News about Secure Shell/SSH clients and servers (PuTTY and TeraTerm/SSH included) ////////////////////////////////////////////////////////////////////////////// 2005-04-04 The second edition of this O'Reilly book is nearing publication: "SSH, The Secure Shell: The Definitive Guide". http://www.oreilly.com/catalog/sshtdg2/ 2005-04-20 The website associated with the SSH:TDG book is now online. http://www.snailbook.com/index.html ////////////////////////////////////////////////////////////////////////////// 2003-11-16 In practice, most implementations of the telnet protocol do not contain an encryption mechanism for passwords. Some simple needs for security can be satisfied by an SSH "secure shell" connection. However, any enterprise requiring large communication deployments probably needs a more heavy-duty technology. (One question of interest may be this: "If an evil-doer steals a notebook computer containing all of a user's SSH authentication keys, and starts using them, what do we do?" One well known and widely available security technology is Kerberos, which was developed at MIT in concert with a consortium of vendors. Centralized administration of access is easier with Kerberos than with the individualistic SSH protocol. See: "Kerberos Page" http://web.mit.edu/kerberos/www/ Sun Microsystems provides a full Kerberos implementation in its SEAM (Sun Enterprise Authentication Mechanism) package for Solaris 8 and 9. It interoperates OK with Microsoft Windows 2000. http://wwws.sun.com/software/download/security.html http://wwws.sun.com/software/security/kerberos/ Hewlett-Packard has Kerberos software for OpenVMS and for HP-UX: http://www.hp.com/security/ http://www.hp.com/products1/unix/operating/security/index.html#system http://h71000.www7.hp.com/openvms/products/kerberos/ IBM has Kerberos implementations for several of its product lines: http://www.ibm.com/security/ http://www6.software.ibm.com/devcon/devcon/docs/kerb0401.htm http://www-1.ibm.com/servers/eserver/zseries/zos/commserver/kerberos.html http://www-1.ibm.com/mediumbusiness/pdf/Security28.pdf .............................................................................. But perhaps SSH is appropriate for your use. For information on the commercial SSH product, see: http://www.ssh.fi/ An open-source implementation, OpenSSH, can be found at http://www.openssh.org/ A slightly dated list of SSH and Secure Shell Resources may be seen at: http://www.massconfusion.com/ssh/ssh_resources.html A circa-1997 SSH FAQ resides at http://ns.uoregon.edu/pgpssh/sshfaq/index.html A better FAQ (as of 2006) center around the open-source OpenSSH: http://www.openssh.org/faq.html There is available information on troubleshooting connections: http://www.employees.org/~satch/ssh/faq/ssh-faq-7.html (But beware the short-password problem in old commercial SSH releases: http://www.theregister.co.uk/content/55/20594.html) Alas, during 2002, a vulnerability was found in certain releases of the OpenSSH package. See: http://www.cert.org/advisories/CA-2002-18.html ////////////////////////////////////////////////////////////////////////////// In 2005, the IETF working group establishing a standard for Secure Shell connections had information at: http://www.ietf.org/html.charters/secsh-charter.html and ftp://ftp.ietf.org/ietf-mail-archive/secsh/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . More recently, these standards documents have become avaialable: http://www.ietf.org/iesg/1rfc_index.txt 4250 The Secure Shell (SSH) Protocol Assigned Numbers. S. Lehtinen, C. Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes) (Status: PROPOSED STANDARD) 4251 The Secure Shell (SSH) Protocol Architecture. T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes) (Status: PROPOSED STANDARD) 4252 The Secure Shell (SSH) Authentication Protocol. T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes) (Status: PROPOSED STANDARD) 4253 The Secure Shell (SSH) Transport Layer Protocol. T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes) (Status: PROPOSED STANDARD) 4254 The Secure Shell (SSH) Connection Protocol. T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes) (Status: PROPOSED STANDARD) 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. J. Schlyter, W. Griffin. January 2006. (Format: TXT=18399 bytes) (Status: PROPOSED STANDARD) 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). F. Cusack, M. Forssen. January 2006. (Format: TXT=24728 bytes) (Status: PROPOSED STANDARD) 4335 The Secure Shell (SSH) Session Channel Break Extension. J. Galbraith, P. Remaker. January 2006. (Format: TXT=11370 bytes) (Status: PROPOSED STANDARD) 4344 The Secure Shell (SSH) Transport Layer Encryption Modes. M. Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521 bytes) (Status: PROPOSED STANDARD) 4345 Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol. B. Harris. January 2006. (Format: TXT=8967 bytes) (Status: PROPOSED STANDARD) 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. M. Friedl, N. Provos, W. Simpson. March 2006. (Format: TXT=18356 bytes) (Status: PROPOSED STANDARD) 4432 RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol. B. Harris. March 2006. (Format: TXT=16077 bytes) (Status: PROPOSED STANDARD) 4462 Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol. J. Hutzelman, J. Salowey, J. Galbraith, V. Welch. May 2006. (Format: TXT=65280 bytes) (Status: PROPOSED STANDARD) 4716 The Secure Shell (SSH) Public Key File Format. J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes) (Status: INFORMATIONAL) 4742 Using the NETCONF Configuration Protocol over Secure SHell (SSH). M. Wasserman, T. Goddard. December 2006. (Format: TXT=17807 bytes) (Status: PROPOSED STANDARD) 4819 Secure Shell Public Key Subsystem. J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes) (Status: PROPOSED STANDARD) ////////////////////////////////////////////////////////////////////////////// Sun's Solaris 9 operating environment incorporated a Sun-supported package "Secure Shell" on CD 1, which is based on release 2.5.1p1 of OpenSSH; the version shipped with Solaris 9 (SSH-2.0_Sun_SSH_1.0) included enhancements made by Sun. Sun added BSM (auditing) support, proxy commands, L10N/I18N support, and configurable login attempts. Also, TCP wrappers were compiled and the ssh-keygen command was set to create an RSA key by default. http://wwws.sun.com/software/whitepapers/solaris9/secureaccess.pdf http://docs.sun.com/?q=ssh&p=prod%2Fsolaris.9 For earlier Solaris releases, Sun does not support any SSH product; however, the third-party SSH product is available with support from SSH Communications Security Oyj. of Finland: http://www.ssh.fi/ There is also the open-source OpenSSH. The following BluePrint documents tell how to configure OpenSSH under Solaris 2.6, Solaris 7, and Solaris 8. http://www.sun.com/blueprints/0103/817-1307.pdf http://www.sun.com/blueprints/0701/openSSH.pdf http://www.sun.com/blueprints/0102/configssh.pdf And advice is available from other non-Sun sources: http://www.bolthole.com/solaris/companioncd.html http://www.sunfreeware.com/openssh8.html Sun's BSM patches have been donated back to the OpenSSH developers: http://bugzilla.mindrot.org/show_bug.cgi?id=2 If, using Solaris 9's Secure Shell to connect to commercial SSH, you see a session error like "Dispatch protocol error: type 2", you are experiencing a problem inherited from the original open-source code. Until a fix is announced by Sun, see: http://www.openssh.com/faq.html#2.4 For enterprises that wish to lift the burden of security configuration from the individual users and rely more on a centralized support staff, IPsec should be preferred over Secure Shell: http://wwws.sun.com/software/whitepapers/solaris9/ipsec.pdf IPsec provides security at the Network layer, rather than in the Transport layer. IPsec passes UDP packets, which SSH does not, and IPsec may be used to construct VPNs between consenting equipment. # .............................................................................. If, during connection attempts using the OpenSSH client, you are seeing an error message like this: no matching comp found: client zlib server none you may be able to work around the problem by turning off compression in the session. Compression may be configured to a default of "no" in either /etc/ssh_config or ~/.ssh/config Compression may be turned back on for a given connection with the command-line switch of "-C" (uppercase). ////////////////////////////////////////////////////////////////////////////// What most people call the "SFTP" protocol, as in "Secure FTP", is a file-transfer shim laid over the Secure Shell protocol--the same fundamental SSH protocol that most people now use for interactive keyboard sessions instead of good old telnet. Both SSH interactive sessions and SFTP file-transfer sessions operate over TCP port 22. Another protocol of similar intent, if not as wide use, is "FTP over TLS/SSL", on TCP ports 989 (data) and 990 (control). I think that the OpenBSD Project claims to have produced the open-source "sftp" program. Here is the client "man" page: http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1 See also "sftp-server" man page: http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8 Cygwin produced an equivalent command-line SFTP.EXE program for Windows: http://www.cygwin.com/ Yes, PuTTY fans, Simon Tatham includes a basic PSFTP utility for Windows. http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter6.html#psftp ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.sys.sun.admin,comp.security.ssh Message-ID: Date: Wed, 10 Dec 2003 15:00:01 -0500 From: "Helpful Observer" Subject: Solaris 9 Secure Shell connection logging Under Solaris 9, using the included Solaris Secure Shell, I wanted to log connections, so I did this (as root): # cat > /etc/ssh/sshrc /usr/bin/logger -p daemon.notice -t 'sshd' "$USER connected $SSH_CLIENT." ^D # chgrp sys /etc/ssh/sshrc # chmod 755 /etc/ssh/sshrc In systems using the open-source OpenSSH, the corresponding file is /etc/sshrc -- H.O. .............................................................................. Newsgroups: comp.sys.sun.admin,comp.security.ssh Message-ID: Date: Sat, 13 Dec 2003 09:35:12 -0500 From: "Helpful Observer" Subject: Re: Solaris 9 Secure Shell connection logging "Helpful Observer" wrote: > > Under Solaris 9, using the included Solaris Secure Shell, > I wanted to log connections, so I did this (as root)... Neil W Rickert replied: > > On my reading of the man pages, that breaks X-forwarding. Darren Tucker replied: > > OpenSSH already logs this kind of info to wherever you point > its syslog to, see the SyslogFacility and LegLevel config options. OK, thank you for pointing this out. The target environment does not presently require X forwarding, but to prevent future difficulties, logging will be this way: With the following in /etc/ssh/sshd_config: # Syslog facility and level SyslogFacility auth LogLevel info inserting the following line into /etc/syslog.conf: auth.info /var/adm/auth.log doing: # touch /var/adm/auth.log # chgrp sys /var/adm/auth.log # chmod 644 /var/adm/auth.log and doing: # /etc/init.d/syslog stop # /etc/init.d/syslog start -- H.O. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: Primus Canada Date: 24 Jun 2002 23:55:25 -0400 From: Richard E. Silverman Subject: Re: ssh 1.5 and cisco There are known security weaknesses with SSH-1; however, none of them are so bad that it would be better to stick with Telnet instead... -- Richard Silverman slade@shore.net ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: <3fbbf859@buckaroo.cs.rit.edu> References: <98c767fe.0311180204.62c1d3dc@posting.google.com> <3fba15d2$1@buckaroo.cs.rit.edu> Organization: RIT, Department of Computer Science Date: Wed, 19 Nov 2003 18:07:30 -0500 From: Carl Holtje Subject: Re: SSHv1 vs SSHv2 Here's a small collection of some deadly vulnerabilities of SSHv1: http://www.kb.cert.org/vuls/id/684820 http://www.kb.cert.org/vuls/id/850440 http://www.kb.cert.org/vuls/id/19124 More can be found, along with a bunch of other nifty insights into SSH at http://www.cert.org/ with a search of 'SSH v1'... The short of these is that SSHv1 is not as secure as you'd like, and SSHv2+ is; so don't use v1.. :) Enjoy.. Carl ////////////////////////////////////////////////////////////////////////////// An SSH problem perhaps worse in theory than in practice: http://www.kb.cert.org/vuls/id/958563 (Note "bits", not "bytes".) ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals Message-ID: <20020323165940.3560.qmail@gacracker.org> Organization: mail2news@dizum.com Date: 23 Mar 2002 16:59:40 -0000 From: Mach Subject: Bare bones ssh for Windows Windows comes with an application named telnet that does a fair job of emulating a terminal, but a very poor job of securing a session. In fact, only a fool would use telnet in today's hostile networked world. Instead, most people use secure shell (ssh) to provide encrypted telnet sessions that keep prying eyes at bay. Unfortunately, Microsoft does not yet bundle ssh with Windows. They leave it up to you to find your own ssh app for Windows. Lots of ssh apps exist, but, from my perspective, they do ugly things like sparsely install files all over a file system, muck with the registry, and upgrade Dynamic Link Libraries (DLLs). I like to keep things simple by using a command line unix / MSDOS installation methodology that consists of creating a parent directory then copying files under it. cygwin ( http://www.cygwin.com/ ) allows you to run traditional, open source, unix applications under Windows. You need to install it along with ssh to obtain the necessary files that we use in our bare bones cygwin ssh. After you install cygwin with ssh you need to locate the following files and copy them into a parent directory: CYGCRYPTO.DLL CYGWIN1.DLL CYGZ.DLL SCP.EXE SFTP.EXE SSH.EXE SSH-ADD.EXE SSH-AGENT.EXE SSH-KEYGEN.EXE SSH-KEYSCAN.EXE You only need to copy those files to install ssh (and a couple of handy, secure file copying programs named scp and sftp) into any Windows PC. If you want, you can even remove cygwin from the PC that you originally used to obtain the files. Those files fit on a pair of 3.5" diskettes. I always keep a pair handy in the field in case I need to use a Windows PC to download software from my server. An example of how to use scp: scp -S ./ssh mach@192.168.1.1:data . In the example, a user named mach wants to copy a file named data from mach's home directory on a server with an IP address of 192.168.1.1 to the current directory of Windows. You need to enter the -S argument to explicitly specify the path to the ssh binary otherwise scp defaults to a path of usr/bin. Notice that the -S argument uses forward slashes in place of the reverse slashes typically found in Windows. -- finger mach @ nym.alias.net for public key If you send mail post a message telling me to check my mail. ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <20020323165940.3560.qmail@gacracker.org> Message-ID: Organization: SAUNALAHDEN asiakas Date: Sun, 24 Mar 2002 04:34:28 +0200 From: Jukka Aho Subject: Re: Bare bones ssh for Windows "Mach" wrote: > After you install cygwin with ssh you need to locate the > following files and copy them into a parent directory: > > [list of files] > > You only need to copy those files to install ssh [...] into > any Windows PC. If you want, you can even remove cygwin from > the PC that you originally used to obtain the files. Those > files fit on a pair of 3.5" diskettes. PuTTY would be yet easier, as it only consists of one executable which nicely fits on a single floppy. No need to fool around with cygwin, either. You can find PuTTY (which is open source and free to download) at http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html -- znark [See documentation at http://the.earth.li/~sgtatham/putty/0.58/htmldoc/] ////////////////////////////////////////////////////////////////////////////// For a Windows PC, see also TeraTerm's SSH extensions: http://www.zip.com.au/~roca/ttssh.html or the MIT FiSSH Secure Shell Client package: http://pgpdist.mit.edu/FiSSH/index.html .............................................................................. I've seen the announcement of a new open-source client for Windows PCs, called MSSH (Metro's Secure Shell) providing a GUI front end to OpenSSH; two versions, one limited version running native under Windows, the other using OpenSSH under Cygwin: http://cs.mscd.edu/MSSH/index.html .............................................................................. HOWTO documents SSH with Keys http://www.puddingonline.com/~dave/publications/SSH-with-Keys-HOWTO/document/html-one-page/SSH-with-Keys-HOWTO.html Encrypted Tunnels using SSH and MindTerm HOWTO http://en.tldp.org/HOWTO/MindTerm-SSH-HOWTO/index.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals Message-ID: <5f471bece67c97b3@mayday.cix.co.uk> Organization: Mayday Technology Ltd Date: Sun, 24 Mar 2002 10:13:49 +0000 From: robert$1@mayday.cix.co.uk Subject: Re: PuTTy is also a good one... On Sat, 23 Mar 2002, ThePsyko wrote: > I prefer SecureCRT to putty though :) Okay, as I have an interest in this I'll bite. CRT 3.4.3 2.4 Mb Includes a windows installer. PuTTY 400k Bare exe only needed. Other tools, agent, keygen, psftp etc are around 200k each. Total 1.2Mb. PuTTY provides full source code, CRT is binaries only. Source code is, approx, another 400k. PuTTY has better emulation. CRT doesn't 'eat' all VTxxx sequences that it doesn't support. CRT has no support for alternate host character encodings. PuTTY can use many different host character encodings including UTF-8 PuTTY has some support for DBCS character encodings. PuTTY has compose key support (on the windows menu key or AltGr) PuTTY understands more of the real VT100 codes. CRT understands more of the real VT220 codes. PuTTY works out of the 'box' as an accurate colour Xterm. CRT fails various vttest tests including 'BUG F' and the funny scroll regions test, PuTTY does not. PuTTY has better display CRT will only double size it's own font, putty will do any unless told not to in which case it will double space. CRT can only display VT graphics with it's own font PuTTY can use any windows font and even does the 'stepped lines' properly. CRT's fullscreen mode either has 'too small' characters or no line drawing characters. CRT has modem and TAPI connectivity PuTTY has only ssh, telnet and rlogin. CRT can do in channel zmodem file transfers. CRT has some scripting support PuTTY does not. CRT has easier selection of emulation, however PuTTY can emulate all the terminals CRT can _if_ you set it up. (In fact PuTTY's Linux terminal support actually works, unlike CRT) CRT's scrollback is limited to 32000 lines, PuTTY's is limited by memory. CRT has inline printing support. CRT has a generic keymap editor. And finally, PuTTY will not let the host overwhelm it. Eg: cat /dev/zero will lockup CRT's network module but PuTTY doesn't even notice. I prefer PuTTY as I don't need the extra features that CRT gives however before I found and contributed to PuTTY my favorite was CRT (I even _paid_ for a copy!) -- Rob. (Robert de Bath ) http://www.cix.co.uk/~mayday ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <5f471bece67c97b3@mayday.cix.co.uk> Message-ID: <3C9E05F1.ED36336D@someoneelse.com> Organization: Theoretical Date: Sun, 24 Mar 2002 16:58:26 GMT From: HiEv Subject: Re: PuTTy is also a good one... ThePsyko wrote: [snip] > hmmm... perhaps PuTTY deserves another looksee then... it's been a couple > years since I switched over... what version is it at now? It's up to v0.52 now. (Last update 2002-01-14) See: http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html -- The difference between intelligence and stupidity is that intelligence has its limits. [Archivist's Note: Version 0.56 was released on 2004-10-26.] [In 2006, 0.58 appears to be current.] ////////////////////////////////////////////////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html From the PuTTY FAQ: A.10.3 What does "PuTTY" mean? It's the name of a popular SSH and Telnet client. Any other meaning is in the eye of the beholder. It's been rumoured that "PuTTY" is the antonym of "getty", or that it's the stuff that makes your Windows useful, or that it's a kind of plutonium Teletype. We couldn't possibly comment on such allegations. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ////////////////////////////////////////////////////////////////////////////// For more information on the quality and quirks of the terminal emulation implemented in the "PuTTY" package, see http://www.cs.utk.edu/~shuford/terminal/term_emulator_products.txt ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: Organization: George Mason University, Fairfax, Virginia, USA Date: 30 May 2002 00:04:45 GMT From: Markus Gyger Subject: PuTTY Mouse Pointer Color On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that makes it difficult to select words (e.g. using double click) on the default black background. Does anybody know how to change the mouse pointer color or how to have it a mask or shadow in a different color? Markus ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: Yeah, right Date: 30 May 2002 09:19:16 +0100 (BST) From: Simon Tatham Subject: Re: PuTTY Mouse Pointer Color Markus Gyger wrote: | | On Windows 98, PuTTY 0.52 uses an all-black mouse pointer that | makes it difficult to select words (e.g. using double click) | on the default black background. PuTTY itself doesn't do this. PuTTY asks the system for its default I-beam mouse pointer, and uses whatever it gets. I've seen the phenomenon you mention myself on NT 4, but I think it's due to the graphics driver - on other NT 4 boxes the same thing didn't happen. The default I-beam mouse pointer is composed of `reverse' pixels, which are supposed to invert the colour under them, so the pointer should show up as black when on a white background and white when on a black background. When I checked carefully on the NT 4 box that had the problem, the mouse pointer was indeed composed of `reverse' pixels, but they simply weren't doing their job properly. This is the graphics driver's fault; the only thing PuTTY does to provoke it is to have a black background by default. The only solution I could find (apart from changing my graphics driver) was to design myself a fixed-colour mouse pointer, with a white I-beam surrounded by a black outline so it would be visible everywhere. Installing that in place of the standard I-beam solved my problem, though it looked a bit ugly on white backgrounds. -- Simon Tatham These are my opinions. There are many like them but these ones are mine. ////////////////////////////////////////////////////////////////////////////// Newsgroups: alt.hacker, alt.hackers.malicious, comp.terminals References: <20020323165940.3560.qmail@gacracker.org> Message-ID: <20020324203605.5536.qmail@gacracker.org> Organization: mail2news@dizum.com Date: 24 Mar 2002 20:36:05 -0000 From: Mach Subject: Re: Bare bones ssh for Windows In alt.hacker Jukka Aho wrote: | | PuTTY would be yet easier, as it only consists of one executable | which nicely fits on a single floppy. No need to fool around with | cygwin, either. Agreed - if you just want a Win* ssh client, PuTTY looks like the better choice. That said, one of the primary objectives in my original article was to explore the minimal installation required for cygwin. My research provided the following info: 1. You only need CYGWIN1.DLL to run an app compiled for cygwin, unless the app itself relies upon other package. (i.e. SSH relies upon the gzip and crypto packages, which means you also need CYGCRYPTO.DLL and CYGZ.DLL in order to run SSH.EXE.) 2. You DO NOT need to use a cygwin bash shell to invoke an app. 3. Although cygwin's bash shell app updates the Win* registry, you can invoke cygwin apps directly and they leave the registry alone. Granted, those points may seem intuitively obvious to smarter people. ;) > You can find PuTTY (which is open source and free to download) ^^^^^^^^^^^ I *demand* open source these days. When I fiddled with PuTTY a few years ago, I overlooked its open source. Here's my reasons for continuing to use cygwin's ssh: 1) Both unix and Win* ssh use the same source. I like to make open source apps do double duty in the unix and Win* worlds whenever possible. It helps me keep my sanity. :) 2) My perception that ssh enjoys a wider, more diverse user base that may allow bugs to surface faster to ensure a robust app. -- finger mach @ nym.alias.net for public key If you send mail post a message telling me to check my mail. