm, vt220, vt100,
ansi, vt52, xterm-color, linux-lat, at386, vt320, vt102)
save-lines Number of lines to save in scrollback buffer
scrollbar Scrollbar position (none/left/right)
bg-color Background color (<name> or '<r>,<g>,<b>')
fg-color Foreground color (<name> or '<r>,<g>,<b>')
cursor-color Cursor color (<name> or '<r>,<g>,<b>')
(name of colors are: black, red, green, yellow, blue, magenta,
cyan, white, i_black, i_red, i_green, i_yellow,
i_blue, i_magenta, i_cyan, i_white)
resize-gravity Resize gravity, fixpoint of screen when resizing (top/bottom)
backspace-send Character to send on BACKSPACE (BS/DEL)
delete-send Character to send on DELETE (BS/DEL)
select-delim Delimiter characters for click-selection ("<characters>")
paste-button Mouse button for paste, (shift+left/middle/right)
--397199618-1804289383-1042445796=:20612--