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1118781223.896983.100610@g14g2000cwa.googlegroups.com> Message-ID: <83psuo4jsk.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: Wed, 15 Jun 2005 00:10:03 +0100 From: Owen Dunn Subject: Re: Can i copy my putty shortcuts from one computer to another.? "Naras" writes: > > Can i copy my putty shortcuts from one computer to another.? Yes. From a Command Prompt (DOS window) on your old computer, run: REGEDIT /EA putty.reg HKEY_CURRENT_USER\Software\SimonTatham\PuTTY Copy the putty.reg file this creates to your new computer. Find that file on your new computer in Explorer and double-click it. This should import all your PuTTY saved sessions on the new computer. (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 207.34.94.246 NNTP-Posting-Date: Mon, 17 Jan 2005 13:28:54 MST References: <3037a80c.0501150758.37662745@posting.google.com> Message-ID: <41ec1e4a@news.nucleus.com> Date: Mon, 17 Jan 2005 20:28:54 GMT From: Colin B. Subject: Re: NEW version of TeraTerm released on January 10th 2005. boris wrote: > > This is good news for all TeraTerm users. New version is supporting > SSH2, UTF-8, IPv6 and much more. Scroll buffer increased from 10000 > to 500000 80-character lines, command broadcasting to multiple open > TeraTerm windows is coming soon. Linux version of TeraTerm is also > not far away. > > Support forum was set up a week ago at > > http://www.neocom.ca/forum/index.php > > You can ask your questions, post suggestions and report bugs there. > Yutaka Hirata is the one who started developing TeraTerm further last > summer. To download the latest version, visit Yutaka's home page at > > http://sleep.mat-yan.jp/~yutaka/windows/index.html > > Last release is also available from the mirror in North America. You > will find the link to it under 'Announcements' forum. This is great news! I've had both TeraTerm and Putty on all of my Intel machines, so I can do serial connections (from TeraTerm), and SSH2 (from Putty). Now I can eliminate one. Thanks Boris, and thanks to Yutaka as well. Colin ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals References: Message-ID: Organization: WOMUMP Date: 17 Nov 2002 16:13:46 +0000 (GMT) From: Jacob Nevins Subject: Re: man pages in PuTTY ver.53b - stange characters (note Followup-To) KS writes: > > When I do a man page from PuTTY (from an Windows XP Professional system > connecting to Redhat 8.0) I get a lot of random "ậ" characters. Only > without the period underneath. Is there setting that will eliminate this > or is it just a small but that probably will not get fixed? > > When I do these man pages directly on my Linux box, I do not have the > same problem. Thanks in advance! Have you tried using UTF-8 translation in PuTTY? See my recent posting . This is turning into an FAQ for us, so please reply or mail putty@projects.tartarus.org if you resolve this issue. If RH8 has switched to expecting a UTF-8 terminal by default, I'm not sure what the right solution is -- for the RH system to send an appropriate escape code at some point, or to expect users to switch PuTTY into UTF-8 mode, or what. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3d0eb77f.0@139.142.84.10> <3D11CE15.6070702@hotmail.com> Message-ID: Organization: WOMUMP Date: 28 Jun 2002 13:03:37 +0100 (BST) From: Jacob Nevins Subject: Re: printing with putty vervoom writes: > >Should I be issuing a command like 'lp file' ? This is nothing to do with SSH, but never mind: What you should do depends on your software. The way it works is that when PuTTY sees a particular escape sequence, it starts directing all received data to a printer instead of the screen (another sequence turns this off). There is a C program called 'lpansi' floating around which will do this -- Google for it. >And then do I need to configure mthe server to print to the printer >that I've set up in Putty? In which case I'm not quite sure why I >would need to tell Putty which printer to send the data to? You need to arrange that the server sends printer data in the appropriate format (PostScript, PCL, etc). The configuration in PuTTY is simply to route the raw data to the right place. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3d0eb77f.0@139.142.84.10> <3D11CE15.6070702@hotmail.com> Message-ID: <3D2053F1.6060607@hotmail.com> Organization: British Airways PLC Date: Mon, 01 Jul 2002 14:06:57 +0100 From: vervoom Subject: Re: printing with putty Thanks Jacob, That's excellent. I've got it to work now. Thanks very much. JS. ps. Sorry that it wasn't relevant to SSH. It seems to be the only place you can get help with Putty though. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: <3D1C9FB5.4080106@nospam.icon-labs.com> Message-ID: Organization: Optimum Online Date: Mon, 1 Jul 2002 16:29:08 -0400 From: Ron Subject: Re: PuTTY with Linux Ron wrote: > > All result in "conection reset by peer", either using PuTTY or using 'ssh > x.x.x.x' from a command prompt. "Pete Flugstad" wrote in message <3D1C9FB5.4080106@nospam.icon-labs.com>... > > It's likely that something else (i.e. not related to OpenSSH, PuTTy, > etc) is causing this. The thing that comes to mind is the firewall > stuff that RedHat sets up. You have to make sure that the firewall > configuration allows incoming SSH connections. I would guess that yours > is not configured for this, so it's rejecting all incoming connections. > The box can SSH back to itself since that goes over the loopback > interface, not an external interface. > > Pete Flugstad > Icon Labs BINGO!! I temporarily dropped the FW rules, and I got in. It was not even being logged in /var/log/secure because it never got that far. Thank you so much for your help!!! Best regards, Ron ////////////////////////////////////////////////////////////////////////////// Date: Tue, 26 Oct 2004 19:25:28 +0100 To: putty-announce@lists.tartarus.org From: Simon Tatham Subject: SECURITY UPDATE: PuTTY version 0.56 is released SECURITY UPDATE: PuTTY version 0.56 is released ----------------------------------------------- All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as soon as possible. This version fixes a security hole in previous versions of PuTTY, which can allow an SSH2 server to attack your client before host key verification. This means that you are not even safe if you trust the server you _think_ you're connecting to, since it could be spoofed over the network and the host key check would not detect this before the attack could take place. The attack can allow the server to execute code of its choice on the client. This vulnerability was found by iDEFENSE, who we expect to release an advisory on the subject shortly. In addition to this security fix, there have been some other bug fixes and new features. Notable among them are: - Ability to restart a session within an inactive window, via a new menu option. - Minimal support for not running a shell or command at all in SSH protocol 2 (equivalent to OpenSSH's `-N' option). PuTTY/Plink still provide a normal window for interaction, and have to be explicitly killed. - Transparent support for CHAP cryptographic authentication in the SOCKS 5 proxy protocol. (Not in PuTTYtel.) - More diagnostics in the Event Log, particularly of SSH port forwarding. - Ability to request setting of environment variables in SSH (protocol 2 only). (However, we don't know of any _servers_ that support this.) - Ability to send POSIX signals in SSH (protocol 2 only) via the `Special Commands' menu. (Again, we don't know of any servers supporting this.) - Bug fix: The PuTTY tools now more consistently support usernames containing `@' signs. - Support for the Polish character set `Mazovia'. - When logging is enabled, the log file is flushed more frequently, so that its contents can be viewed before it is closed. - More flexibility in SSH packet logging: known passwords and session data can be omitted from the log file. Passwords are omitted by default. (This option isn't perfect for removing sensitive details; you should still review log files before letting them out of your sight.) - Unix-specific changes: * Ability to set environment variables in pterm. * PuTTY and pterm attempt to use a UTF-8 line character set by default if this is indicated by the locale; however, this can be overridden. - Various minor bug fixes and robustness improvements. I repeat: PuTTY 0.56 fixes a SERIOUS SECURITY HOLE in all previous versions of PuTTY. You should upgrade now. Enjoy using PuTTY! Cheers, Simon -- Simon Tatham "What a caterpillar calls the end of the world, a human calls a butterfly." .............................................................................. .............................................................................. List-ID: Announcements of updates to PuTTY Message-ID: Date: Sun, 20 Feb 2005 16:05:30 +0000 To: putty-announce@lists.tartarus.org From: "Simon Tatham" Subject: SECURITY UPDATE: PuTTY version 0.57 is released SECURITY UPDATE: PuTTY version 0.57 is released ----------------------------------------------- All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as soon as possible. This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.) This vulnerability was found by iDEFENSE, who we expect to release an advisory on the subject shortly. In addition to this security patch, there are also a few very minor bug fixes which should stop PuTTY from crashing in circumstances involving port forwarding, or failing to correctly perform X forwarding. Other than that, though, 0.57 is almost identical to the previous release 0.56. I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous versions of PSCP and PSFTP. If you use either of those programs, you should upgrade now. Enjoy using PuTTY! Cheers, Simon -- Simon Tatham "The distinction between the enlightened and the terminally confused is only apparent to the latter." .............................................................................. .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk Message-ID: Organization: Yeah, right Date: Wed, 24 Jan 2007 21:41:01 +0000 (GMT) From: Simon Tatham Subject: PuTTY version 0.59 is released I haven't posted PuTTY release announcements here in the past, but I thought this one might be of interest to at least some people on this group, owing to the new serial-port functionality. My current intention is that this posting should be a one-off; but if consensus on this newsgroup is that I should post here about all PuTTY releases in future, then I will. (And conversely, if consensus is that I shouldn't even have posted this one, I'll apologise.) PuTTY version 0.59 is released ------------------------------ All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ New features in this release include: - PuTTY can now connect to a local serial port, as an alternative to making a network connection. - Windows PuTTY now has the same local proxy support as Unix PuTTY (equivalent to OpenSSH's `ProxyCommand' option), allowing network connections to be managed by a separate proxy program of your choice. Plink also has a new `-nc' mode which makes it a useful local proxy command. - The manual is now provided in HTMLHelp format as well as old-style WinHelp, meaning that online help will be available on Windows Vista. - Support for password expiry in SSH-2. - Various performance improvements and cryptography upgrades. Bug fixes in this release include: - PuTTY should now run on all variants of Windows XP, without giving the `application configuration is incorrect' error. - The file transfer utilities PSCP and PSFTP now support files bigger than 2Gb (provided the underlying operating system does too). - Font linking (the automatic use of other fonts on the system to provide Unicode characters not present in the selected one) should now work again on Windows, after being broken in 0.58. - On Windows, the random seed file PUTTY.RND should now be stored in a more sensible place by default. - IPv6 should now work in Windows Vista as well as earlier versions of Windows. - Numerous other small bug fixes. Enjoy using PuTTY! -- Simon Tatham "I'm cross. I'm going to have a tantrum. How do I start?" - my uncle .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1171756554.323206.55710@p10g2000cwp.googlegroups.com> Message-ID: <22q*XqGDr@news.chiark.greenend.org.uk> Organization: Yeah, right Date: 18 Feb 2007 08:39:34 +0000 (GMT) From: Simon Tatham Subject: Re: PuTTY 0.59 crashes a lot on serial port florin.andrei@gmail.com wrote: > > I was excited about the new serial port feature in PuTTY 0.59, but > the problem is--it crashes all the time. Yes, there was a very embarrassing bug in the release. The development snapshots should have it fixed, and we hope to put out a bug-fix release reasonably soon. (It's very annoying: a bug like that _should_ by rights have caused a crash every time, but for some reason it never crashed for me, in three months of testing, so I didn't notice it. :-/ ) -- Simon Tatham These are my opinions. There are many like them but these ones are mine. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk Message-ID: Organization: Yeah, right Date: Sun, 29 Apr 2007 14:14:56 +0100 (BST) From: Simon Tatham Subject: PuTTY 0.60 is released PuTTY version 0.60 is released ------------------------------ All the pre-built binaries, and the source code, are now available from the PuTTY website at http://www.chiark.greenend.org.uk/~sgtatham/putty/ This is a minor patch release to 0.59; it contains only bug fixes, and only very minor new features. New features include: - Pressing Ctrl+Break now sends a serial break signal in the serial back end, and in the SSH and Telnet backends it asks the server to do the same (if the server supports it). The previous Ctrl+Break behaviour can still be triggered with Ctrl-C. - On Windows, it is no longer necessary to configure high-numbered serial lines such as COM10 as `\\.\COM10'; PuTTY does this automatically. - You can now store a host name in the Default Settings. Bug fixes include: - Embarrassingly, both of the major new features in 0.59 (serial support and local proxy support) caused frequent crashes on many Windows machines. We didn't notice this because for some reason they never crashed for us in months of testing! - In 0.59, it was possible to lock yourself out of the configuration dialog by configuring a serial connection in Default Settings. This should no longer be possible. - We've had reports of the error message `Unable to read from standard input' in Plink 0.59. We've found and fixed one cause of this message, and added better diagnostics in case there are others. - 0.59 could emit malformed SSH-2 packets that upset some servers (such as Foundry routers). Fixed. - Other minor bug fixes. Enjoy using PuTTY! -- Simon Tatham "A defensive weapon is one with my finger on the trigger. An offensive weapon is one with yours." ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <4667e222@127.0.0.1> Message-ID: Organization: Yeah, right Date: 07 Jun 2007 14:15:02 +0100 (BST) From: Simon Tatham Subject: Re: Ctrl+Break in Putty v0.60 Ken wrote: > > In previous Putty v0.58, I can use "Control+Break" to stop the running > program and enter into the design mode of Quick Basic 4. However, the > Putty v0.60 changed that ***Pressing Ctrl+Break now sends a serial break > signal***. Before Ctrl+Break sent a serial break, it was a synonym for Ctrl+C. So you should still be able to use Ctrl+C for anything you'd previously have done with Ctrl+Break. -- Simon Tatham "That all men should be brothers is a dream of people who have no brothers." ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: <83hdk2ji4j.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: 24 Feb 2005 11:46:04 +0000 From: Owen Dunn Subject: Re: PuTTY on a "Windows Terminal Server" "Michael Pohlmann" writes: > > we are planning to use PuTTY for a number of users in parallel on a > Windows Terminal Server. Does anyone of you have experience in > running PuTTY simultaniously for a number of users, say 20 or 30? > As far as I know, PuTTY stores connection information in the registry, > but how does it work for more users if they all share the same > server, thus the same registry? PuTTY stores settings in the HKEY_CURRENT_USER hive of the Registry, so each individual Windows user will have his own PuTTY settings. This works even when PuTTY is running on a Windows Terminal Server or Citrix server. (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com> Message-ID: Organization: WOMUMP Date: 17 Nov 2006 18:11:31 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY and unix domain sockets / windows named pipe roytam@gmail.com writes: > >It is nice to see if PuTTY can work with unix domain sockets / windows >named pipe. PuTTY doesn't directly support this. However, it does support a "local proxy" where input/output come from a process' standard input / output. http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy If you can find a command which will connect that to a Unix domain socket / named pipe, you should be fine. 0.58 supports this on Unix, but on Windows you'll need a recent development snapshot for local proxy support. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 210.6.239.200 NNTP-Posting-Date: Mon, 20 Nov 2006 02:12:06 +0000 (UTC) References: <1163671278.281723.320720@h48g2000cwc.googlegroups.com> Message-ID: <1163988722.648896.144730@f16g2000cwb.googlegroups.com> Date: 19 Nov 2006 18:12:02 -0800 From: roytam@gmail.com Subject: Re: PuTTY and unix domain sockets / windows named pipe Jacob Nevins wrote: > roytam@gmail.com writes: > >It is nice to see if PuTTY can work with unix domain sockets / windows > >named pipe. > > PuTTY doesn't directly support this. > > However, it does support a "local proxy" where input/output come from a > process' standard input / output. > > http://www.tartarus.org/~simon/puttydoc/Chapter4.html#config-proxy > > If you can find a command which will connect that to a Unix domain > socket / named pipe, you should be fine. > > 0.58 supports this on Unix, but on Windows you'll need a recent > development snapshot for local proxy support. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/proxy-command.html It is hard to find a tool to attech a named pipe to telnet connection or STDIO for windows. As the serial backend is done, I think UNIX domain socket / named pipe can be easily done by modify the serial backend a bit. named pipe example: http://msdn2.microsoft.com/en-us/library/aa365592.aspx UNIX domain socket example: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/sockets.html Regards, Roy ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: University of Hertfordshire Date: 1 Jul 2002 15:55:21 GMT From: Ian Gregory Subject: Re: X over ssh tunnel In article , J wrote: >Alan Coopersmith wrote: > >> J writes in comp.security.ssh: >> |If i open a ssh tunnel for X-display forwarding (programs i run on the >> |server appear on my desktop), is it possible for someone else on the >> |server to see my X-display? >> |If so under which circumstances? >> >> Yes, if you do something stupid like 'xhost +' or 'xhost +server' to >> disable X security - but that's true regardless of whether or not you >> use ssh. (And of course, on most UNIX systems, someone with root access >> can always do all sorts of evil things and there's nothing you can >> really do about that.) >> > >And if i dont run xhost. is there still any danger? >I recognised that x is listening on port 6000. does >that have anything to do with the display? Anyone can make a TCP connection to port 6000 and speak X. Whether that gets them anywhere depends. If you have done 'xhost +' they *can* use your display which includes capturing your keystokes. You could disable xhost authentication and then they would have to somehow steal your magic cookie to gain access. In any case, if you use ssh with X forwarding, there is no need to have the X server listen on 6000. If your particular X server has the option of not listening then use this, otherwise use IP filtering to block external access to pot 6000 if you are worried. -- Ian Gregory Systems and Applications Manager Learning and Information Services University of Hertfordshire ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh References: Message-ID: Organization: only myself Date: Sun, 30 Jun 2002 15:30:48 +0000 (UTC) From: Dimitri Maziuk Subject: Re: Using SSH over SSL begin 666 your_newsreader_is_broken thus spake Kornshell: > > I'm wanting to do some performance tests using unencrypted SSH > connections over SSL Vs. SSH connections using the built in ciphers. > I'm trying to see if I can squeeze a little more performance from ssh > and scp (without doing TCP tuning) I have been trying to use stunnel > to tunnel my connection, but it doesn't seem to be working. I have > stunnel and SSH (along with the daemon) running in my user space since > I don't (and won't) have root access to the two machines that I'm > doing the tests on. > > Has anyone out there used unencrypted SSH sessions over SSL? If so, > how would I get the stunnel server and client configured to > correctly tunnel the SSH connection? I suspect SSH (OpenSSH at least) uses SSL library for encryption anyway, so you won't see any noticeable difference. (Of course, if SSH protocol was designed properly, they'd leave encryption to SSL in the first place.) FWIW, when OpenSSH folks dropped the cipher=none option I did a few tests on large-ish files. Size increase was below 1% and transfer time increase was below the resoluton of time command. Dima -- I'm going to exit now since you don't want me to replace the printcap. If you change your mind later, run -- magicfilter config script ////////////////////////////////////////////////////////////////////////////// Apple includes an "ssh" command in Mac OS X (as of 10.1.2), which can be used from the "Terminal" environment (a VT100 emulator). For "classical" MacOS 8.x and 9.x, some client programs are MacSSH http://pro.wanadoo.fr/chombier/ NiftyTelnet SSH http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ dataComet-Secure http://www.databeast.com/ .............................................................................. Web/Portable SSH implementations: MindTerm Secure Shell Client (SSH) http://www.appgate.com/ag.asp?template=products&level1=product_mindterm Java Telnet App http://javassh.org/ .............................................................................. And for Windows, these packages not discussed above: Kermit-95 http://www.columbia.edu/kermit/k95.html SecureCRT http://www.vandyke.com/ X-SecurePro & SSHPro http://www.labtam-inc.com/ http://www.labtam-inc.com/index.php?act=products&t=overview&pid=11 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: Organization: Metro State College of Denver Computer Science http://cs.mscd.edu Date: Sat, 1 Mar 2003 09:32:01 +0000 (UTC) From: Steve Beaty Subject: MSSH: a generic Windows 95/98 ssh client The Metropolitan State College of Denver would like to announce the availability of a generic ssh client for Windows (95, 98, NT, 2000, XP, and quite possibly, WinCE). It creates and manages ssh tunnels, allowing any application to have a secure connection. Creating simple VPN's is easy. Please see the page at: http://cs.mscd.edu/MSSH/index.html Documentation is included. We also have two email discussion lists, one for users with questions and another for developers. -- Dr. Steve Beaty Associate Professor Metro State College of Denver http://clem.mscd.edu/~beatys/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: card.cc.umanitoba.ca NNTP-Posting-Date: 30 Oct 2003 14:59:55 GMT References: Message-ID: Organization: The University of Manitoba Date: Thu, 30 Oct 2003 08:59:54 -0600 From: Daryl Fonseca-Holt Subject: Re: OpenSSH e SPARC Solaris 7 Fillo wrote: > > Could you help me ?!? > > I've follow the faq to install SSH over Solaris 7. > http://www.sunfreeware.com/openssh26-7.html > On one machine it's all ok... but another one 250 accept the SSH login but > teratermSSH immediatly shutdown... I can't read two lines of login before > the login close... > Wht's the problem ?!? > > Thanks > Filippo It may be that TeraTermSSH only supports Protocol 1. [yes] Most SSH is shipping now with it disabled as it is considered less secure. Check sshd.config for a line that should look like: Protocol 2,1 That line says negotiate for Protocol 2 first but if the client is unable fallback to Protocol 1. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.lang.java.programmer, comp.lang.java.softwaretools Message-ID: References: Date: 24 Nov 2003 13:29:10 -0800 From: Nuggy Subject: Re: SSH Client Andreas Schmidt wrote in message news:... > Am 10 Nov 2003 16:44:42 -0800 hat Nuggy > geschrieben: > > > I'm looking for an SSH client to imbed into my application. > > > I need to incorporate this into my client app somehow, but I'm not > > familiar enough with SSH to plod through all of the source code in > > SSHTools's j2ssh and SSHTerm to be able to understand it all > > (literally dozens of source files in these.. with very little > > documentation that I could find). I've got as far as creating and > > Maybe "jsch" has a better documentation? > Have a look at http://www.jcraft.com/jsch/ I was able to get both j2ssh and mindterm to port easily, but I was running into display problems. I tried jsch, and integrated it fairly easily, but I encounter the same display problems; namely running a script that calls an executable produces output from the script, but not from the executable *until* the executable finishes, at which point all output is then displayed. It accepts input just fine. See my post in comp.security.ssh for details. Thanks for the suggestion. .............................................................................. Newsgroups: comp.security.ssh Message-ID: Date: 21 Nov 2003 13:16:49 -0800 From: Nuggy Subject: Can't see output in SSH I am having problems with seeing output from a program using SSH. I need to pass in a script to execute. Inside the script, an executable program is called, which starts up an interactive data-entry session with the user (display question, read input, rinse, repeat). If I use putty from the command line without calling the script, I get my prompt, and can run the script and see the program execute just fine. But if I pass in a command file with the script in it, the script still executes, it displays output from the script just fine, and runs the executable, but the output from the executable is not displayed on my screen immediately. It can still accept input.. I can I can respond to prompts I know are there, and it will accept and respond to my keystrokes.. but I never see the output, UNTIL the executable finishes, as which point all the output that it produced flashes briefly in the window before the window closes. I am seeing identical behavior using MindTerm's SSH java client which I have integrated into a java application. The window comes up and displays shell output fine, but the executable's output isn't shown until it's in the process of closing the window when it completes. Again, with either putty or mindterm, if I don't pass in the command to execute, I get my UNIX prompt, and I can type in the command to start the script, and I see and can interact with the executable just fine. It's only when I pass in the script to run that I can't see the executable's output. What am I missing? I need to have this dynamic; having to type in the command at the prompt each time is not an option. Please help! my putty command line that works but I have to type in the command: c:\putty.exe.lnk -ssh -t -l -pw -2 The other one I tried that won't display the executable output: c:\putty.exe.lnk -ssh -t -l -pw -2 -m c:\cmdfile where "c:\cmdfile" is a text file containing the path to the UNIX script to run. I'd much rather use MindTerm since I've already integrated the BasicClient into my application, as I don't really want to have 50 different "cmdfile"s on my drive for the many different commands I will be running, so though I appreciate any help on either putty or mindterm, information to help me get mindterm working would be awesome. Thanks! -Nuggy (PuTTY) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 210.196.132.178 NNTP-Posting-Date: Thu, 24 Mar 2005 10:33:28 +0000 (UTC) Message-ID: <1111660404.514944.231540@z14g2000cwz.googlegroups.com> Date: 24 Mar 2005 02:33:24 -0800 From: "hakim.ron@gmail.com" Subject: PuTTY GUI as windows cmd.exe replacement Hi everyone, Did anyone ever try to replace the PuTTY core, and just try to execute cmd.exe instead. I really dislike working with the command prompt, although sometimes I have to. This is in complete contrast to the PuTTY GUI, which I find very easy to work with. So I was thinking about taking out the bulk of the PuTTY core, and replacing it a call to cmd.exe. Hopefully cmd will detect it already has a window, and not try to create on of it's own. Did anyone try this in the past? With any success? Where can I get it? (getting ahead of myself, as I don't see I'll have time to try to do this myself in the near future) Thanks, Ron .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1111660404.514944.231540@z14g2000cwz.googlegroups.com> Message-ID: Organization: Linux Unlimited Date: 24 Mar 2005 11:33:30 +0000 (GMT) From: Ben Harris Subject: Re: PuTTY GUI as windows cmd.exe replacement In article <1111660404.514944.231540@z14g2000cwz.googlegroups.com>, hakim.ron@gmail.com wrote: > > Did anyone ever try to replace the PuTTY core, and just try to execute > cmd.exe instead. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-command-prompt.html The upshot of which is that it looks like Windows doesn't have Unix-like pseudo-terminals, and just running cmd.exe in a pair of pipes loses you command-line editing. -- Ben Harris ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: Organization: Yeah, right Date: 09 Nov 2003 10:24:23 +0000 (GMT) From: Simon Tatham Subject: Re: PuTTy escape sequence > menno wrote: >> I'm looking for an escape sequence for putty, with which I can change the >> port forwarding/tunneling while the connection is open. Julian Hsiao wrote: > I think this is pretty close to this item on the wish list: > Confusingly, some people use the phrase `escape sequence' to mean the commands you (as the user) can send into OpenSSH by typing ~ as the first character of a new line. So it's possible that the original poster didn't mean it in the same way you (and I) would naturally use the phrase. > So, I assume it can't be done, and will never be implemented. If your interpretation is correct, then you're quite right; having PuTTY able to modify its port forwarding setup in response to output sent by the server would be a major security misfeature. However, if the original poster merely wants a way to reconfigure port forwardings in mid-session from the client end, that is something I do want to do: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/portfwd-reconf.html -- Simon Tatham "My heart bleeds. (That's how it works.)" -- Gareth Taylor ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: c-24-128-53-74.hsd1.ma.comcast.net [24.128.53.74] NNTP-Posting-Date: Mon, 16 May 2005 08:32:58 -0500 References: <1116244367.969917.198280@z14g2000cwz.googlegroups.com> Message-ID: Date: Mon, 16 May 2005 09:35:07 -0400 From: Nico Kadel-Garcia Subject: Re: UseLogin yes and X11 encryption wrote in message news:1116244367.969917.198280@z14g2000cwz.googlegroups.com... > > If I have UseLogin enabled, I realize that X11Forwarding is disabled > because login can't handle it. So if I export my display, do a xhost +, > and open an xterm, is my connection still encrypted? In other words, > are X11 packets still encrypted even though X11Forwarding is disabled? > I'm using recent versions of openssh. SSH encryption of X connections via X11Forwarding creates a tunnel to carry such traffic safely, point-to-point, instead of exposing your local machine to the world. What you ve done is to completely open your local X server to remote manipulation by anyone who can reach your machine from elsewhere in your network, and depending on your configuratiion anywhere in the world. This can include some very nasty vulnerabilities, and some amusing ones. When I caught someone doing that at an old workplace, despite my repeated warnings about it and explanations of how to use SSH X11 forwarding, I ran the "xroach" program on their unsecured display without their knowledge while they were away at lunch. The screams when they moved a window and the roaches popped out from under it and ran around the screen were *prize*, followed by the shaky laughter when they figured out what had happened, and I showed them how to *splat* the roaches with the mouse. It did make my point, and they stopped doing that. ////////////////////////////////////////////////////////////////////////////// References: Message-ID: Organization: WOMUMP Date: 15 Nov 2004 15:07:25 +0000 (GMT) From: Jacob Nevins Subject: Re: Putty vs MC numeric keypad HOW? [followups set to comp.terminals] Nagy Gergely writes: > >I use Putty for 3 years to access my servers, and i was also since >then looking for a solution to get the numeric keypad in MC (Midnight >Commander) working. > >The only thing i DON'T want, is to teach MC to the keypad, because my >linux based terminals will not work properly after that. > >Is there any solution, setting Putty or the server side? You haven't stated precisely what your problem is. On experimenting, I find (with a Debian potato server) that checking "Disable Application Keypad Mode" in PuTTY (on the Features panel) allows me to use the keypad in MC in both cursor-keys-etc and numeric mode, switching with Num Lock. Without this, Num Lock acts as a function key (causing help to be invoked as if F1 were typed), so only the cursor-keys mode is accessible. It's possible that this may break other apps though--try it and see. http://the.earth.li/~sgtatham/putty/0.56/htmldoc/Chapter4.html#S4.6.1 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: Yeah, right Date: 29 Jan 2005 13:27:28 +0000 (GMT) From: Simon Tatham Subject: Re: Hot-key to minimize Putty Barry wrote: > > Alt+Space+N usually minimizes the current window, but it doesn't > work for Putty. You should be able to configure it to (Window -> Behaviour -> System menu appears on ALT-Space). -- Simon Tatham "Imagine what the world would be like if there were no hypothetical situations..." .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Date: Sat, 29 Jan 2005 20:06:44 EST NNTP-Posting-Host: pool-70-23-20-115.ny325.east.verizon.net [70.23.20.115] References: Message-ID: Date: Sun, 30 Jan 2005 01:06:44 GMT From: Barry Subject: Re: Hot-key to minimize Putty > You should be able to configure it to (Window -> Behaviour -> System > menu appears on ALT-Space). > -- > Simon Tatham "Imagine what the world would be like if > there were no hypothetical situations..." Thanks guys. Simon: That works. I configured Putty to open the system menu on ALT-Space, so I just have to program down-arrow clicks to get to "minimize" and then click "return." I'm glad that worked because there's no way to use sendkeys to click the Windows icon key, and I don't want to learn C just for this. Barry ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: ipath.rz-zw.fh-kl.de NNTP-Posting-Date: Mon, 9 Mar 2009 09:10:39 +0000 (UTC) Message-ID: Organization: Universitaet Kaiserslautern Date: Mon, 09 Mar 2009 10:08:15 +0100 From: Thorsten Peter Subject: Putty Keyboard Problem - Shift Tab Hey folks, I have been investigating a small issue that I have with Putty 0.60 since I started using it for my ssh/telnet sessions. Been playing around with a lot of settings to find a solution, but no luck yet ... Using putty to connect to linux machines via ssh e.g. I am of course in need of auto completion on the linux shell. Basically auto completion works, except for when you hold down the shift key while pressing TAB to autocomplete. Other terminal clients can do this just fine, e.g. Teraterm or Cygwin/rxvt. No problems there with using shift-tab. I really can't imagine that no one ran into that "problem" before. But it's hard to find any comments regarding this issue with putty on the web. Especially when you have a lot of Upper-Case only files or directories, that you want to auto complete with TAB this can get very annoying, since you type the first few letters of the directory e.g. while holding down shift, and usually don't let it go when pressing TAB to complete it. Maybe someone here can help me with this. Putty gives me everything I need from a terminal client. Finding a solution to this would be great. thanks, Thorsten . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: Tartarus.Org Date: 09 Mar 2009 10:45:08 +0000 (GMT) From: Simon Tatham Subject: Re: Putty Keyboard Problem - Shift Tab Thorsten Peter wrote: > > Basically auto completion works, except for when you hold down the shift > key while pressing TAB to autocomplete. > Other terminal clients can do this just fine, e.g. Teraterm or > Cygwin/rxvt. No problems there with using shift-tab. It isn't at all clear from your report - you should make a habit of stating precisely what you see and also explicitly stating what you expected to see - but it _sounds_ as if you're expecting Shift+Tab to do exactly the same thing as just pressing Tab without Shift. Is that right? PuTTY deliberately doesn't do this, because users _requested_ that I turn Shift+Tab into a distinguishable control sequence, so that applications which were displaying on-screen forms could use Tab to move through the form fields in one order and Shift-Tab to move through them in the reverse order, as you'd expect from the equivalent form interface in environments like the Windows GUI. The unavoidable effect of this is that Tab and Shift-Tab must send different control sequences to the server, otherwise such an application wouldn't be able to tell them apart. A simple solution at your end would be to reconfigure your readline settings so that PuTTY's control sequence for Shift-Tab (ESC [ Z) is treated the same way as the sequence for Tab (equivalent to Ctrl-I). For instance, in bash, you could write bind '"\e[Z": complete' or, as a more global approach (which would benefit all readline- using applications instead of just bash, since things like gdb also use completion) you could add the line "\e[Z": complete to ~/.inputrc. -- Simon Tatham What do we want? ROT13! When do we want it? ABJ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: ipath.rz-zw.fh-kl.de NNTP-Posting-Date: Mon, 9 Mar 2009 12:15:43 +0000 (UTC) References: Message-ID: Organization: Universitaet Kaiserslautern Date: Mon, 09 Mar 2009 13:13:19 +0100 From: Thorsten Peter Subject: Re: Putty Keyboard Problem - Shift Tab Hi Simon, sorry if I didn't explain the problem clear enough, but I think you got what I meant ... Your explanation makes sense to me. I will try to use your workaround and do the respective bindings on one of my shells. Thanks a lot for your support. Thorsten . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: ipath.rz-zw.fh-kl.de NNTP-Posting-Date: Mon, 9 Mar 2009 12:23:35 +0000 (UTC) References: Message-ID: Organization: Universitaet Kaiserslautern Date: Mon, 09 Mar 2009 13:21:10 +0100 From: Thorsten Peter Subject: Re: Putty Keyboard Problem - Shift Tab Simon Tatham wrote: > or, as a more global approach (which would benefit all readline- > using applications instead of just bash, since things like gdb also > use completion) you could add the line > > "\e[Z": complete > > to ~/.inputrc. Works like a charm Simon :-) Put the above into /etc/inputrc and I am all set ... Thanks again, Thorsten . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 85.23.32.64 References: Message-ID: <8763hs4p7z.fsf@Astalo.kon.iki.fi> Date: Sun, 29 Mar 2009 13:07:12 +0300 From: Kalle Olavi Niemitalo Subject: Re: Terminal settings required to transmit ctrl+tab sequence "F. Lucado" writes: > - what ASCII characters or character sequences do you want "vim" > to receive? Xterm 227 can output CSI 27;5;9~ for Ctrl+Tab, if the modifyOtherKeys resource is 1 or 2. If one made Putty imitate that, it would have at least some chance of being recognized by existing applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 72.65.228.45 NNTP-Posting-Date: Sun, 29 Mar 2009 02:46:24 +0000 (UTC) References: Message-ID: Organization: http://groups.google.com Date: Sat, 28 Mar 2009 19:46:24 -0700 (PDT) From: whit537 Subject: Re: Terminal settings required to transmit ctrl+tab sequence Greetings, > the aforementioned sequences as key bindings for tab navigation in vim I'm looking for this too. Have you made any progress? Like F. Lucado says, PuTTY is probably capturing Ctrl-Tab for its own purposes and/or not passing it along. I don't see anything in its configuration dialog. We would probably have to track this down in the source. Here's a reference to someone else capturing Ctrl-Tab for their own custom version of PuTTY: http://www.stansell.org/tools/putty/ This makes me think that Ctrl-Tab is not used by PuTTY proper. I've done some grepping in the source but am not seeing anything obvious (my first time in this codebase though, lots of orientation happening). I see a PK_TAB constant defined in putty.h that is used in terminal.c. In general, it looks like all of the terminal emulation is done in that file, and the unix, windows, and mac/macosx subdirectories are only for the various GUIs. I searched for "tab" in the Wishlist, Change Log, and FAQ, and came up empty (although in the Change Log I did see a reference to Shift-Tab support being added "[b]y popular demand.") At this point I think it's safe to email the developers (putty@projects.tartarus.org), and I'll do so if you haven't figured this out already. -- chad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 79.240.169.130 NNTP-Posting-Date: Sat, 25 Apr 2009 19:54:23 +0000 (UTC) References: Message-ID: <9a517bb6-3919-4509-a072-0cc64012cfea@v1g2000prd.googlegroups.com> Date: Sat, 25 Apr 2009 12:54:23 -0700 (PDT) From: livingwtf@gmail.com Subject: Re: Terminal settings required to transmit ctrl+tab sequence On 4 Mrz., 20:54, awifmaxz...@gmail.com wrote: > > I'd like to know what needs ot be done to configure my terminal > (putty) to transmit ctrl+tab and ctrl+shift+tab character sequences to > the (linux) server. > > AFAIK, this is a terminal emulation issue, and I'm hoping someone here > might be able to help me.  I've searched around for a solution but > haven't found any references to it. > > The particular activity I'm trying to perform is simply to set up the > aforementioned sequences as key bindings for tab navigation in vim. > > If anyone could provide me with some direction it'd be much appreciated PuTTY doesn't act on CTRL+TAB. You can patch PuTTY: http://scnr.net/blog/index.php/archives/61 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: Date: Fri, 21 Nov 2003 10:14:56 +0100 From: Oli K-u-r-t Subject: Re: sftp on win Eric wrote: > try: sftp -s /usr/local/libexec/sftp-server user@hostname > > note: assume sftp-server is located in /usr/local/libexec directory > and on unix server. > checks - /usr/local/libexec is world accessable > /usr/local/libexec/sftp-server is world executable > create a symbolic links for sftp-server either in /usr/bin or > /usr/local/bin to point to /usr/local/libexec/sftp-server > also, put /usr/local/libexec in the search path > > hope this help. Unfortunately it didn't work. I uninstalled the package from http://lexa.mckenna.edu/sshwindows/ and in place of that I installed the cygwin OpenSSH stuff. And now it works pretty fine. I don't know, but maybe that coheres with my Windows XP, I also tested OpenSSH from http://lexa.mckenna.edu/sshwindows/ on my Windows 2000 machine and there it works out of the box. Anyhow, problem solved. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: <3fba15d2$1@buckaroo.cs.rit.edu> References: <98c767fe.0311180204.62c1d3dc@posting.google.com> Organization: RIT, Department of Computer Science Date: Tue, 18 Nov 2003 07:49:04 -0500 From: Carl Holtje Subject: Re: SSH vs Telnet? Ian Tresman wrote: > > What's the difference between SSH and Telnet? > > Having created an RSA key for my server, I find that PuTTY does not > need my Private RSA key if I select SSH1, just my username and > password? In which case, what's the point of uploading my public > RSA key? > > Regards, > Ian Tresman > Derby, UK SSH = encrypted Telnet = plaintext To see this in action, sit on a network where you can run a packet sniffer... log into a machine using telnet (observe your password in the clear), and then the same with ssh... Telnet runs on TCP port 23, SSH on TCP port 22 for your filtering pleasures... When in doubt, USE SSH!!!.. and not SSHv1... There are ways of configuring your authentication methods.. this is generally a server-side thing, so you may or may not have access to this.. In either event, once your session has been established (even before the password is sent), your communication is secured... For more fun, ssh someplace with the -v (for verbose) switch to ssh... this will show the handshake protocol in gory detail.. :) Enjoy.. Carl -- "There are 10 types of people in the world: Those who understand binary and those that don't." $>whoami: Carl Holtje $>mail holtje: cwh0803@cs.rit.edu $>cu: http://www.cs.rit.edu/~cwh0803 $>whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh Message-ID: References: <98c767fe.0311180204.62c1d3dc@posting.google.com> <3fba15d2$1@buckaroo.cs.rit.edu> Organization: WOMUMP Date: 18 Nov 2003 23:20:59 +0000 (GMT) From: Jacob Nevins Subject: Re: SSHv1 vs SSHv2 (was: SSH vs Telnet?) Rob Stampfli writes: >Carl Holtje wrote: >>When in doubt, USE SSH!!!.. and not SSHv1... > >I know the conventional wisdom is that there are problems, >or at least deficiencies, with SSHv1, but I have been unable >to find any specifics as to why SSHv1 should be avoided on >the internet. Rather, it always appears as convention wisdom. Here's something that may be somewhat better: http://www.snailbook.com/faq/ssh-1-vs-2.auto.html Unfortunately the link about the CRC-32 insertion attack appears to have rotted, but that should be enough to Google for. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 24.34.60.41 NNTP-Posting-Date: Tue, 09 Dec 2003 12:14:07 -0600 Message-ID: Date: Tue, 9 Dec 2003 13:14:32 -0500 From: Eric Subject: Mocana SSH and SSL Hi All, Don't know if I am allowed to advertise - if not - I apologize and will not do again..... Mocana provides SSH and SSL for embedded systems, written from the ground up. Very fast and very small (SSL is 50kb, SSH 70kb). Written in C, royalty Free, and support for any RTOS (including Linux) or any Processor. Here are some special features unique to Mocana......... SSH *Highly portable, coded in ANSI-C *Well written, designed for embedded systems *All functions return an error status - unique to mocana wrt openssx *Easy to read code *70kb footprint - smallest in the industry *Support SSHv2 standard *Low memory utilization per connected client - unique to mocana *Zero-threaded - unique to mocana *Synchronous API (familiar BSD-like socket API) - unique to mocana *Asynchronous API (packet notification based TCP/IP stack) - unique to mocana *Key generation support *Strong cryptology *Any platform (RTOS not a requirement) *Support for SRP *File system not required *Highly optimized SSL *50kb footprint - smallest in the industry *Automatic Key Generation - unique mocana feature *Automatic ASN.1 X509 certificate generation - unique to mocana *All functions return an error status - unique to mocana *Easy to read code *Support SSLv3 standard *Low memory utilization per connected client - unique to mocana *Zero-threaded - unique to mocana *Synchronous API (familiar BSD-like socket API) - unique to mocana *Asynchronous API (packet notification based TCP/IP stack) - unique to mocana *Key generation support *Strong cryptology *Any platform (RTOS not a requirement) *File system not required *Highly optimized Please contact me, should you want additional information. Eric@emRep.com ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell, comp.unix.programmer References: Message-ID: Date: Tue, 18 Nov 2003 23:52:17 GMT From: Darren Dunham Subject: Re: Forcing SSH to timout after a certain time if it isn't responding In comp.security.ssh andy wrote: > Hi, > I'm wiritng a Bash script where I want to check if I can SSH into a > certain IP-address in a function. If the SSH call does nto respont for > 2 seconds I want to kill the process, but if it responds before 2 > seconds then it > shudnt have to wait unnecessarily for 2 seconds. > here the code i was trying: [snip] Why not just specify the connection timeout? > `ssh -q "$1" /bin/true &> /dev/null &` Note that -q turns off messages, but it does not prevent the client from asking necessary interactive questions... You'd need BatchMode for that. ssh -o BatchMode=yes -o ConnectTimeout=2 /bin/true > /dev/null -- Darren Dunham ddunham@taos.com Unix System Administrator Taos - The SysAdmin Company Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > .............................................................................. Newsgroups: comp.security.ssh, gnu.bash, comp.os.linux.misc, comp.unix.shell, comp.unix.programmer NNTP-Posting-Host: 63.104.116.5 NNTP-Posting-Date: Wed, 19 Nov 2003 16:43:18 EST References: Message-ID: Date: Wed, 19 Nov 2003 21:43:18 GMT From: Darren Dunham Subject: Re: Forcing SSH to timout after a certain time if it isn't responding In comp.security.ssh andy wrote: > I tried using > ssh -o BatchMode=yes -o ConnectTimeout=2 /bin/true > > /dev/null > But it gives me the follwing error: > command-line: line 0: Bad configuration option: ConnectTimeout > I looked in my ssh_config file, and also in 'man ssh_config', and i > didnt see ConnectTimeout mentioned in either place. > Does this mean I have an older version of ssh? Is there any otehr way > I can ahceive that functionality? You could fork a program that would kill the process in 2 seconds. If it exits, then the kill will just not work. Something like this. There might be some tweaking needed. LOOP.. ... ssh -o BatchMode=yes $host /bin/true > /dev/null & SSH_PID=$! (sleep 2 ; kill $SSH_PID >/dev/null 2>&1)& STATUS=wait $SSH_PID ... The wait should block until the ssh exits, either from a normal exit or because it's killed. Of course you probably want to upgrade anyway. -- Darren Dunham ddunham@taos.com Unix System Administrator Taos - The SysAdmin Company Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 63.104.116.5 NNTP-Posting-Date: Wed, 23 Jun 2004 15:47:34 EDT References: <2ju2t4F15tji1U1@uni-berlin.de> Message-ID: Date: Wed, 23 Jun 2004 19:47:34 GMT From: Darren Dunham Subject: Re: OpenSSH: force password authentication cat54me wrote: > > Hi all, > I set up passwordless public key authentication from a client to a > server to run an automated backup job (rsync). > I am running OpenSSH 3.6.1p2 on Red Hat Enterprise Linux 3. > I set up the public key with a forced command on the server, in order to > run validating script and only allow the backup task, otherwise it will > close the ssh connection, and It works fine. And unstated, I suppose you also set up a private key on the local client in the default location for the client identity. > But sometimes I need to connect to the server via ssh to run some > interactive commands and would like to use password authentication for that. > Right now that is not possible, since when I try to connect to the > server via ssh, the ssh client will pick up the PKI authentication first > and the forced command (validating script) on the server won't allow me > an interactive session, it will close the ssh connection. > Is there any way to force the ssh client to use password authentication > first only for interactive sessions? E.g. a command line switch or > something like that ... Take a look at the options available in the ssh_config file. One way is to have the restricted key not be in the default identity file. Make the automated process reference it explicitly. (I do this preferentially) ssh -o IdentityFile=auto_backup ... or ssh -i auto_backup ... Another way is to change the attempted authentication methods. ssh -o PreferredAuthentications=keyboard-interactive,password ... Or just disable public key authentication. ssh -o PubkeyAuthentication=no ... -- Darren Dunham ddunham@taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: adsl-68-79-141-72.dsl.emhril.ameritech.net NNTP-Posting-Date: Fri, 19 Nov 2004 23:50:33 EST References: Message-ID: Date: Sat, 20 Nov 2004 04:50:33 GMT From: Neil W Rickert Subject: Re: dtwm and ssh-keygen Coy Hile writes: > > Is there an easy way that I'm missing to make dtwm get launched from > ssh-agent (so that the entire window manager rather than a single shell > is the ssh-agent for things like ssh-add) so that I can type my > passphrase once and then be able to connect to anywhere that used the > same RSA keys without typing my passphrase. I just use eval `ssh-agent -s` toward the end of my ".dtprofile" ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: kebe.east.sun.com NNTP-Posting-Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC) References: Message-ID: Organization: Solaris Networking & Security Engineering Date: Thu, 16 Dec 2004 05:20:32 +0000 (UTC) From: Dan McDonald Subject: Re: SSH - securing the port In article , Greg Menke wrote: >Gary vonBergen writes: > >> I had the somewhat dubious honor of doing an evaluation of SSH >> a while back for the USAF's C2IPS program. In a test LAN I used >> a Solaris server and a Windows box (with the companion piece F-Secure >> on board). I placed a second server (Solaris) on the net and used >> the snoop utility to inspect the network traffic. I can tell you >> that SSH is not (I repeat for clarity NOT) secure. It is better than >> open telnet but it does open negotiate crypto method and passes keys >> in the clear as part of its startup. couple this with the open I don't see what's wrong with open negotiation of the method. Passing keys in the clear, however, can be a problem. BTW, were you looking at SSHv1? SSHv2 fixed MANY of the problems in the protocol. >> I would like to stress that there is nothing better than SSH that >> I know of. Worse with the current status of the laws governing >> cryptography nothing better can be created. Any commercial product >> has to have a method or key that can be furnished to the authorities >> on demand with court order ---- but that trapdoor has to be there >> by law. You are incorrect. My commercial product may have restrictions on the _strength_ of the ciphers involved, but I have no trapdoors or secret entrances in my particular set of security protocols (IPsec and IKE). Sure you can access the keys if you are root on the system, but if you're root, all bets are off anyway. If you don't trust the IKE protocol for key exchanges, do manual keying. In my previous job we used to refer to "keying by Marine guard" as a valid option. And now on to the actual previous poster, as opposed to the one two before... > How does the open negiotiation of the first phases of the crypto make > ssh insecure? What specific attacks can take advantage of it? And > please define what "not secure" means. SSH (both v1 and v2) are vulnerable to a man-in-the-middle attack if operated in their default modes. The first time you see a public-key fingerprint for a remote host, you either have seen it from the server's administrator--out of band--or are taking it on faith. I can theoretically intercept your traffic and rewrite it in both directions, fooling both sides at once. Only a trusted third party, or other out-of-band sharing can thwart this. (There may be other more interesting ways... but I suspect they can reduce to some sort of trust chain or out-of-band proof). > If ssh really is as insecure as you suggest, I'm sure the community at > large would be very interested in fixing it. Hence all of the stuff that got fixed in SSHv2. > principles of the crypto in ssh (and pgp) is that the value is in the > keys and algorithm, not the sourcecode. The more widely the source > and algorithms are studied, the more its claims can be proved or > disproved. Please be specific about how the availability of source > decreases the effectiveness of the encryption algorithms- I'd > appreciate citations. I agree with you and disagree with the previous poster. Modulo trojans on unwary folks, available source is nothing but goodness. > No doubt the black helicopter folks can crack modern public crypto "Can crack" is obvious. "At what expense" is not, and I'm sure is the subject of much speculation. -- Daniel L. McDonald - Solaris Networking & Security Engineering Mail: danmcd@east.sun.com | * MY OPINIONS ARE NOT NECESSARILY SUN'S! * 1 Network Drive Burlington, MA |"rising falling at force ten http://blogs.sun.com/danmcd/ | we twist the world and ride the wind" - Rush ////////////////////////////////////////////////////////////////////////////// 2006-12-13 Rapid7 has a free software package, SShredder, which claims to test various SSH (Secure Shell) vulnerabilities: http://www.rapid7.com/securitycenter/sshredder.jsp ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: dorado.ce.chalmers.se References: <1105524876.765566.167120@c13g2000cwb.googlegroups.com> Message-ID: Organization: Chalmers University of Technology, Sweden Date: 18 Jan 2005 23:29:57 GMT From: Fredrik Lundholm Subject: Re: SSH'ing between Sol 8 -> Sol 10 hosts In article <1105524876.765566.167120@c13g2000cwb.googlegroups.com>, jrt409 wrote: > > Hi, > I have two hosts - Solaris 8 host running SSH v1.2.30 trying to connect > to a Solaris 10 (build 72) host running the stock std version of SSH. > When i attempt to connect to the Solaris 10 host i get the following > error even after I've unhashed the "Protocol 2,1" line in the > /etc/ssh/sshd_config and restarted sshd. Yes, you will also need to regenerate you host keys in a supported format that will work with ssh1/ssh2. I do like this (Solaris 9) in a jumpstart script: echo "Solaris ssh v1 +fix" /etc/init.d/sshd stop rm /etc/ssh/ssh_host_rsa_key ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_rsa_key -P '' /etc/init.d/sshd start ////////////////////////////////////////////////////////////////////////////// Maybe run an X session under ssh-agent in Solaris? http://docs.sun.com/app/docs/doc/816-4557/6maosrjjq?a=view ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: phorcys.east.sun.com NNTP-Posting-Date: Wed, 29 Jun 2005 13:07:23 +0000 (UTC) References: Message-ID: Organization: Sun Microsystems Date: 29 Jun 2005 09:07:23 -0400 From: James Carlson Subject: Re: forwarding ssh explaination? "Jerry Lee" writes: > > If someone has a time to help me, please explain to me about following > question. This isn't really a Solaris question; there's probably a better group available for it. > ssh -r 4242:localhost:22 mhpark@213.22.123.12 password is changeme ssh doesn't have a "-r" option, so that's probably not the command used. The command might be "-R". -R is documented on the ssh(1) man page. In short, it says that port 4242 should be opened as a "listen"-type port on the remote machine, and when any connection is attempted to that port on the remote machine, a separate connection is made by the local machine to localhost:22 (the sshd port), and data is tunneled by ssh between the two. > I don't understand what's going on with this command correctly. > I just know that this command is used for forwarding ssh session, etc. Right. The remote peer would do something like this: ssh -p 4242 someuser@213.22.123.12 ... The connection would then be forwarded through to localhost:22 by the ssh session created as you original posted. -- James Carlson, KISS Network Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.aix NNTP-Posting-Host: adsl-68-255-16-162.dsl.emhril.ameritech.net NNTP-Posting-Date: Sat, 14 May 2005 08:29:57 EDT References: Message-ID: <9bmhe.1264$bj5.725@newssvr31.news.prodigy.com> Date: Sat, 14 May 2005 12:29:57 GMT From: C C Subject: Re: SSH in AIX 4.3+ "Ian Northeast" wrote in message news:pan.2005.05.11.19.34.19.698732@house-from-hell.demon.co.uk... > > On Wed, 11 May 2005 18:43:53 +0000, C C wrote: > > > > How do I startup SSH in my RS6000 with AIX 4.3? > > If you can find an old copy of the "toolbox for Linux" CD which comes with > AIX nowadays, one with the "RPMS/ppc-4.3.3" subdirectory, as shipped with > the original AIX 5.1, you can install it from that. I wouldn't expose one > that old to the Internet though. It used to be available for download but > I think they removed all the 4.3.3 stuff. > > You can get a version from > > http://www.bullfreeware.com/ > > There are more recent ones there. > > Or get the source from > > http://www.openssh.org/portable.html > > and build it yourself. I recommend this if it's exposed to the Internet. > > Regards, Ian Thanks. Is this pretty easy to install? Does it need a reboot? ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Tue, 19 Apr 2005 20:38:29 -0500 References: Message-ID: Date: 19 Apr 2005 21:38:29 -0400 From: Richard E. Silverman Subject: Re: ssh and .rhosts or .shosts http://www.snailbook.com/faq/no-passphrase.auto.html [includes unattended operation] http://www.snailbook.com/faq/trusted-host-howto.auto.html -- Richard Silverman res@qoxp.net ////////////////////////////////////////////////////////////////////////////// Top Ten SSH FAQs http://sysadmin.oreilly.com/news/sshtips_0101.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: list.stratagy.com References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Organization: The Late, Great Stratagy Users Group Date: Thu, 3 Feb 2005 12:51:01 EST From: Richard S. Shuford Subject: evaluate the best SSH client (was: Print in PuTTy) byrapaneni(*)gmail.com wrote: | | I came across ( FREE licence) TeraTerm Pro Web 3.1.3 - Enhanced | Telnet/SSH2 Client at http://www.ayera.com/teraterm/. This Telnet has | the print functionality built in. I also found 'Absolute Telnet' on | http://www.celestialsoftware.net/ for $19.00 a piece when you buy 10 | or more. | | Could someone please post their findings/facts/reviews on these. | I was [assigned] to a new project to find / [evaluate] the best | SSH client for our organization. While it is good that Yutaka Hirata has lately undertaken to enhance TeraTerm for SSH2, I've tried the January 2005 "UTF-8 TeraTerm Pro" release and found it unstable (at least under Windows 98SE on my home machine). But I hope he will keep working on it. There are many terminal-emulation programs available in the world: some free, and numerous commercial products. You give no clues about what kind of organization you belong to, but many enterprises would be better off with a commercial product where the users can get technical support by telephone. In contrast, a free product must give a warning, not a warranty: The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair, or correction. Over the last two years, many vendors of terminal-emulating Telnet clients have enhanced them to support SSH connectivity; some also support other secure connection types, notably Kerberos and SSL. SSH is popular because its administrative overhead is relatively low, compared to the other secure-connection schemes, however, this plus can quickly become a minus--there may be no quick way to revoke a user's access if the access keys become compromised. (Suppose the president of a business connects to all his accounts by SSH from his laptop computer, and then the laptop gets stolen at the airport?) (Just to complete the picture, security can be provided at a lower level of the networking stack using IPsec. With IPsec ESP beneath it, even ordinary Telnet-over-TCP becomes secure.) Anyway, for your investigation, you should check the following web page, where I maintain links to nearly all terminal-emulation, Telnet, and/or SSH client programs. http://www.cs.utk.edu/~shuford/terminal/pc_emulation.html This is part of my "Video Terminal Information" archive: http://www.cs.utk.edu/~shuford/terminal_index.html ...RSS -- Your cow joke might be worth a Frisbee. http://www.stonyfield.com/weblogarchives/DailyScoop/000651.html .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Thu, 03 Feb 2005 15:34:46 -0600 References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Date: 03 Feb 2005 16:34:42 -0500 From: Richard E. Silverman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) >>>>> "RSS" == Richard S Shuford writes: RSS> In contrast, a free product must give a warning, not a warranty: RSS> The entire risk as to the quality and performance of the RSS> program is with you. Should the program prove defective, you RSS> assume the cost of all necessary servicing, repair, or RSS> correction. Most EULA's on commercial software say essentially the same thing -- disclaiming all warranties except replacing defective media. Support is certainly a valuable service, but let's not pretend that commercial software vendors provide warranties as to the correct functioning of their software. Overwhelmingly, they do not. RSS> SSH is popular because its administrative overhead is relatively RSS> low, compared to the other secure-connection schemes, however, RSS> this plus can quickly become a minus--there may be no quick way RSS> to revoke a user's access if the access keys become compromised. It is not accurate to ascribe this behavior to "SSH," as if it were a limitation of the protocol. Rather, it is true if you use the default, simplistic key-management/authorization mechanisms (known_hosts, authorized_keys, etc.). The main SSH implementations, both free and commercial, now support Kerberos and PKI (and they interoperate to boot). -- Richard Silverman res@qoxp.net .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: list.stratagy.com References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Organization: The Late, Great Stratagy Users Group Date: Thu, 3 Feb 2005 22:51:02 EST From: Richard S. Shuford Subject: Re: evaluate the best SSH client (was: Print in PuTTy) Richard E. Silverman wrote: | | Most EULA's on commercial software say essentially the same | thing--disclaiming all warranties except replacing defective media. | Support is certainly a valuable service, but let's not pretend that | commercial software vendors provide warranties as to the correct | functioning of their software. Overwhelmingly, they do not. Perhaps I let poetic metaphor obscure the point. With a commercial product, when something goes wrong, you can generally get somebody on the telephone to help you. The "something" need not be a defect in the program: there are many possible modes of failure. Figuring out the source of a problem often requires technically informed diagnostic troubleshooting, and it is unwise to expect that a naive user can perform such troubleshooting unassisted. Support for free software is typically obtained from volunteers, who frequent Usenet and certain web sites in their spare time and answer questions out of a spirit of helpfulness. But it is very difficult for such a volunteer to direct a troubleshooting procedure while communicating through casual Internet means. For some problems, you've got to talk interactively to solve them. (It is possible that some third-party person or company will sell the service of providing telephone support for a free software product, but such support is not always available.) If an organization's users are able to get by with volunteer support, or if the organization contains experts who can help out when one session's output mysteriously freezes (when somebody typed Control-S by accident!), then there is more leeway to adopt free software. | It is not accurate to ascribe this behavior to "SSH," as if it were | a limitation of the protocol. Rather, it is true if you use the | default, simplistic key-management/authorization mechanisms | (known_hosts, authorized_keys, etc.). The main SSH implementations, | both free and commercial, now support Kerberos and PKI (and they | interoperate to boot). I'll guess that 99 and 44/100th percent of people who are connecting via SSH are using known_hosts and authorized_keys (or equivalents). However, if you've got a list of implementations that can use Kerberos and PKI, please post it, and the rest of us can be better informed. ...RSS -- Juvenile-delinquent heifers and steers commit vandalism. http://www.stonyfield.com/weblogarchives/BovineBugle/000798.html .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: darwin.oankali.net [216.254.67.191] NNTP-Posting-Date: Fri, 04 Feb 2005 00:06:24 -0600 References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: Date: 04 Feb 2005 01:06:13 -0500 From: Richard E. Silverman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) >>>>> "RSS" == Richard S Shuford writes: RSS> However, if you've got a list of implementations that can use RSS> Kerberos and PKI, please post it, and the rest of us can be RSS> better informed. OpenSSH and VShell/SecureCRT (VanDyke) support Kerberos via GSSAPI; Tectia (ssh.com) supports both Kerberos and X.509 certificates. -- Richard Silverman co-author: SSH, The Secure Shell (The Definitive Guide) http://www.oreilly.com/catalog/sshtdg .............................................................................. Newsgroups: comp.terminals, comp.security.ssh, comp.os.linux.networking NNTP-Posting-Host: 24.193.46.55 NNTP-Posting-Date: Sat, 05 Feb 2005 08:26:55 EST References: <1107446624.973266.56000@z14g2000cwz.googlegroups.com> Message-ID: <4204CA45.5050906@nyc.rr.com> Date: Sat, 05 Feb 2005 13:26:55 GMT From: Jeffrey Altman Subject: Re: evaluate the best SSH client (was: Print in PuTTy) Richard S. Shuford wrote: > > I'll guess that 99 and 44/100th percent of people who are connecting > via SSH are using known_hosts and authorized_keys (or equivalents). > However, if you've got a list of implementations that can use Kerberos > and PKI, please post it, and the rest of us can be better informed. > ...RSS Kermit 95 supports SRP, GSS-Kerberos 5, in addition to the traditional shared keys and password based authentication methods. -- Jeffrey Altman .............................................................................. Newsgroups: comp.terminals, comp.security.ssh NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1151582345.037066.151790@m73g2000cwd.googlegroups.com> Message-ID: Organization: WOMUMP Date: 30 Jun 2006 11:20:35 +0100 (BST) From: Jacob Nevins Subject: Re: Putty Authentication [ followups set ] Joao writes: > > I'd like to be authenticated in the SSH server side using Putty, > so, is it possible to use a X509 Certificate? PuTTY does _not_ support X.509 authentication with SSH. (There may be some third-party fork/patch which does so, but I'm not aware of one.) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 81.5.153.194 NNTP-Posting-Date: Fri, 18 Feb 2005 15:40:26 +0000 (UTC) References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> Message-ID: <1108741221.933727.115680@f14g2000cwb.googlegroups.com> Date: 18 Feb 2005 07:40:21 -0800 From: Moray Subject: Re: Line draw in PuTTY Thanks for the reply - and thanks for the dialog package: we use it extensively. Replacing man wouldn't really help me, though - I'll need unicode characters in filenames, too. I have found part of the problem: with TERM=xterm or TERM=putty, dialog outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing - which does not work in UTF-8 mode. Is that a limitation of those terminals themselves, or of the terminfo files? With TERM=linux, dialog does output the correct line drawing characters for PuTTY's UTF-8 mode, although the colouring of the background is not completely filled in as it is on the console. Does anyone know a Linux TERM setting that supports Unicode and gives good results in PuTTY? .............................................................................. Newsgroups: comp.terminals References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> Message-ID: <111cir07ptli332@corp.supernews.com> Date: Fri, 18 Feb 2005 20:09:04 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Moray wrote: > > Thanks for the reply - and thanks for the dialog package: we use it > extensively. Replacing man wouldn't really help me, though - I'll need > unicode characters in filenames, too. > I have found part of the problem: with TERM=xterm or TERM=putty, dialog > outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing - > which does not work in UTF-8 mode. Is that a limitation of those > terminals themselves, or of the terminfo files? Actually that's a limitation of PuTTY (which is reflected in an accurate terminfo file for it). I'm told that in UTF-8 mode, PuTTY does not implement the VT100-style shift-in and shift-out controls (the ^N and ^O characters), but does recognize the analogous \E(B and \E(0 sequences. For some reason, PuTTY's developers choose to not document the program(*), e.g., by constructing appropriate terminfo/termcap entries. I did get some information from one of the former developers, but looking now, I see that detail was overlooked (making a note to update & test...). > With TERM=linux, dialog does output the correct line drawing characters > for PuTTY's UTF-8 mode, although the colouring of the background is not > completely filled in as it is on the console. > Does anyone know a Linux TERM setting that supports Unicode and gives > good results in PuTTY? perhaps (untested) infocmp putty >foo edit foo, add/replace the strings for rmacs and smacs to read (keep the leading tabs on the lines) rmacs=\E(B, smacs=\E(0, tic foo (*) this is not unusual, unfortunately (but what good is a terminal emulator without a correct terminal description?) -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1119cnrs52m7ccc@corp.supernews.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> Message-ID: <111f3do1s75pq36@corp.supernews.com> Date: Sat, 19 Feb 2005 19:04:24 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Thomas Dickey wrote: > > > I have found part of the problem: with TERM=xterm or TERM=putty, dialog > > outputs the old-fashioned )0^Nlqqqqqqk^O style of line drawing -- > > which does not work in UTF-8 mode. Is that a limitation of those > > terminals themselves, or of the terminfo files? > > Actually that's a limitation of PuTTY (which is reflected in an accurate > terminfo file for it). I'm told that in UTF-8 mode, PuTTY does not implement > the VT100-style shift-in and shift-out controls (the ^N and ^O characters), > but does recognize the analogous \E(B and \E(0 sequences. Hmm--what I was told was incorrect. Reading the 5.6 source code, I see that PuTTY completely ignores the \E(B, etc., in UTF-8 mode. Using dialog built with ncursesw, of course, that's not a problem. (There's no need for me to modify the "putty" terminfo description). Reading down through the code, I also see a number of comments relating to xterm--several are inaccurate, since the comments relate to features of different versions of xterm (something like confusing xvt and Eterm). It would be nice if PuTTY's developers would clean those up, considering that its documentation states that it is emulating xterm. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> <111f3do1s75pq36@corp.supernews.com> Message-ID: Organization: Linux Unlimited Date: 19 Feb 2005 19:32:28 +0000 (GMT) From: Ben Harris Subject: Re: Line draw in PuTTY In article <111f3do1s75pq36@corp.supernews.com>, Thomas Dickey wrote: > > Reading down through the code, I also see a number of comments relating to > xterm - several are inaccurate, since the comments relate to features of > different versions of xterm (something like confusing xvt and Eterm). It > would be nice if PuTTY's developers would clean those up, considering that > its documentation states that it is emulating xterm. I agree that the comments in terminal.c are dire in places. If you could tell us which ones you think are inaccurate and why, that would make correcting them a lot easier. -- Ben Harris .............................................................................. Newsgroups: comp.terminals Date: Sat, 19 Feb 2005 20:03:51 -0000 Message-ID: <111f6t7m4ed2q8d@corp.supernews.com> References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <1108741221.933727.115680@f14g2000cwb.googlegroups.com> <111cir07ptli332@corp.supernews.com> <111f3do1s75pq36@corp.supernews.com> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) From: Thomas Dickey Subject: Re: Line draw in PuTTY Ben Harris wrote: > > In article <111f3do1s75pq36@corp.supernews.com>, > Thomas Dickey wrote: >> >>Reading down through the code, I also see a number of comments relating to >>xterm - several are inaccurate, since the comments relate to features of >>different versions of xterm (something like confusing xvt and Eterm). It >>would be nice if PuTTY's developers would clean those up, considering that >>its documentation states that it is emulating xterm. > I agree that the comments in terminal.c are dire in places. If you could > tell us which ones you think are inaccurate and why, that would make > correcting them a lot easier. offhand - The comment about ENQ has been obsolete for several years: http://invisible-island.net/xterm/xterm.log.html#xterm_90 The documentation refers to titlebar sequences being supported by DECterm, but not xterm (xterm recognizes ST as well as BEL). The comment for CBT is misleading - a cursor control sequence which is standard, versus a reference to the kcbt string emitted by xterm. swap_screen - not exactly. Blame the existing usage that doesn't allow for a stack in things like save-cursor, alternate-screen, etc. The comment would read better anyway by stating what the function does. xterm-style bright foreground/background (see ctlseqs.ms - that's borrowed from aixterm, and is not actually "bright" colors). Also, I agree that it would be nice to know which manual is correct regarding the introduction of ICH and ECH. But the VT102 manual doesn't mention either. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals Organization: Linux Unlimited Message-ID: References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <111f3do1s75pq36@corp.supernews.com> <111f6t7m4ed2q8d@corp.supernews.com> NNTP-Posting-Host: rapun.sel.cam.ac.uk Originator: chiark.greenend.org.uk ([193.201.200.170]) Date: 19 Feb 2005 22:15:58 +0000 (GMT) From: Ben Harris Subject: Re: Line draw in PuTTY In article <111f6t7m4ed2q8d@corp.supernews.com>, Thomas Dickey wrote: > > The comment about ENQ has been obsolete for several years: > http://invisible-island.net/xterm/xterm.log.html#xterm_90 Removed. We blame [B] (source of much useful but horrid code, and very few accurate comments). > The documentation refers to titlebar sequences being supported > by DECterm, but not xterm (xterm recognizes ST as well as BEL). Where? The only mention of DECterm in doc/*.but is in the FAQ, which merely states that DECterm's title-changing sequences are different from xterm's (which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses OSC 21 ; Ps ST). > The comment for CBT is misleading - a cursor control sequence which > is standard, versus a reference to the kcbt string emitted by xterm. Fixed. Blame [B] again. > swap_screen - not exactly. Blame the existing usage that doesn't > allow for a stack in things like save-cursor, alternate-screen, etc. PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities on xterm. Xterm is free to pass the buck if it wants. > xterm-style bright foreground/background (see ctlseqs.ms - that's > borrowed from aixterm, and is not actually "bright" colors). Fixed. If they're not actually bright colours, what are they? The aixterm documentation I've been able to find is singularly unhelpful in this area. -- Ben Harris .............................................................................. Newsgroups: comp.terminals Organization: RadixNet Internet Services Message-ID: <111fsf5p44sut8a@corp.supernews.com> References: <1108645142.012919.137740@o13g2000cwo.googlegroups.com> <111f3do1s75pq36@corp.supernews.com> <111f6t7m4ed2q8d@corp.supernews.com> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (SunOS/5.8 (sun4u)) Date: Sun, 20 Feb 2005 02:11:49 -0000 From: Thomas Dickey Subject: Re: Line draw in PuTTY Ben Harris wrote: >> >> The documentation refers to titlebar sequences being supported >> by DECterm, but not xterm (xterm recognizes ST as well as BEL). > Where? The only mention of DECterm in doc/*.but is in the FAQ, which merely > states that DECterm's title-changing sequences are different from xterm's > (which is true; e.g. xterm uses OSC 1 ; Ps ST where DECterm uses > OSC 21 ; Ps ST). ok - hadn't considered that. >> swap_screen - not exactly. Blame the existing usage that doesn't >> allow for a stack in things like save-cursor, alternate-screen, etc. > PuTTY got private modes 1047 and 1049 from xterm, so we blame their oddities > on xterm. Xterm is free to pass the buck if it wants. 1047/1048 are identical to the 47 (except that they can be disabled easily). 1049's simply a nicer packaging of the two. Either way, they're still used in the same context as 47, and subject to the same limitations vis subprocesses reinitializing the screen. >> xterm-style bright foreground/background (see ctlseqs.ms - that's >> borrowed from aixterm, and is not actually "bright" colors). > Fixed. If they're not actually bright colours, what are they? The aixterm > documentation I've been able to find is singularly unhelpful in this area. 16 distinct colors (the values of which are of course set by resources). -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: WOMUMP Date: 23 Feb 2005 18:12:33 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Dave Lindquist writes: >I've a weird but with Putty, xterm, and just about anything else I've tried >for terminal programs. > >If you resize the window of the terminal manually, everything works >perfectly -- the new size of the window (chars x chars) is communicated >properly to the other end, and line-wrapping works perfectly. > >However, if you maximize the window, something different happens. ncurses >apps, etc all recognize the new size and use it, but the Linux (Gentoo) >command prompt still tries to wrap at the wrong column (the original width >before being maximized). PuTTY (0.57) appears to be sending the appropriate window-size message for the protocol regardless of how the window is resized. There's a common problem where the SSH server (or whatever) only sends a window size change notification (SIGWINCH) to the foreground process, so if you resize while another process is running, and then exit that process, the shell doesn't notice that the window size has changed. Running "kill -WINCH $$" will then cause the bash shell to notice what has happened. I can reproduce this on Debian woody with bash as my shell and lynx in the foreground, whether I resize by maximising or by changing the window size, over SSH and Telnet protocols. .............................................................................. Newsgroups: comp.terminals References: Message-ID: <111pidqplklhgd7@corp.supernews.com> Date: Wed, 23 Feb 2005 18:21:46 -0000 From: Thomas Dickey Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Jacob Nevins wrote: > > I can reproduce this on Debian woody with bash as my shell and lynx in > the foreground, whether I resize by maximising or by changing the window > size, over SSH and Telnet protocols. But lynx doesn't resize dynamically, so (unless you're pressing ^R to update the display), you won't be able to test that. That's done to limit network activity, etc. Most text editors will resize dynamically - that's a better test. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <111pidqplklhgd7@corp.supernews.com> Message-ID: Organization: WOMUMP Date: 23 Feb 2005 19:51:48 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY / xterm / line-wrapping when "maximized" Thomas Dickey writes: > >Jacob Nevins wrote: >> >> I can reproduce this on Debian woody with bash as my shell and lynx in >> the foreground, whether I resize by maximising or by changing the window >> size, over SSH and Telnet protocols. > >But lynx doesn't resize dynamically, so (unless you're pressing ^R to update >the display), you won't be able to test that. That's done to limit network >activity, etc. Since I'm demonstrating a problem with the shell, what the foreground process does should be immaterial. But, just for you, I reproduced it with vim too. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: host70-69.pool8255.interbusiness.it [82.55.69.70] NNTP-Posting-Date: Sun, 27 Feb 2005 14:15:23 MET References: Message-ID: Date: Sun, 27 Feb 2005 13:15:23 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Jacob Nevins wrote: > > The reason why this only started to be a problem in 0.54 is because > "screen" typically uses an unusual control sequence to switch to the > alternate screen, and previous versions of PuTTY did not support > this sequence. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#QA.7.19 OK, I disabled alternate screen and now I got scrollback history. When I'm attacched on screen and I exit from vi I see text inside on the screen, I like alternate screen but I think this is a good solution, but.. when I'm not attacched to screen I have screen *cleared* when exit from vi (or less).. I do not like this behaviour so much.. Thanks, Pierluigi. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: Message-ID: <1123l2ihbmv7h8c@corp.supernews.com> Date: Sun, 27 Feb 2005 14:08:18 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > ok, I disabled alternate screen and now I got scrollback history. > When I'm attacched on screen and I exit from vi I see text inside on the > screen, I like alternate screen but I think this is a good solution, > but.. when I'm not attacched to screen I have screen *cleared* when exit > from vi (or less).. I do not like this behaviour so much.. > Thanks, Pierluigi. That could still be related to the alternate screen. For example, infocmp's output (looking at xterm-r6), rmcup=\E[2J\E[?47l\E8, smcup=\E7\E[?47h, For this example, smcup saves the cursor position (assumed to be in the normal screen) and switches to the alternate screen. The rmcup string is emitted by vi on exit. It clears the screen, switches back from the alternate screen and restores the cursor position. Simply disabling the \E[?47l and \E[?47h (switch between normal/alternate) won't affect the clearing with \E[2J. Modern xterm implements escape sequences which combine all of those pieces into a single escape sequence which can be suppressed. Running in "screen", there are two $TERM values to take into account: the one for screen (which as noted, does use the modern \E[?1049l), and the external one (which could be rxvt, for instance--uses strings like xterm-r6). rxvt doesn't implement that, BTW, though some other emulators have done so. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.53.30.78 NNTP-Posting-Date: Sun, 27 Feb 2005 16:54:06 MET References: <1123l2ihbmv7h8c@corp.supernews.com> Message-ID: Organization: TIN Date: Sun, 27 Feb 2005 15:54:06 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > > That could still be related to the alternate screen. For example, > infocmp's output (looking at xterm-r6), ... > > Running in "screen", there are two $TERM values to take into account: the > one for screen (which as noted, does use the modern \E[?1049l), and the > external one (which could be rxvt, for instance--uses strings like xterm-r6). > rxvt doesn't implement that, BTW, though some other emulators have done so. Thank's a lot Thomas Dickey, I'm sorry, but I do not understand so much.. is this a solution or an explanation of the problem? Perhaps my english is not so good :( My question now is: Can I use alternate screen (I found it very usefull) and say, in some way, to PuTTY to disable it only when it's called by screen? (so I don't lose scrollback history) Someone has had this problem before? Regards, Pierluigi. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> Message-ID: <1124424qr0o6e19@corp.supernews.com> Date: Sun, 27 Feb 2005 18:24:04 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > Thank's a lot Thomas Dickey, > I'm sorry, but I do not understand so much.. is this a solution or an > explanation of the problem? Perhaps my english is not so good :( Mostly an explanation. Before running screen, what is $TERM set to? And what does infocmp show at that point? My guess is that it shows strings something like I indicated. (The "putty" terminfo entry which I have in ncurses does this, but I thought it unlikely that you are using that, since PuTTY defaults to setting TERM to "xterm"). If my guess is correct, you can fix that problem by changing the terminfo entry which is set (either by modifying the terminfo entry-- a reasonably good idea if it is "putty"), or choosing one which is closer (that's a little harder to advise). > My question now is: > Can I use alternate screen (I found it very usefull) and say, in some > way, to PuTTY to disable it only when it's called by screen? (so I don't > lose scrollback history) I don't think so. When screen first starts up, it uses the original $TERM's value to initialize the display. So it's no different from other applications in that aspect. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.55.87.133 NNTP-Posting-Date: Sun, 27 Feb 2005 21:35:04 MET References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> Message-ID: Date: Sun, 27 Feb 2005 20:35:04 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > Pierluigi Di Lorenzo wrote: > >>Thank's a lot Thomas Dickey, >>I'm sorry, but I do not understand so much.. is this a solution or an >>explanation of the problem? Perhaps my english is not so good :( > > > Mostly an explanation. Before running screen, what is $TERM set to? > And what does infocmp show at that point? My guess is that it shows > strings something like I indicated. (The "putty" terminfo entry which > I have in ncurses does this, but I thought it unlikely that you are > using that, since PuTTY defaults to setting "xterm"). ah OK, yes you were right, before running screen $TERM is set to "xterm", rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h. Attached to screen $TERM is set to screen, rmcup=\E[?1049l and smcup=\E[?1049h > If my guess is correct, you can fix that problem by changing the > terminfo entry which is set (either by modifying the terminfo entry - > a reasonably good idea if it is "putty"), or choosing one which is > closer (that's a little harder to advise). mmm.. can you explain me better this last thing please? I have no idea what rmcup and smcup means.. Thank's a lot, Pierluigi. > > >>My question now is: >>Can I use alternate screen (I found it very usefull) and say, in some >>way, to PuTTY to disable it only when it's called by screen? (so I don't >>loose scrollback history) > > > I don't think so - when screen first starts up, it uses the original $TERM's > value to initialize the display. So it's no different from other applications > in that aspect. -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> Message-ID: <1124dpgmnu60gfe@corp.supernews.com> Date: Sun, 27 Feb 2005 21:10:08 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > > ah OK, yes you was right, before running screen $TERM is set to xterm, > rmcup=\E[2J\E[?47l\E8 and smcup=\E7\E[?47h. > Attached to screen $TERM is set to screen, rmcup=\E[?1049l and > smcup=\E[?1049h Yes. Checking the history for ncurses' terminfo.src, I see that screen 3.9.13 added the 1049 code (and I added the corresponding change to ncurses in late 2002). xterm's terminfo generally has been the same as xterm-r6, since that's been the default install for ncurses. Most of the Linux distributors modify that (no two alike, I think ;-). >> If my guess is correct, you can fix that problem by changing the >> terminfo entry which is set (either by modifying the terminfo entry - >> a reasonably good idea if it is "putty"), or choosing one which is >> closer (that's a little harder to advise). >> closer (that's a little harder to advise). > mmm.. can you explain me better this last thing please? I have no idea > what rmcup and smcup means.. They're mentioned in the (long) terminfo manpage, and are abbreviations, e.g., reset-mode-cursor-positioning and set-mode-cursor-positioning. Few terminals actually require those particular strings, but by convention, xterm's alternate-screen strings are there (because they're sent at the right time to be useful). The corresponding termcap names are ti and te (terminal initialize, terminal end). xterm has a resource "titeInhibit" which deals with this. Anyway--you're using putty which does support the 1049 code. I'd set putty to make $TERM set to "putty", and then modify the putty terminfo entry to use the 1049 codes: use infocmp to get a text of the terminfo entry, replace the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run tic to update it. -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 82.57.4.29 NNTP-Posting-Date: Sun, 27 Feb 2005 23:14:23 MET References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> <1124dpgmnu60gfe@corp.supernews.com> Message-ID: <3DrUd.972836$35.36315390@news4.tin.it> Organization: TIN Date: Sun, 27 Feb 2005 22:14:23 GMT From: Pierluigi Di Lorenzo Subject: Re: PuTTY and GNU screen Thomas Dickey wrote: > > Anyway--you're using putty which does support the 1049 code. I'd set putty > to make $TERM set to "putty", and then modify the putty terminfo entry to > use the 1049 codes: use infocmp to get a text of the terminfo entry, replace > the two chunks of text for rmcup=XXX and smcup=XXX to match, and then run > tic to update it. > OK, what file I have to edit to change values on binary file /usr/share/terminfo/p/putty? (I hope I understand well..) Thank's again, please be patient -- Pierluigi Di Lorenzo ePrometeus s.r.l .............................................................................. Newsgroups: comp.terminals References: <1123l2ihbmv7h8c@corp.supernews.com> <1124424qr0o6e19@corp.supernews.com> <1124dpgmnu60gfe@corp.supernews.com> <3DrUd.972836$35.36315390@news4.tin.it> Message-ID: <1124jfu1s5om88f@corp.supernews.com> Date: Sun, 27 Feb 2005 22:47:26 -0000 From: Thomas Dickey Subject: Re: PuTTY and GNU screen Pierluigi Di Lorenzo wrote: > > OK, what file I have to edit to change values on binary file > /usr/share/terminfo/p/putty? > > (I hope I understand well..) > Thank's again, please be patient "tic" and "infocmp" operate on those files. Use infocmp to get the contents. If I were modifing the putty (binary) file, I'd do something like infocmp putty > foo vi foo tic foo For example, on this host I have terminfo entries in my user directory (since radixnet is _not_ my home machine): # Reconstructed via infocmp from file: /export/home/dickey/lib/terminfo/p/putty putty|PuTTY terminal emulator, am, bw, ccc, hs, mir, msgr, xenl, xon, colors#8, it#8, ncv#22, pairs#64, acsc=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~, bel=^G, blink=\E[5m, bold=\E[1m, cbt=\E[Z, civis=\E[?25l, clear=\E[H\E[J, cnorm=\E[?25h, cr=\r, csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=\b, cud=\E[%p1%dB, cud1=\ED, cuf=\E[%p1%dC, cuf1=\E[C, cup=\E[%i%p1%d;%p2%dH, cuu=\E[%p1%dA, cuu1=\EM, dch=\E[%p1%dP, dch1=\E[P, dispc=%?%p1%{8}%=%t\E%%G\342\227\230\E%%@%e%p1%{10}%=%t\E%%G\342\227\231p1%{12}%=%t\E%%G\342\231\200\E%%@%e%p1%{13}%=%t\E%%G\342\231\252\E%%@%e%p1%{14}%=%t\E%%G\342\231\253\E%%@%e%p1%{15}%=%t\E%%G\342\230\274\E%%@%e%p1%{27}%=%t\E%%G\342\206\220\E%%@%e%p1%{155}%=%t\E%%G\340\202\242\E%%@%e%p1%c%;, dl=\E[%p1%dM, dl1=\E[M, dsl=\E]0;^G, ech=\E[%p1%dX, ed=\E[J, el=\E[K, el1=\E[1K, enacs=\E(B\E)0, flash=\E[?5h\E[?5l, fsl=^G, home=\E[H, hpa=\E[%i%p1%dG, ht=\t, hts=\EH, il=\E[%p1%dL, il1=\E[L, ind=\n, indn=\E[%p1%dS, initc=\E]P%p1%x%p2%{255}%*%{1000}%/%02x%p3%{255}%*%{1000}%/%02x%p4%{255}}%/%02x, is2=\E7\E[r\E[m\E[?7h\E[?1;4;6l\E[4l\E8\E>\E]R, kb2=\E[G, kbs=^?, kcan=^C, kcbt=\E[Z, kcub1=\E[D, kcud1=\E[B, kcuf1=\E[C, kcuu1=\E[A, kdch1=\E[3~, kend=\E[4~, kf1=\E[11~, kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf13=\E[25~, kf14=\E[26~, kf15=\E[28~, kf16=\E[29~, kf17=\E[31~, kf18=\E[32~, kf19=\E[33~, kf2=\E[12~, kf20=\E[34~, kf3=\E[13~, kf4=\E[14~, kf5=\E[15~, kf6=\E[17~, kf7=\E[18~, kf8=\E[19~, kf9=\E[20~, khome=\E[1~, kich1=\E[2~, kmous=\E[M, knp=\E[6~, kpp=\E[5~, kspd=^Z, nel=\r\n, oc=\E]R, op=\E[39;49m, rc=\E8, rev=\E[7m, ri=\EM, rin=\E[%p1%dT, rmacs=^O, rmam=\E[?7l, rmcup=\E[2J\E[?47l, rmir=\E[4l, rmpch=\E[10m, rmso=\E[27m, rmul=\E[24m, rs2=\E<\E["p\E[50;6"p\Ec\E[?3l\E]R, s0ds=\E[10m, s1ds=\E[11m, s2ds=\E[12m, sc=\E7, setab=\E[4%p1%dm, setaf=\E[3%p1%dm, sgr=\E[0%?%p1%p6%|%t;1%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;m%?%p9%t^N sgr0=\E[m^O, smacs=^N, smam=\E[?7h, smcup=\E[?47h, smir=\E[4h, smpch=\E[11m, smso=\E[7m, smul=\E[4m, tbc=\E[3g, tsl=\E]0;, u6=\E[%i%d;%dR, u7=\E[6n, u8=\E[?6c, u9=\E[c, vpa=\E[%i%p1%dd, -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 198.173.15.250 NNTP-Posting-Date: Tue, 1 May 2007 19:22:44 +0000 (UTC) Message-ID: <1178047363.809087.257420@h2g2000hsg.googlegroups.com> Date: 1 May 2007 12:22:43 -0700 From: dcmdcm@gmail.com Subject: PuTTY DECSED (Selective Erase) (Esc [ ? x J) I've been using PuTTY for a while in various applications. I really like it, so I reached for it again for this latest application. Unfortunately, this app requires being able to selectively erase text on the screen ("Clear Foreground" text). The VTxxx referes to this capability as DECSED ("Esc [ ? x J", where x specifies the area of erasure desired (I'm looking for x=2, the whole screen). (There's another similar facility called DECSEL). I did discover that this facility is implemented in xterm, but I can't use xterm here (sorry, it's on Windows -- not my choice). I have a few alternatives: 1) Change the application to not use this facility. I'd rather not, there's a lot of code in this app [that I "inherited"]. 2) Use a different terminal emulator. I suppose I could, but I'd rather do something else. If someone has a suggestion for one, please let me know. No, I don't want to pay an arm and a log for a commercial emulator that's otherwise not as good as PuTTY. 3) Modify PuTTY to do what I want. This is my preferred course of action. Not only will I benefit, but others will, too. I can change it myself or I can ask someone else to do it. I would change it myself, but I've not been in the PuTTY code and would take me an unknown amount of time to spin up. If someone has a few pointers as to how this capability could be added -- where in the code to start looking -- I'd appreciate it. Another option would be to ask someone else to do it. Yes, I could pay something, but not likely what the labor would be worth. If anyone has any ideas on this, please let me know! HELP! Thanks! -- Dave Madsen ---dcm dcmdcm@gmail.com .............................................................................. Newsgroups: comp.terminals References: <1178047363.809087.257420@h2g2000hsg.googlegroups.com> Message-ID: <133fb4uoea9cs25@corp.supernews.com> Date: Tue, 01 May 2007 21:09:50 -0000 From: Thomas Dickey Subject: Re: PuTTY DECSED (Selective Erase) (Esc [ ? x J) dcmdcm@gmail.com wrote: > > I've been using PuTTY for a while in various applications. I really > like it, so I reached for it again for this latest application. > Unfortunately, this app requires being able to selectively erase text > on the screen ("Clear Foreground" text). The VTxxx referes to this > capability as DECSED ("Esc [ ? x J", where x specifies the area of > erasure desired (I'm looking for x=2, the whole screen). (There's > another similar facility called DECSEL). This demonstrates the feature http://invisible-island.net/vttest/ > I did discover that this facility is implemented in xterm, but I can't > use xterm here (sorry, it's on Windows -- not my choice). Some people use Cygwin, which runs on windows. (There are pros/cons to using that, but it's certainly simpler to install it and compile a current xterm, than to make PuTTY into a VT220-compatible terminal emulator.) xterm supports ANSI color, VT220 emulation and UTF-8 There's an FAQ at http://invisible-island.net/xterm/xterm.faq.html ftp://invisible-island.net/xterm/ -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 119.127.159.30 NNTP-Posting-Date: Tue, 17 Feb 2009 11:43:01 +0000 (UTC) Message-ID: Date: Tue, 17 Feb 2009 03:43:00 -0800 (PST) From: SwordAngel Subject: Colours in PuTTY vs Mac OS X command-line ssh client I have a remote Ubuntu box, the default shell of which is bash. I have tried connecting to it using PuTTY in Windows and using the command- line ssh client of Mac OS X Leopard. I notice that, when I connect using the command-line ssh client of Leopard, the "username@hostname" string at the bash prompt is automatically green, file names and directory names would also be coloured when I issue the "ls" command. However, the same is not true when I connect using PuTTY. How do I make PuTTY display colours the way the Leopard command-line ssh client would? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: Tartarus.Org Date: 17 Feb 2009 12:23:16 +0000 (GMT) From: Simon Tatham Subject: Re: Colours in PuTTY vs Mac OS X command-line ssh client SwordAngel wrote: > > I notice that, when I connect using the command-line ssh client of > Leopard, the "username@hostname" string at the bash prompt is > automatically green, file names and directory names would also be > coloured when I issue the "ls" command. However, the same is not true > when I connect using PuTTY. Most likely, the remote system is choosing whether or not to display colours based on the environment variable TERM. So, step 1: run "echo $TERM" in both environments, and see whether the results are different. If they are, step 2: configure PuTTY to send the same terminal type as Leopard's client (Connection > Data > Terminal-type string) and see if that gets you colour. -- Simon Tatham What do we want? ROT13! When do we want it? ABJ! ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1110561452.739233.297810@f14g2000cwb.googlegroups.com> Message-ID: Organization: WOMUMP Date: 11 Mar 2005 18:47:16 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY -- page-up to activate scroll back? Neil Mansilla writes: > > I'm a SecureCRT user, and on some of my other systems, I have PuTTY > installed. I was wondering if there is a way to assign the PAGE-UP > key to activate scrollback viewing (PAGE-UP/DOWN thereafter). No--that would seem rather intrusive--but Shift+PgUp/PgDn will do the trick, as for some other terminals. http://the.earth.li/~sgtatham/putty/0.57/htmldoc/Chapter3.html#S3.1.2 (Of course, there are people who'd like Shift+PgUp to go to the server. We should probably make this configurable.) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1156951207.243633.225700@74g2000cwt.googlegroups.com> Message-ID: Organization: WOMUMP Date: Tue, 12 Sep 2006 12:27:32 +0100 (BST) From: Jacob Nevins Subject: Re: clear command of Putty! I wrote: > > That page also notes that Thomas Dickey's xterm extends an existing > escape sequence to allow the server to clear the scrollback > (CSI 3 J). > > This should be trivial to implement in PuTTY; I guess the only > reason I haven't done it (apart from lack of time) is a slight > unease at unilateral extensions of this kind. > > Does any of the readership know of any actual problems that > implementing this might cause? Since there were no howls of protest, this is now implemented in the [new] PuTTY snapshots. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals References: <14ad014.0504190527.332fa6da@posting.google.com> Message-ID: <116ac9hbkra6nc5@corp.supernews.com> Date: Tue, 19 Apr 2005 16:26:25 -0000 From: Thomas Dickey Subject: Re: Putty input characters Bjoern Wolfgardt wrote: > Hi, > I have a problem with Putty. I have a test tool on our host that > displays special characters (umlaute, 'ä' ae, 'ü' ue...). > They are displayed correcly. But if I press the 'ä' key, the character > is not displayed. The host uses my input as a control key or something > else. > So my question is: > How do I get input and output to work with german keyboard (and > umlaute)? See PuTTY's configuration (window/translations). Your session is probably assuming that input is UTF-8 rather than ISO-8859-1. (this should be in PuTTY's faq). -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: hb-server-02.buhlmann.de [217.7.105.122] NNTP-Posting-Date: Wed, 20 Apr 2005 07:23:28 +0000 (UTC) References: <14ad014.0504190527.332fa6da@posting.google.com> <116ac9hbkra6nc5@corp.supernews.com> Message-ID: <14ad014.0504192323.1fd18816@posting.google.com> Date: 20 Apr 2005 00:23:27 -0700 From: Bjoern Wolfgardt Subject: Re: Putty input characters Thomas Dickey wrote in message news:<116ac9hbkra6nc5@corp.supernews.com>... > > see PuTTY's configuration (window/translations). Your session is > probably assuming that input is UTF-8 rather than ISO-8859-1. > > (this should be in PuTTY's faq). Thank you, It is not in the FAQ (or I didn't find it). So it is not in Putty? It is a host configuration? cu Bjoern .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <14ad014.0504190527.332fa6da@posting.google.com> <116ac9hbkra6nc5@corp.supernews.com> Message-ID: <837jixzqsw.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: 20 Apr 2005 11:27:27 +0100 From: Owen Dunn Subject: Re: Putty input characters Thomas Dickey writes: > > see PuTTY's configuration (window/translations). Your session is > probably assuming that input is UTF-8 rather than ISO-8859-1. > > (this should be in PuTTY's faq). Shockingly, we reserve our FAQ for questions which really are frequently asked :-). (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1120695271.155912.310980@g49g2000cwa.googlegroups.com> Message-ID: <83hdf5wbz3.fsf@chiark.greenend.org.uk> Organization: University of Cambridge, England Date: 08 Jul 2005 16:31:44 +0100 From: Owen Dunn Subject: Re: Putty UTF8 kai.hendry@gmail.com writes: > > Is there way of making win32 Putty's translation set to UTF-8 by > default? > > >I know you can Change settings ... but I can't be bothered. Change the translation to UTF-8 and then save the change to the Default Settings pseudo-session. (S) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 84.92.112.185 NNTP-Posting-Date: Mon, 25 Sep 2006 20:02:11 +0000 (UTC) References: <1159197945.542259.258110@b28g2000cwb.googlegroups.com> Message-ID: <1159214525.805448.135470@k70g2000cwa.googlegroups.com> Date: 25 Sep 2006 13:02:06 -0700 From: michaelrmgreen@yahoo.co.uk Subject: Re: Saving settings in Putty Tom Linden wrote: > > On Mon, 25 Sep 2006 08:25:45 -0700, wrote: > > > Everytime I open a Putty session I have to modify the foreground and > > background settings. How can I save these settings? > > > > thanks > > > > john > > > Click the SAVE button staring you in the face. > Which of course won't get you anywhere unless you click 'default' first. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1117218155.383861.124560@g49g2000cwa.googlegroups.com> Message-ID: Organization: WOMUMP Date: 27 May 2005 20:46:10 +0100 (BST) From: Jacob Nevins Subject: Re: Problem displaying CJK characters in PuTTY Ron R writes: > > I'm using PuTTY 0.58 to connect via SSH to a Linux RedHat (Fedora Core > 2) host. > > Through this connection I run a program on the Linux host which > displays Japanese as well as other CJK characters. However, the CJK > characters do not appear at all in the PuTTY terminal. I have already > set the Windows-Terminal panel to expect data in UTF-8 format. There is a known issue that can cause PuTTY 0.58 on Windows to display some characters in different scripts as blanks, described here: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-font-linking.html It's a side effect of support that was added for bidirectional text and Arabic shaping. Help with fixing it welcome. .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1117218155.383861.124560@g49g2000cwa.googlegroups.com> <1117233174.938249.270470@g43g2000cwa.googlegroups.com> Message-ID: Organization: WOMUMP Date: 28 May 2005 02:32:41 +0100 (BST) From: Jacob Nevins Subject: Re: Problem displaying CJK characters in PuTTY Ron R writes: > >Thanks very much for the quick response! I guess this means I would >have to roll back to 0.56 or 0.57. I understand, however, that a >security hole was fixed in 0.58 :-( No, there's no major security bugfixes in 0.58 over 0.57. 0.57, however, does contain security-related fixes over 0.56. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Newsgroups: comp.terminals NNTP-Posting-Host: 0x50c73e98.adsl-fixed.tele.dk [80.199.62.152] NNTP-Posting-Date: Sat, 12 Nov 2005 23:33:08 +0000 (UTC) Message-ID: <1131838383.242575.53900@g44g2000cwa.googlegroups.com> Date: 12 Nov 2005 15:33:03 -0800 From: "lh@eucsyd.dk" Subject: PUTTY - send line ends with line feeds when I push the return key I get two CRLF In Windows Hyperterm I can get the same 'fault' by choosing - Properties-Settings-ASCII setup-Send line ends with line feeds. But I can't find where to remove that function with PUTTY LH .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1131838383.242575.53900@g44g2000cwa.googlegroups.com> Message-ID: Organization: WOMUMP Date: 13 Nov 2005 12:15:04 +0000 (GMT) From: Jacob Nevins Subject: Re: PUTTY - send line ends with line feeds lh@eucsyd.dk writes: > >when I push the return key I get two CRLF > >In Windows Hyperterm I can get the same 'fault' by choosing - >Properties-Settings-ASCII setup-Send line ends with line feeds. > >But I can't find where to remove that function with PUTTY If you're using Telnet, this setting may be relevant: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-telnetnl .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: WOMUMP Date: 13 Nov 2005 12:16:38 +0000 (GMT) From: Jacob Nevins Subject: Re: PuTTY: How to get title bar string programmatically? kj writes: > >Is there any way that a Unix shell script (zsh, to be precise) >running within a PuTTY terminal could determine the string currently >displayed on the window's title bar? PuTTY can support an escape sequence to do this. However, it's turned off by default for security reasons. http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-features-qtitle ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals, comp.security.ssh Followup-To: comp.security.ssh NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1133352801.468997.81550@z14g2000cwz.googlegroups.com> Message-ID: Organization: WOMUMP Date: 30 Nov 2005 14:25:17 +0000 (GMT) From: Jacob Nevins Subject: Re: puttygen.exe: command line parameters/options This is *not* a question about terminals. Followups set. (comp.security.ssh) (I assume you posted to comp.terminals because of this section of the PuTTY web site: http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html#feedback-other-fora Could that have been written in such a way as to make it clearer which forum is appropriate for which questions?) gsh writes: > > What are the command line parameters/options for the puttygen.exe under > Windows? > > How can I perhaps automatically load or save a key (e. g. by calling > puttygen.exe in a DOS batch file)? Windows PuTTYgen has very little command-line functionality. About the only thing you can do is specify a key filename on the command line, for it to load in initially. The reasons for this are outlined at http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/puttygen-batch.html \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Newsgroups: comp.unix.solaris NNTP-Posting-Host: dsl017-112-205.lax1.dsl.speakeasy.net [69.17.112.205] NNTP-Posting-Date: Mon, 23 May 2005 10:58:08 -0500 References: Message-ID: <0OKdnVIV4ZkMYAzfRVn-pg@speakeasy.net> Date: Mon, 23 May 2005 08:58:08 -0700 From: Robert Lawhead Subject: Re: Logon script with SSH ns wrote: > Hi all, > > I am using this two files to run script when users Telnet the server > (sol8-sparc) : > > /etc/profile > /etc/.login > > Now, i installed OpenSSH 4. > How can i use the same file for ssh connections ? > > If it's not possible, what's file i need to use > to run script at logon with ssh ? > > Thank You very much > > Best Regards > NS You can probaly get the behavior you want by modifying your sshd_config to allow "permituserenvironment" (and forcing sshd to reread the file) and creating an appropriate ~/.ssh/environment file. It should probably define "ENV" and "PATH". Note that it is your shell that is responsible for this behavior, not ssh itself. - Bob ////////////////////////////////////////////////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Newsgroups: comp.unix.solaris References: Message-ID: <337rd.391892$nl.2385@pd7tw3no> Date: Tue, 30 Nov 2004 23:07:43 GMT From: shea martin Subject: Re: ssh dsa passphrase shea martin wrote: > I am trying to get passwordless ssh working. I have done it before and > it seemed really simple, but it doesn't seem to be working for me now. > > ssh-keygen -t dsa > scp ~/.ssh/id_dsa wendy:.ssh/ > cat ~/.ssh/id_dsa.pub | ssh wendy 'cat - >> > ~/.ssh/authorized_keys' > > Now when I ssh to wendy, I should be asked for my passphrase, but I am > not, I am just asked for my password. Wendy is behind a firewall and > has port 22 forwarded. The hostname wendy is an entry in my hosts file. > > I have same user name on wendy and localhost. > > The sshd_config on wendy has the following relevant entries: > HostKey /usr/local/etc/ssh_host_dsa_key > DSAAuthentication yes > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > HostbasedAuthentication yes > > > Any I ideas why this isn't working? My ssh client is the default one > with solaris 10, and the server is running on 8 with opensshd from > sunfreeware. > > Thanks, > > ~S problem was home dir was chmod 775, not chmod 755. ~S .............................................................................. Newsgroups: comp.unix.solaris References: Message-ID: <9H_qd.5829$6o5.114@trnddc08> Date: Tue, 30 Nov 2004 13:36:05 GMT From: Richard Smith Subject: Re: ssh dsa passphrase "shea martin" wrote in message news:UNTqd.385598$%k.196048@pd7tw2no... > I am trying to get passwordless ssh working. I have done it before and > it seemed really simple, but it doesn't seem to be working for me now. > > ssh-keygen -t dsa > scp ~/.ssh/id_dsa wendy:.ssh/ You don't want to copy your private key to "wendy", only the public key... > cat ~/.ssh/id_dsa.pub | ssh wendy 'cat - >> > ~/.ssh/authorized_keys' > > Now when I ssh to wendy, I should be asked for my passphrase, but I am > not, I am just asked for my password. Wendy is behind a firewall and > has port 22 forwarded. The hostname wendy is an entry in my hosts file. > I have same user name on wendy and localhost. > > The sshd_config on wendy has the following relevant entries: > HostKey /usr/local/etc/ssh_host_dsa_key > DSAAuthentication yes > PubkeyAuthentication yes > AuthorizedKeysFile .ssh/authorized_keys > HostbasedAuthentication yes > > > Any I ideas why this isn't working? My ssh client is the default one > with solaris 10, and the server is running on 8 with opensshd from > sunfreeware. > > Thanks, > > ~S .............................................................................. From fbianchi@arte.unipi.it Thu Jul 15 07:03:45 2004 Message-ID: <0407151241290.5433@www.arte.unipi.it> Date: Thu, 15 Jul 2004 13:10:59 +0200 (CEST) To: Richard Shuford From: Federico Bianchi Subject: terminal clients for J2ME-enabled cell phones FYI, I have tried a couple free (GPL) TELNET and SSH clients for J2ME-enabled cell phones. The display are _REALLY_ small (my own Siemens C60 is 101x80 pixels) and using those keyboards is going to make anyone nervous, but nevertheless I have been positively impressed by the overall quality of the programs themselves. And at least for emergency management they still make a viable alternative... Best regards Federico Bianchi Dipartimento di Storia delle Arti Universita` degli Studi di Pisa p.zza S.Matteo in Soarta, 2 - 56127 Pisa (Italy) tel. +39-050-587111 (cent.), +39-050-587224 (uff.) fax. +39-050-580128; e-mail: =================================================== !DISCLAIMER!: my e-mail reflects _my_own_ opinions! =================================================== .............................................................................. References: <0407151241290.5433@www.arte.unipi.it> Message-ID: <3121.131.114.56.117.1089914692.squirrel@www.arte.unipi.it> Date: Thu, 15 Jul 2004 20:04:52 +0200 (CEST) To: Richard S. Shuford From: Federico Bianchi Subject: Re: terminal clients for J2ME-enabled cell phones For example, a very cute TELNET/SSH midlet may be found at http://phoenix.inf.upol.cz/~polakr/ (This is the one I am actually planning to use myself, if only because it is working well on my own cell phone.) Another nice app which may be of interest is the wapsh/htsh which you can see at http://www.exolution.de/geschaeft/produkte/wapsh.en.htm Best regards again. I actually should thank you for your site! > Sir Federico: > > Thank you for informing me about this technology. > > Is there a web URL I can include among my links? > > -- > ...Richard S. Shuford | "If a man loudly blesses his neighbor--early > ...shuford%cs.utk.edu | in the morning--it will be taken as a curse." > ...................... | Proverbs 27:14 > >>FYI, I have tried a couple free (GPL) TELNET and SSH clients for >>J2ME-enabled cell phones. The display are _REALLY_ small (my own Siemens >>C60 is 101x80 pixels) and using those keyboards is going to make anyone >>nervous, but nevertheless I have been positively impressed by the overall >>quality of the programs themselves. And at least for emergency management >>they still make a viable alternative... >> >>Best regards .............................................................................. Newsgroups: comp.unix.solaris References: Message-ID: Organization: Looking for work Date: Mon, 07 Jun 2004 22:28:07 -0400 From: Barry Margolin Subject: Re: SSH question In article , "gusmeister" wrote: > When a user copies files (using scp) from his home directory on one server > to his home directory on another server, the permissions of the newly > created files do not correspond to the umask on either the source server or > the destination server. > > Where does scp (or ssh) get the permission mask from? The shell on the remote system is not a login shell, so it doesn't run the user's .profile, so no user-specific umask is set. So the system-wide default will be used. You should probably use the -p option, which causes scp to copy the permissions from the original file. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: bonnieblue.clemson.edu NNTP-Posting-Date: Fri, 17 Jun 2005 20:42:36 +0000 (UTC) References: <3heeo0FgmuvfU1@individual.net> <3hgkftFgtib6U1@individual.net> <3hgqc0Fh26phU1@individual.net> Message-ID: Organization: Clemson University Date: Fri, 17 Jun 2005 20:42:36 +0000 (UTC) From: hubcap Subject: Re: ssh disconnecting >> This is often a sign of a mis-configured NAT... >so any hints what could be wrong... Last week, a fellow sysadmin was complaining that her SSH sessions kept being dropped from the Solaris 10 box she is configuring. Later, when walking by the console, she saw the message which indicates that someone else on our LAN was using the same IP address... -Mike ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 66.159.78.167 NNTP-Posting-Date: Fri, 17 Jun 2005 17:26:32 EDT References: <3heeo0FgmuvfU1@individual.net> <3hgkftFgtib6U1@individual.net> <3hgq67Fh072uU1@individual.net> Message-ID: Date: 17 Jun 2005 17:26:31 -0400 From: Greg Menke Subject: Re: ssh disconnecting Michael Laajanen writes: > HI, > > Greg Menke wrote: > > > Michael Laajanen writes: > > > HI, > > > > > Ever since my ISP upgraded our DSL modem at home, all SSH sessions die > > > after about 5 minutes of being idle. I have to run "top" or anything > > > that sends text at short intervals to keep the connection open. > > > The DSL modem works as a NAT router/firewall and is braindead about > > > "keep alives" > > > > That problem I don't have. > > > > But I wounder how robust SSH is actually, is IP-SEC a better way for > > daily work perhaps? > > > > > This is often a sign of a mis-configured NAT, so affects TCP in general > > not just SSH. SSH is as robust as TCP as far as comms are concerned, > > its crypto characteristics are certainly well suited for ad-hoc > > networking or in those cases where you don't have influence over network > > infrastructure. > > Gregm > > If I put a huge file ~1-200MB on a http server on the same server as > sshd resides I can download the file, but I have problems during sftp, > however I have a "feeling" that scp works better! I prefer scp myself, but its fundamentally the same stuff going on regardless. That said, I have seen problems with socket close semantics between Solaris and other operating systems, Solaris waiting for the connection close after the other end is long gone. I've not worked through the rfc's but I get the impression Solaris is trying to do the right thing and other ip stacks don't do it properly in some cases. vxWorks being the most notable offender- no suprise there. > Anyclue what could be missconfigured? I've also run into the connection drop issue using Samba, and solved it similarly- in this case a bash script that ran find on the top level directories then slept for a minute or two w/ repeat. Adding SO_KEEPALIVE to the Samba connections also helped solve the same problem in other circumstances. In regard to the NAT case, it was due to IP masquerading records on a Linux box that were expiring and causing the connection to drop. ipfilter uses much longer default timeouts. I'm sort of wondering if there is a router involved which isn't forwarding entirely properly. > Also, since I am a HW ENG I often use X for displaying waveforms from > my company's central Sparc cluster when visiting customers, and that > takes alot of bandwidth thus very quickly (10-30 seconds) hangs the SSH > link, any comments and does any of you use it for Mozilla, for instance, > which also uses a lot of bandwidth. Could there be some packet loss going on during your traffic spikes thats causing the TCP connections trouble? Gregm ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 84.92.112.185 NNTP-Posting-Date: Mon, 25 Sep 2006 20:04:23 +0000 (UTC) References: <1158867800.275830.96510@m7g2000cwm.googlegroups.com> Message-ID: <1159214658.067508.53750@b28g2000cwb.googlegroups.com> Date: 25 Sep 2006 13:04:18 -0700 From: michaelrmgreen@yahoo.co.uk Subject: Re: More Puttytel strife. Keyboard mapping this time michaelrmgreen@yahoo.co.uk wrote: > > In my business we are in transition between serial terminals and PCs.. > In order to ease the transition we are using the Puttytel telnet client > on the PCs. The server is running FreeBSD 4.11 and Samba 2.?, the PCs > are running Win2kSP4. The program we are using is MS FoxPro Unix (which > is compiled for SCO products and indeed it ran well on SCO Xenix!). > > The problem we are having is that, while the PC keyboard keys all work > normally at the shell prompt, in the FoxPro application, some keys act > abnormally. The numeric keypad acts as though two key were pressed, > additionally each sequence appears to be preceeded by a 'clear to > begininng of line' command. The output is as per Table 1 below. > > Can anyone offer ANY advice? TIA. > > Table 1. > The 0 might be nought or zero. I can't tell. > > Keypress Key sequence sent > [Num Lock] 0P > 0 0p > / 0Q > [Del] 0n > [Enter] 0M > [+] 0l > [-] 0S > 1 0q > 2 0r > 3 0s > 4 0t > 5 0u > 6 0v > 7 0w > 8 0x > 9 0y And the answer is: * disable keypad application mode in ' Session - Function ' ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: polly.par.univie.ac.at Message-ID: <42d4d0b9$0$11094$3b214f66@usenet.univie.ac.at> Date: 13 Jul 2005 08:28:44 GMT From: Martin Paul Subject: ssh-throttle I got tired of all the script-kiddies with their hundreds of ssh accesses, filling the log file when trying out invalid logins and guessing the root password. I can't restrict ssh access to a list of known hosts, as my users login from various systems at home, on conferences etc. So I came up with a simple way to lock out hosts after a certain number of ssh accesses in a given time (3 in one minute works for me). You'll need an ssh daemon that's linked against tcp-wrappers (default with Sun's SSH, optional with OpenSSH). In /etc/hosts.deny you need: # ssh-throttle sshd: ALL: spawn (/usr/sbin/ssh-throttle %a): ALLOW Like this, on any ssh connection the script ssh-throttle will be called, supplied with the IP address of the source host, and the connectionwill be allowed. ssh-throttle keeps track of the connections, and adds a DENY rule right after "# ssh-throttle" to /etc/hosts.deny. You can add default ALLOW rules for friendly hosts or networks above the "# ssh-throttle", so those connections will never be throttled. Here's the ssh-throttle script: #!/bin/sh clog="/var/run/ssh-throttle" clogt="/tmp/ssh-throttle.$$" deny="/etc/hosts.deny" tdeny="/tmp/hosts.deny.$$" limit=3 hh=`/usr/bin/date +%H` mm=`/usr/bin/date +%M` ip=$1 # Log connection echo "$hh $mm $ip" >> $clog # See if there were more than $limit connections from $ip in one minute count=`grep "$hh $mm $ip" $clog | wc -l` if test $count -gt $limit then # Check if the IP address is already listed in hosts.deny # exist=`grep "$ip" $deny` if test "$exist" = "" then # Log a warning, and add an entry to hosts.deny # logger -p auth.warn -t ssh-throttle "Denying $ip ($hh:$mm)" cat $deny | sed "/# ssh-throttle/a\\ sshd: $ip: DENY " > $tdeny mv $tdeny $deny fi fi # Only keep current entries in the connection log grep "$hh $mm " $clog > $clogt mv $clogt $clog Maybe it's of use for someone else, too. The basic concept isn't restricted to ssh, it could easily be extended to protect other services, too. mp. -- Systems Administrator | Institute of Scientific Computing | Univ. of Vienna ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 193.95.146.5 NNTP-Posting-Date: Wed, 17 Aug 2005 15:49:30 +0000 (UTC) References: <1124291527.955814.311540@g14g2000cwa.googlegroups.com> Message-ID: <1124293765.037412.312790@f14g2000cwb.googlegroups.com> Date: 17 Aug 2005 08:49:25 -0700 From: Ciccio Subject: Re: SunSSH erratic behaviour after applying SST (Jass) 4.2 to a Solaris 10 x86 box. Answer: Basically, SST puts in place its own /etc/hosts.allow and /etc/hosts.deny . In /etc/hosts.allow I modified the sshd entry from sshd: LOCAL to sshd: ALL and it all worked as expected. Happy days! ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: libra.cus.cam.ac.uk References: <1225agpmhfr01a0@corp.supernews.com> Message-ID: Organization: University of Cambridge, England Date: 29 Mar 2006 16:18:35 GMT From: Chris Thompson Subject: Re: New ssh/sshd patches for Solaris 9 In article <1225agpmhfr01a0@corp.supernews.com>, Richard L. Hamilton wrote: > >In article , > cet1@cus.cam.ac.uk (Chris Thompson) writes: >> >> I have just tried applying the following clutch of new Solaris 9 patches >> >> 112908-24 krb5, gss Patch >> 113273-11 /usr/lib/ssh/sshd Patch >> 114356-07 /usr/bin/ssh Patch >> 117177-02 lib/gss module Patch >> >> on a couple of workstations. They can still ssh to each other, but while >> doing so generate messages like >> >> ssh[4690]: Kerberos mechanism library initialization error: No profile file open. >> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] >> unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so] >> >> (and similar messages from sshd on the ssh'd-to workstation once it >> has been rebooted and the new sshd is running). These hosts don't have >> any Kerberos setup at all. >> >> Anyone else seen this? or know how to fix it? > > >Just tried ssh'ing to myself after having put those on a day or so ago; >saw the same messages too. No idea what it means (yet). Commenting >out the kerberos_v5 line in /etc/gss/mech leads to a different error >message. > >The code on opensolaris.org may be sufficient to get a better idea what >it means, however I'm not awake enough right now (or interested enough, >insofar as it's mostly a nuisance more than a critical problem) to attempt >that myself just now; which is to say that I didn't stumble into just what >it means at the first couple of places I looked, and it's involved enough >to find it that I'm not going to postpone much needed beauty sleep further, >lest I frighten every living creature nearby, get charged with vandalizing >traffic cameras, etc. OK--an update including a circumvention which may even be the right fix. Thanks to my colleagues locally for assistance, especially Steve Ison. It seems that the problem arises if you started from a sufficiently ancient Solaris 9 MU, and have been maintaining via patches since then. The fix is to modify /etc/krb5/krb5.conf as follows: 1. comment out ___slave_kcds___ in the [realms] section 2. comment out ___domain_mapping___ in the [domain_realm] section 3. add "___domainname___ = ___default_realm___" in the latter (actually, this third seems not to be neccesary) Similar problems have arisen before in a different context, see: http://unix.derkeiler.com/Newsgroups/comp.unix.solaris/2004-06/0632.html The patches ought to fix /etc/krb5/krb5.conf themselves (or have a prereq patch that does) of course. -- Chris Thompson University of Cambridge Computing Service Email: cet1 [at] cam.ac.uk .............................................................................. Newsgroups: comp.unix.solaris NNTP-Posting-Host: deimos.its.unb.ca NNTP-Posting-Date: Thu, 30 Mar 2006 20:05:14 +0000 (UTC) References: <1143726149.696007.89350@v46g2000cwv.googlegroups.com> <1143742987.223859.226630@g10g2000cwb.googlegroups.com> Message-ID: <1143749109.377647.26810@i39g2000cwa.googlegroups.com> Date: 30 Mar 2006 12:05:09 -0800 From: Rob Subject: Re: New ssh/sshd patches for Solaris 9 Try adding GSSAPIAuthentication=no GSSAPIKeyExchange=no if you are not using the GSSAPI features to /etc/ssh/ssh_config and /etc/ssh/sshd_config ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: redwood.taos.com [63.204.7.5] NNTP-Posting-Date: Wed, 29 Mar 2006 21:18:41 EST References: <1143527027.831199.179900@i39g2000cwa.googlegroups.com> <1143530900.462561.242580@t31g2000cwb.googlegroups.com> Message-ID: <5eHWf.10303$tN3.8154@newssvr27.news.prodigy.net> Date: Thu, 30 Mar 2006 02:18:41 GMT From: Darren Dunham Subject: Re: ssh known_hosts Tim Bradshaw wrote: > > The solution to this is either to use an address which does not change > during a cluster failover, or to make the host keys of the machines the > same. The host keys live in /etc/ssh, and I think it's probably safe > to just make these directories the same on each machine - you'll need > to restart sshd on the machine you copied to though. Or add the shared name to each key explicitly. Then you can use either the shared or private name, and each host can have separate keys. http://groups.google.com/group/comp.security.ssh/browse_frm/thread/9fbaf299c0478a4/4faeb295c9e0bfd2 http://groups.google.com/group/comp.security.unix/browse_frm/thread/1614b3e46eba10a3/7dcce3ccc5b46c02 -- Darren Dunham ddunham@taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > ////////////////////////////////////////////////////////////////////////////// Message-Id: <110957694-2071882310@hermes.sun.com> Date: 12 Jun 2006 10:12:05 -0800 From: "Sun Microsystems - Sun Alert Team" Subject: Sun[sm] Alert Weekly Summary Report SUN(SM) ALERT WEEKLY SUMMARY REPORT Week of 04-Jun-2006 - 10-Jun-2006 Welcome to the Sun(SM) Alert Weekly Summary Report, the newsletter that provides you with a weekly listing of newly released and updated Sun Alert Notifications. It is being distributed to inform you about critical hardware and software issues that could impact the availability, security, and data integrity of your computing environment. ------------------------------------------------------------------- Sun Alert ID: 102451 Synopsis: Solaris 9 SSH "Resync" Patches May Cause ssh(1) or sshd(1M) to Fail Product: Solaris 9 Operating System Category: Availability Date Released: 07-Jun-2006 To view this Sun Alert document please go to the following URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102451-1 ------------------------------------------------------------------- ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris References: Message-ID: <4gejefF1mueflU5@individual.net> Organization: n. See disorganized. Date: Wed, 28 Jun 2006 06:46:55 +0100 From: Chris Ridd Subject: Re: SSH on Solaris 10 w/public keys and pam_ldap On 2006-06-28 04:20:16 +0100, "Raymond Scott" said: > Is it possible to use public/private keys to logon to Solaris 10 when the > destination is configured to use LDAP as a naming service? > > I can get it to work if the account is listed in /etc/passwd > But, if the account is in LDAP, then SSH prompts for a password; > the pub/priv key stuff is bypassed. > > Pub/Priv keys work fine on Solaris 9 when using LDAP. Something > changed in Solaris 10 to cause it to stop working. > > Anyone know a way to get it to work? I've got it working, with quite a bit of help from some folks here. Google this group for "pam query ldap" - there's some links to recommended pam.conf files which should help. I'd recommend setting up a zone so you can play around^W^Wtest this stuff properly. It'll save a few blushes and reboots ;-) Cheers, -- Chris ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 203-217-17-96.perm.iinet.net.au References: Message-ID: <42e640be$0$5406$5a62ac22@per-qv1-newsreader-01.iinet.net.au> Date: 26 Jul 2005 13:55:10 GMT From: Darren Tucker Subject: Re: Display username and host when prompting for password On 2005-07-26, Thomas Guettler wrote: > > Older versions did display username and hostname when > ssh asks for a password. > > Is there a way to get this again? > > Version: OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 I assume you're using PAM? The usual reason for this is that you're using keyboard-interactive authentication for PAM and the "Password: " prompt is directly from PAM. If so, there are two possible options: a) Configure PAM to provide the host's name in its password prompt somehow. b) Use password authentication instead of keyboard-interactive either by removing keyboard-interactive from PreferredAuthentications on the client or by disabling ChallengeResponseAuthentication on the server. (on OpenSSH 3.7x and 3.8x this would have authenticated without using PAM, however on 3.9 and up, and 3.6x and below it will use PAM). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgment comes with experience. Unfortunately, the experience usually comes from bad judgment. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.os.linux.security NNTP-Posting-Host: spc1-bexl3-5-0-cust11.asfd.broadband.ntl.com NNTP-Posting-Date: Mon, 11 Jul 2005 22:48:09 BST References: <42cd272b$0$10808$9b4e6d93@newsread4.arcor-online.net> Message-ID: Organization: ntl Cablemodem News Service Date: Mon, 11 Jul 2005 21:48:09 GMT From: Chris Lowth Subject: Re: Question concerning remote port-forwarding with SSH Peter Meister wrote: > > I have difficulties to find out when I should use SSH remote port-forwarding > e.g., > > ssh sshserver -R 7777:localhost:110 > > Notice the -R and instead of -L > > This would cause a data traffic (with the syntax: in-port:machine:out-port): > > MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) > > Are the following statement correct: > > - Use remote port-forwarding (-R) when the connection between SSH-Server > and ApplicationServer (e.g.MailServer) should be encrypted > - Use "normal" port-forwarding (-L) when the connection between ApplicationClient > (e.g.MailClient) and SSH-Server should be crypted > - Use remote port-forwarding (-R) when the SSHClient is on the machine > where the ApplicationServer (e.g.MailServer) is located > - Use "normal" port-forwarding (-L) when the SSHClient is on the machine > where the ApplicationClient (e.g. MailClient) is located > > Peter None of the above. SSH encrypts every time--whether -L or -R or neither are used. The "-L" is not mnemonic for "normal" but for "local". If I log in to CLIENT host and then run ... ssh -L 7777:localhost:110 SERVER Then SSH creates a new port nunber 7777 on the CLIENT. If I connect to localhost:7777 from the client, then I am actually talking to SERVER:110. But if I had run ssh -R 7777:localhost:110 SERVER Then SSH creates the new port number 7777 on the SERVER (not the client). Now if I log into the SERVER and connect to its port 7777, I wind up talking to port 110 on the CLIENT. So.. -L creates a local port that allows me to access a remote service. -R makes a local service available to the remote machine on a port that "looks" local to the remote system. Confusing, I know--but I hope that helps to clarify things. Chris -- http://www.lowth.com/rope -- Identify and control complex protocols with Linux, IpTables and Rope. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 203.217.17.96 References: <1122296248.645395.5040@g43g2000cwa.googlegroups.com> Message-ID: <42e50735$0$29423$5a62ac22@per-qv1-newsreader-01.iinet.net.au> Date: 25 Jul 2005 15:37:25 GMT From: Darren Tucker Subject: Re: Update password using ssh over remote server permission denied On 2005-07-25, akim_ziadi@hotmail.com wrote: > I'm trying to change a user password on another servers via ssh, and i > always get a permission denied, someone know why ??? > > SERVERA#ssh SERVERB "passwd USER1" > Permission denied > SERVERA# The "passwd" program is trying to read its input from its controlling terminal, and when you run it that way there's no controlling terminal, only stdin/stdout/stderr. If you're using OpenSSH, try adding a "-t" to request a pty (two -t's to force it), ie: ssh -t SERVERB "passwd USER1" If you're using some other software then check for an equivalent option. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <1147108768.993940.114960@u72g2000cwu.googlegroups.com> Message-ID: Organization: WOMUMP Date: 10 May 2006 12:02:26 +0100 (BST) From: Jacob Nevins Subject: Re: putty .58 terminal issue Not a terminal gunsmith2233(at)msn.com writes: > >I am a novice with putty soory.. I have tried several settings to try >to get around this issue but no luck.. Is ther a setting that will >resolve this This behaviour means that the server has not assigned a terminal device for your session. This could be for one of several reasons: * (Unlikely) You're using SSH, and you've configured PuTTY not to ask for a terminal device (SSH panel > "Don't allocate a pseudo-terminal", or "-T" option). * PuTTY did ask for a terminal device (this is implicit with Telnet/Rlogin, and the default behaviour with SSH), but the server refused to allocate one. (You can see if this has happened in PuTTY's Event Log -- there will be a message "Server refused to allocate pty".) This could be because the server has run out of pseudo-terminals, or is misconfigured in some way. (It's not uncommon for servers to have too few pseudo-terminals configured; the limit can usually be increased.) It is best if you can persuade the server to allocate you a pseudo-terminal, but if you can't, there are some settings in PuTTY that you can set to achieve some semblance of a normal interactive session. For instance, to deal with the "stair-stepping" you see, you can set the option `Implicit CR in every LF'. http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-crlf IIRC, you may also need to enable local echo. http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter4.html#config-localecho ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals Message-ID: <2rrps19s3o16h25hvv6gr4ati3jh2q4hbr@4ax.com> Organization: IBM Systems Group Date: Tue, 17 Jan 2006 13:26:34 GMT From: Cindy Ross Subject: PuTTY - patch to allow tiling on windows I have been using PuTTY (on windows) for a half year now, and first let me say how nice these tools are, and how nice it is to have the source. The one problem I have had is that windows tiling (via ctrl-right-click on windows taskbar icons, then Tile Horizontally or Tile Vertically) doesn't work with PuTTY. Neither do the sizing features of utilities such as http://www.thewonderfulicon.com/ This capability is essential for me, and would have been a deal-breaker. I believe this is the same problem reported here: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/win-tile.html This capability is essential for me, and would have been a deal-breaker. But I was able to patch PuTTY to fix this problem. Essentially, I just turned off some code intended to prevent "unexpected" resizes, and turned off code that prevented resizes when is_alt_pressed() is true. Warning! This patch breaks full-screen (alt-enter) mode. And I wouldn't be surprised if it breaks other features too. But I've been using my patch since last June and it hasn't broken anything else that I notice. I would like to find time to learn enough about PuTTY's code to do a better, cleaner patch, but I don't know when that would be. I'm attaching my patch in case it might be useful to other users. It is a -u format patch to the 0.58 version of the WINDOW.C file (the release source code, not the latest development snapshot). It can be applied like this: patch -u window.c tilepatch Or, since it is so short, I am also listing it here; one could simply make the indicated changes manually: --- window.c Tue Apr 05 15:37:38 2005 +++ \puttysrc\windows\window.c Wed Jun 22 14:22:51 2005 @@ -2618,6 +2618,7 @@ } else { int width, height, w, h; + int force_resizing = FALSE; width = LOWORD(lParam); height = HIWORD(lParam); @@ -2651,6 +2652,7 @@ * * This is also called with minimize. */ + else if (wParam != SIZE_MINIMIZED) force_resizing = TRUE; else reset_window(-1); } @@ -2659,8 +2661,8 @@ * massive numbers of resize events getting sent * down the connection during an NT opaque drag.) */ - if (resizing) { - if (cfg.resize_action != RESIZE_FONT && !is_alt_pressed()) { + if (resizing||force_resizing) { + if (cfg.resize_action != RESIZE_FONT) { need_backend_resize = TRUE; w = (width-cfg.window_border*2) / font_width; if (w < 1) w = 1; @@ -2669,6 +2671,8 @@ cfg.height = h; cfg.width = w; + term_size(term, cfg.height, cfg.width, cfg.savelines); + InvalidateRect(hwnd, NULL, TRUE); } else reset_window(0); } begin 644 tilepatch M+2TM('=I;F1O=RYC"51U92!!<'(@,#4@,34Z,S7-R8UQW:6YD;W=S7'=I;F1O=RYC"5=E9"!*=6X@,C(@,30Z,C(Z-3$@ M,C`P-0T*0$`@+3(V,3@L-B`K,C8Q."PW($!`#0H@"7T@96QS92![#0H@#0H@ M"2`@("!I;G0@=VED=&@L(&AE:6=H="P@=RP@:#L-"BL@("`@("`@("`@("!I M;G0@9F]R8V5?FEN9RD@>PT*+0D):68@*&-F9RYR97-I>F5?86-T:6]N("$](%)%4TE:15]& M3TY4("8F("%IFEN9RD@>PT**R`@("`@("`@("`@("`@ M("!I9B`H8V9G+G)E Message-ID: Organization: Yeah, right Date: 14 Mar 2007 13:39:41 +0000 (GMT) From: Simon Tatham Subject: Re: starting putty from perl! Mark Seger wrote: > > I want to write a perl script that starts up a bunch of putty sessions. > I'd have thought running the 'putty system -l user -pw password' > should do it but after starting the session, control doesn't return to > my script until the putty window closes which makes no sense to me > because if I run that same command from a dos window control does > return. I think this is because the DOS window (by which you presumably mean cmd.exe?) does something odd. I usually get round this by using Windows's magic "start" command: try running start putty system -l user -pw password (ObSecurity: you might consider using public keys as an alternative to saving passwords in disk files.) -- Simon Tatham "Happiness is having a large, warm, loving, caring, close-knit family in another city." .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <45F7F9BE.9050609@hp.com> Message-ID: Organization: Yeah, right Date: 14 Mar 2007 14:36:42 +0000 (GMT) From: Simon Tatham Subject: Re: starting putty from perl! Mark Seger wrote: > > I finally figured it out. you need to do a 'start putty'... might be > worthy of an entry in teh FAQ 8-) We'll put it in the FAQ if it becomes frequently asked. So far, you're the only person who's asked it! :-) -- Simon Tatham "The distinction between the enlightened and the terminally confused is only apparent to the latter." . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 24.136.247.143 NNTP-Posting-Date: Sun, 13 Dec 2009 16:34:31 -0600 References: Message-ID: Organization: IBM Systems & Technology Group Date: Sun, 13 Dec 2009 17:34:29 -0500 From: Cindy Ross Subject: Re: Calling Putty to open several sessions at once > is there a way to open several sessions at once by putty with a Windows > command or somehow other; if yes, how? sure, putty has command line options that let you do things like this. For example, something this would work in a batch file: putty -ssh -l myid -pw mypassword whatever.whereever.com ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 70.185.194.243 NNTP-Posting-Date: Mon, 29 May 2006 19:58:03 EDT References: <1148932456.072752.137600@j73g2000cwa.googlegroups.com> Message-ID: Organization: Cox Communications Date: Mon, 29 May 2006 23:58:03 GMT From: mroberds@worldnet.att.net Subject: Re: Tera Term login help needed stew.dunn@gmail.com wrote: >Does anybody have any experience, or macros if that's what I need here, >of how I get the sesssion to start up automatically, with logging to >text files, if the PC goes down and back up? You will *probably* need some type of support in your terminal program for scripting/macros. I am guessing your process needs to go something like this: 1. PC goes down for whatever reason. 2. PC comes back up. 3. Several instances of your terminal program start up, because you put shortcuts to them in Windows' Startup folder, or equivalent technique in your OS. Each instance "knows" (via command-line switches or a config file) what the port settings are, the name of the log file to open, etc. 4. Some macro facility in your terminal program simulates you typing on the PC keyboard to send the characters that will cause the remote systems to start emitting the data of interest. It sounds like you're stuck on #4. I've used Tera Term before as a good "simple" terminal emulator; I seem to recall that recent versions of Tera Term do include a simple scripting language, but I've never tried it. On Windows, once I get beyond what Tera Term does well, I tend to use IVT http://home.wxs.nl/~ruurdb/IVT.HTM . It has lots of options, so it may take you a while to navigate them all, but you should be able to make it do about anything you want. As far as what keystrokes are needed to make your remote systems start outputting the data you want to capture, that will depend on each remote system. IVT has a "recorder" mode - switch it on and manually type the keystrokes to start the remote application, switch it off again, and save the keystrokes in a script file. Don't forget to add some error-checking to handle the cases where the remote system won't come up. Matt Roberds ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 24.70.95.207 NNTP-Posting-Date: Tue, 30 May 2006 08:42:26 MDT References: <1148932456.072752.137600@j73g2000cwa.googlegroups.com> Message-ID: Organization: Shaw Residential Internet Date: Tue, 30 May 2006 14:42:26 GMT From: Rob Brown Subject: Re: Tera Term login help needed On Mon, 29 May 2006 mroberds@worldnet.att.net wrote: > It sounds like you're stuck on #4. I've used Tera Term before as a > good "simple" terminal emulator; I seem to recall that recent > versions of Tera Term do include a simple scripting language, but > I've never tried it. Like Matt, I am vaguely aware that Tera Term Pro has a scripting language, but don't know anything about it. Kermit http://www.columbia.edu/kermit has a very capable scripting language. The KEA series of terminal emulators from Attachmate also have a good scripting language. -- Rob Brown b r o w n a t g m c l d o t c o m G. Michaels Consulting Ltd. (866)438-2101 (voice) toll free! Edmonton (780)438-9343 (voice) (780)437-3367 (FAX) http://gmcl.com/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: regus-klimentska.prg.customer.vol.cz [213.175.62.122] NNTP-Posting-Date: Tue, 10 Jun 2008 13:40:57 +0000 (UTC) Message-ID: <3aa20ef6-ac09-4f08-9339-e3746a1c3d29@c58g2000hsc.googlegroups.com> Date: Tue, 10 Jun 2008 06:40:57 -0700 (PDT) From: Vladimír Subject: Some terminal enhancements into PuTTY Hi all, I was a bit sad that PuTTY filters some key combinations, so I played around with the code this morning to get some shortcuts working in ViM ;-) http://spunt.kebule.cz/home/putty-xterm-hacks.patch 1) Apps key (the one to the left from right control) is no longer taken as a compose key but sent as an escape sequence like in xterm. 2) Ctrl-PageUp and Ctrl-PageDown are no longer used for vertical scrolling. 3) Ctrl-Backspace acts like Shift-Backspace (^H <--> Ctrl-?) 4) Insert, Delete, Home, End, PageUp and PageDown are no longer filtered when shift/control pressed and sent with additional ";5", etc. modifiers. 5) Shift-arrows are no longer filtered and sent as escape sequences like in xterm. Positive feedback welcome ;-) Vladimir. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ////////////////////////////////////////////////////////////////////////////// For administrative access to NetApp (Network Appliance) storage appliances running Data ONTAP: Because of the usual security concerns in administering storage filers and cache appliances via the "telnet" and "rsh" protocols, NetApp provides an SSH access method. To initially set up a storage appliance for SSH connections, find out if special any special key-length constraints are required on your network, then run the short interactive dialogue by invoking: toaster*> secureadmin setup ssh The keys generated will be: /etc/sshd/ssh_host_key /etc/sshd/ssh_host_rsa_k /etc/sshd/ssh_host_dsa_key. There is a minor bug (187989) in some versions of the Data ONTAP (7G/Classic) kernel in which a command prompt fails to appear upon establishment of an SSH session. There is an easy workaround: before trying the SSH session, use the serial console to create an /etc/motd file (on the appliance) which ends with a bona fide Return character. For example: wrfile /etc/motd In releases of Data ONTAP since 7.0.1, there are some options for tweaking the interaction between serial-console and SSH sessions; contact NetApp Global Support for information on how to set these. If you are using PuTTY as the client software with protocol version SSH2, and then you find that the line-editing functions do not work, then change the following PuTTY settings: On the Terminal tab * set Local Echo to "Force off" * set Local Line Editing to "Force Off" On the SSH tab * check "Don't Allocate a Pseudo-terminal" (You can save this configuration for future use in the Session tab.) For filer settings of the SSH2 protocol, consult the "secureadmin_inbound" configuration in "/etc/local.cfg". You should also set PuTTY *not* to repeat the key exchange every hour. (This same restriction applies to several SSH servers derived from open source.) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211360 / SSH responds with message "unsupported channel request for env" When an SSH client connects to Data ONTAP, in addition to opening a channel for the main session, the SSH client may attempt to open an auxiliary channel. Such channels are typically used to forward display-output data from X-Windows applications (using X11 Forwarding) or to transmit shell-environment parameters for the user session. Since Data ONTAP does not support X11 Forwarding or other uses of such additional SSH channels, the storage controller will log a warning message of this form: [toaster: openssh.invalid.channel.req:warning]: SSH client (SSH-2.0-OpenSSH_4.9) from 192.168.12.34 sent unsupported channel request (10, env). If the SSH session is otherwise authorized, the warning may be ignored. To workaround the problem: On the SSH client, disable features which may request to open auxiliary channels. Such features include SendEnv and X11 Forwarding. The exact means of disabling the features depends on the client program. Notes: For the OpenSSH client invoked from a Linux or Unix host, adding the "-x" option on the command line should disable the X11 Forwarding feature. If no users on that Linux or Unix host will ever use X11 Forwarding, the feature can be turned off in the host-wide configuration in the file /etc/ssh_config (or /etc/ssh/ssh_config): uncomment or otherwise insert a line in that file which says: ForwardX11 no Also, comment out or remove any "SendEnv" lines in that file. (These features may also be controlled in per-user configuration files or by command-line options.) ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals, comp.security.ssh NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: WOMUMP Date: 08 Sep 2006 20:15:05 +0100 (BST) From: Jacob Nevins Subject: Re: psftp problem [ followups set to comp.security.ssh ] Tom Linden writes: > > psftp> get STARLET.ZIP > remote:/dpli$/decpli/starlet/ca20060906/STARLET.ZIP => local:STARLET.ZIP > error while reading: received a short buffer from FXP_READ, but not at EOF > psftp> This is a known bug in PSFTP that causes trouble with VMS systems. I'm not aware of any workaround, I'm afraid. http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/fxp-short-reads.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <46754F08.F930EC4C@spam.comcast.net> Message-ID: Organization: WOMUMP Date: 17 Jun 2007 16:46:49 +0100 (BST) From: Jacob Nevins Subject: Re: How to copy in Putty selected text into clipboard >Thomas Wiedmann wrote: >> >> if in Putty 0.58 I select text of the Putty console I can insert it by >> clicking the right mouse key at the cursor position. But how can text of >> Putty be selected and transferred to the clipboard, e.g. of Windows XP, >> to insert it afterwards e. g. in a textfile or a Word document outside >> of Putty? Text is automatically copied to the clipboard when you select it; it is the clipboard contents that are pasted into the PuTTY window when you right-click, and should be pasted into any other application when you invoke the "paste" action in the usual way. See http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-cutpaste David J Dachtera writes: > > CTRL+C = Copy This won't copy text in PuTTY -- the Ctrl+C will be sent to the server (where it will probably interrupt a process, or something similar). > SHIFT+Insert = Paste This, however, does work to paste text _into_ PuTTY. .............................................................................. Newsgroups: comp.terminals NNTP-Posting-Host: 24.15.149.110 NNTP-Posting-Date: Sun, 17 Jun 2007 14:17:19 -0500 References: <46754F08.F930EC4C@spam.comcast.net> Message-ID: <467588BF.C344556D@spam.comcast.net> Date: Sun, 17 Jun 2007 14:17:19 -0500 From: David J Dachtera Subject: Re: How to copy in Putty selected text into clipboard Jacob Nevins wrote: > > David J Dachtera writes: > >CTRL+C = Copy > > This won't copy text in PuTTY -- the Ctrl+C will be sent to the server > (where it will probably interrupt a process, or something similar). This is user-configurable in many emulators. CTRL+ "chords" can either be processed locally, or be forwarded to the host. -- David J Dachtera dba DJE Systems ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: 67.122.246.158 NNTP-Posting-Date: Sun, 24 Sep 2006 16:51:25 EDT Message-ID: Date: Sun, 24 Sep 2006 20:51:25 GMT From: Augustus SFX van Dusen Subject: Bringing ssh connections back to life after hibernation In my setup I sometimes have to put my computer to hibernate when I have one or more ssh (OpenSSH, in fact) connections to remote hosts. My hibernate setup is such that when I bring my computer back to life the network is up and running immediately. However, my ssh connections to remote hosts take some 10-15 minutes to revive. Anybody know why that should be the case? Anybody know if there is some OpenSSH configuration parameter that would get the ssh connections back to life quickly? .............................................................................. Newsgroups: comp.security.ssh NNTP-Posting-Host: 67.122.246.158 NNTP-Posting-Date: Mon, 25 Sep 2006 11:46:08 EDT References: Message-ID: Organization: SBC http://yahoo.sbc.com Date: Mon, 25 Sep 2006 15:46:08 GMT From: Augustus SFX van Dusen Subject: Re: Bringing ssh connections back to life after hibernation On Sun, 24 Sep 2006 23:21:39 +0000, Unruh wrote: > > I have the same problem when my network goes down for a while (ISP > problems) I sometimes find that opening a new ssh to the same host > revives the old one. Not sure where the problem is--whether it is > a long timeout in the local or in the remote ssh. > > (It has never been 15 min, but that may depend on the length of the > down time.) For what it's worth, I think I have found a solution to my problem. (Not for the first time immediately after asking for a answer to some question in the net, either.) If in my /etc/ssh/ssh_config I enter the lines ServerAliveCountMax 1 ServerAliveInterval 10 then my connections seem to come back quickly enough after reviving my computer. .............................................................................. Newsgroups: comp.security.ssh References: Message-ID: Organization: ITServices, University of British Columbia Date: 25 Sep 2006 16:57:51 GMT From: Unruh Subject: Re: Bringing ssh connections back to life after hibernation Augustus SFX van Dusen writes: > > ...question in the net either.) If in my /etc/ssh/ssh_config I enter > the lines > > ServerAliveCountMax 1 > ServerAliveInterval 10 > > then my connections seem to come back quickly enough after reviving my > computer. While the latter looks useful, the former seems counterproductive, at least in my situations. I.e., it says that, if once the server does not respond to the ServerAlive message, you are disconnected. That seems pretty harsh. .............................................................................. Newsgroups: comp.security.ssh References: Message-ID: <5ofou3-bdj.ln1@news.heiming.de> Date: Tue, 26 Sep 2006 22:39:01 +0200 From: Michael Heiming Subject: Re: Bringing ssh connections back to life after hibernation In comp.security.ssh Unruh : >>> >>> I have the same problem when my network goes down for a while (ISP >>> problems) I sometimes find that opening a new ssh to the same host >>> revives the old one. Not sure where the problem is-- whetehr it is >>> a long timeout in the local or in the remote ssh. (It has never been >>> 15 min, but that may depend on the length of the down time.) Mostly a ssh connection can survive such thing easily with static IP, if you just keep the xterm with the login open. YMMV >> ServerAliveCountMax 1 >> ServerAliveInterval 10 > While the latter looks useful, the former seems counterproductive, at least > in my situations. I.e., it says that if once the server does not respond to > the ServerAlive message, you are disconnected. That seems pretty harsh. The above would disconnect the unresponsive session 10 seconds after the first packet got no answer as per client-side configuration. Indeed this is more useful on the sshd side to stop firewalls from automatic disconnecting idle sessions there are far better ways to do this than a firewall could. but although to let sshd disconnect broken sessions cleanly, without "filling" up utmp and associated tools with ghost logins. ClientAliveCountMax ClientAliveInterval Default of the later is zero, disabling sending messages to the client at all. -- Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' #bofh excuse 225: It's those computer people in X {city of world}. They keep stuffing things up. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.sys.sun.admin NNTP-Posting-Host: 219.64.125.117.chn.dialup.vsnl.net.in NNTP-Posting-Date: Thu, 2 Nov 2006 00:50:11 +0000 (UTC) References: <1162195659.552716.15770@b28g2000cwb.googlegroups.com> Message-ID: <1162428606.083608.30490@k70g2000cwa.googlegroups.com> Date: 1 Nov 2006 16:50:06 -0800 From: koneruarjun@gmail.com Subject: Re: OpenSSH Passwordless Authentication between 2 systems with different UID's kaka.hui@gmail.com wrote: > > How to communicate without a passwd between 2 Unix systems where > the communicating sessions have different uid/s? (NOTE: both systems > are on OpenSSH) > > e.g. > > SystemA UserA SSH to SystemB UserB > > > Here is what I tried but failed. > > > As UserA in System A: > > > ssh-keygen -t dsa > > cd ~/.ssh > > cat id_dsa.pub > authorized_keys2 > > scp ./id_dsa.pub UserB@SystemB:.ssh/. (when prompt for the passwd, I typed UserB's passwd) > > > As UserB in System B: > > > cd .ssh > > cat id_dsa.pub > authorized_keys2 > > > Same trick for same user ID would work in the above example (i.e. > SystemA UserA SSH to SystemB UserA) > > Could someone please shed some light here? Thank you very much! Generate a passphrase less key-par for UserA@systemA and update $HOME(UserB@SystemB)/.ssh/authorized_keys with the new pub key . and then ssh into the system using the privkey with -i flag Enjoy! //Arjun ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 198.173.15.250 Message-ID: <1178047363.809087.257420@h2g2000hsg.googlegroups.com> Date: Tue, 1 May 2007 12:22:43 -0700 From: dcmdcm@gmail.com Subject: PuTTY DECSED (Selective Erase) (Esc [ ? x J) I've been using PuTTY for a while in various applications. I really like it, so I reached for it again for this latest application. Unfortunately, this app requires being able to selectively erase text on the screen ("Clear Foreground" text). The VTxxx referes to this capability as DECSED ("Esc [ ? x J", where x specifies the area of erasure desired (I'm looking for x=2, the whole screen). (There's another similar facility called DECSEL). I did discover that this facility is implemented in xterm, but I can't use xterm here (sorry, it's on Windows -- not my choice). I have a few alternatives: 1) Change the application to not use this facility. I'd rather not, there's a lot of code in this app [that I "inherited"]. 2) Use a different terminal emulator. I suppose I could, but I'd rather do something else. If someone has a suggestion for one, please let me know. No, I don't want to pay an arm and a log for a commercial emulator that's otherwise not as good as PuTTY. 3) Modify PuTTY to do what I want. This is my preferred course of action. Not only will I benefit, but others will, too. I can change it myself or I can ask someone else to do it. I would change it myself, but I've not been in the PuTTY code and would take me an unknown amount of time to spin up. If someone has a few pointers as to how this capability could be added -- where in the code to start looking -- I'd appreciate it. Another option would be to ask someone else to do it. Yes, I could pay something, but not likely what the labor would be worth. If anyone has any ideas on this, please let me know! HELP! Thanks! Dave Madsen ---dcm dcmdcm@gmail.com ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.os.linux.misc NNTP-Posting-Host: 24.20.116.48 NNTP-Posting-Date: Thu, 2 Aug 2007 23:37:43 +0000 (UTC) Message-ID: <1186097862.139456.220350@i13g2000prf.googlegroups.com> Organization: http://groups.google.com Date: Thu, 02 Aug 2007 23:37:42 -0000 From: Scott Subject: high-ascii characters in linux terminal via ssh MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" << here's a clue to the problem! Content-Transfer-Encoding: quoted-printable When I SSH into most of my newer linux machines from my windows computer, I get some funny upper-ascii characters that appear from time to time, particularly in manpages and gcc output. Here is a randomly chosen snippet from a manpage: Use --progress=dot to switch to the ââ^¬Ë^Üââ^¬Ë^Üdotââ^¬â^Ģââ^¬â^Ä¢ display. The character sequences look like an 'a' with a hat over it and a cursive upper case 'E'. It's very annoying particularly with gcc output as these characters end up around every identifier that appears in a gcc warning. I've tried numerous different terminal emulation settings in my ssh program, to no avail. [surprise, surprise] I'm sure I used to know how to turn this off (it seems like there was an environment variable to set), but I forgot... Can anyone remind me? Thanks, Scott . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.os.linux.misc NNTP-Posting-Host: eJSSGroJa5Qh6TM459JBWw.user.aioe.org References: <1186097862.139456.220350@i13g2000prf.googlegroups.com> Message-ID: Organization: Aioe.org NNTP Server Date: Fri, 3 Aug 2007 03:46:11 +0200 (CEST) From: Kenan Kalajdzic Subject: Re: high-ascii characters in linux terminal via ssh You need to set the TERM environment variable in your login shell. If you use putty, setting TERM to either "linux", "ansi" or "xterm" should work fine in your case. -- Kenan Kalajdzic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.os.linux.misc NNTP-Posting-Host: 24.20.116.48 NNTP-Posting-Date: Fri, 3 Aug 2007 02:29:13 +0000 (UTC) References: <1186097862.139456.220350@i13g2000prf.googlegroups.com> Message-ID: <1186108152.857363.135060@q3g2000prf.googlegroups.com> Date: Fri, 03 Aug 2007 02:29:12 -0000 From: Scott Subject: Re: high-ascii characters in linux terminal via ssh > You need to set the TERM environment variable in your login shell. If > you use putty, setting TERM to either "linux", "ansi" or "xterm" should > work fine in your case. No luck there, it doesn't seem to make any difference. The default is vt100, which is what my ssh client is set to. I tried changing it (both the term variable and the ssh client) to linux, ansi, and xterm to no avail. I did manage to find the previous "fix" for this issue, which was to put: export LANG="POSIX" in my .bashrc file. Strangely enough, this works for RHEL4, but on RHEL5, it changes the funny characters to a string <80><99>, which I'm assuming is the hex values of the funny characters it was printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.os.linux.misc References: <1186097862.139456.220350@i13g2000prf.googlegroups.com> Message-ID: <13b622ck8n9rcdc@corp.supernews.com> Date: Fri, 03 Aug 2007 10:49:48 -0000 From: Thomas Dickey Subject: Re: high-ascii characters in linux terminal via ssh Kenan Kalajdzic wrote: >> >> The character sequences look like an 'a' with a hat over it and a >> cursive upper case 'E'. ... UTF-8 >> I've tried numerous different terminal emulation settings in my ssh >> program to no avail. I'm sure I used to know how to turn this off (it >> seems like there was an environment variable to set), but I forgot... > You need to set the TERM environment variable in your login shell. If > you use putty, setting TERM to either "linux", "ansi" or "xterm" should > work fine in your case. The $TERM variable is unrelated. It's the locale settings (man locale). -- Thomas E. Dickey http://invisible-island.net/ ftp://invisible-island.net/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.os.linux.misc NNTP-Posting-Host: gw.roaima.co.uk NNTP-Posting-Date: Fri, 3 Aug 2007 12:07:05 +0000 (UTC) References: <1186097862.139456.220350@i13g2000prf.googlegroups.com> Message-ID: <58fbo4-r4o.ln1@news.roaima.co.uk> Organization: Roaima. Harrogate, North Yorkshire, UK Date: Fri, 3 Aug 2007 12:13:41 +0100 From: Chris Davies Subject: Re: high-ascii characters in linux terminal via ssh > Use --progress=dot to switch to the > ââ^¬Ë^Üââ^¬Ë^Üdotââ^¬â^Ģââ^¬â^Ä¢ display. > I've tried numerous different terminal emulation settings in my ssh > program to no avail [...] This is a consequence of a mismatched locale setting. The newer box is (probably) configured to use UTF8 but for some reason your pager doesn't know it. For other people reading this post, you can probably reproduce it like this (replacing en_GB.UTF8 with an appropriate locale): LANG=en_GB.UTF8 man ls | LANG= less To avoid it, you need to ensure that everything runs in the same locale. So either remove LANG entirely, or ensure that it's set consistently everywhere: unset LANG # Maybe in your .profile / .bash_profile man ls # Etc... If you're using xterm windows anywhere, start using uxterm (or better, lxterm) instead. Chris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.os.linux.misc NNTP-Posting-Host: 24.20.116.48 NNTP-Posting-Date: Fri, 3 Aug 2007 18:54:46 +0000 (UTC) References: <1186097862.139456.220350@i13g2000prf.googlegroups.com> <58fbo4-r4o.ln1@news.roaima.co.uk> Message-ID: <1186167285.541896.202950@i38g2000prf.googlegroups.com> Date: Fri, 03 Aug 2007 11:54:45 -0700 From: Scott Subject: Re: high-ascii characters in linux terminal via ssh > This is a consequence of a mismatched locale setting. The newer box is > (probably) configured to use UTF8 but for some reason your pager doesn't > know it. Thanks for the info. Now that I know what is causing it, I think I've fixed it by telling my SSH client to use UTF-8 instead of 'default' which was what it was configured to use. Scott ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.misc NNTP-Posting-Host: 24.34.108.171 NNTP-Posting-Date: Thu, 15 May 2008 21:36:10 -0500 References: <368235fa-2308-4f60-907b-4927d3560990@u12g2000prd.googlegroups.com> Message-ID: Date: Thu, 15 May 2008 22:36:10 -0400 From: Barry Margolin Subject: Re: SSH login with other user's keys In article <368235fa-2308-4f60-907b-4927d3560990@u12g2000prd.googlegroups.com>, rahul wrote: > > I have an account called mdmbuild on my machine that does not have a > password. It's a headless account. I have ssh public and private keys > for the account. The public keys are already there on the machine I > want to log on to. > But the problem is the remote machine is not accepting my private keys > as they were generated on a different machine. > > Say keys were generated on saturn and public keys copied to venus. My > mars machine has the private keys but venus won't accept it as it has > public keys generated on saturn. Is there any way I can login on venus > with the keys I have got? > > mdmbuild does not have a password. The only way to login > is with the keys. When you run "ssh-keygen", it creates both a public and private key. You have to use the private key that was made at the same time as the public key, because key generation incorporates random data. Every time you run "ssh-keygen" you'll get different keys, even if you enter the same passphrase, and you can't mix and match them. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group *** ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: admin.sibptus.tomsk.ru NNTP-Posting-Date: Thu, 16 Oct 2008 02:37:42 +0000 (UTC) References: Message-ID: Organization: AO "Svyaztransneft", SibPTUS Date: Thu, 16 Oct 2008 02:37:42 +0000 (UTC) From: Victor Sudakov Subject: Re: custom XLT for PuTTY Victor Sudakov wrote: > > Is there a way to create a custom translation table for PuTTY (win32)? The problem was solved with IrLex. It supports custom translation tables. http://sourceforge.net/projects/irlex -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.sys.sun.admin NNTP-Posting-Host: 213.78.42.15 References: <4951831a@212.67.96.135> <490ffc81-8a84-4d50-8d5d-f667a05a4630@f3g2000vbf.googlegroups.com> Message-ID: <49524564@212.67.96.135> Date: Wed, 24 Dec 2008 14:21:17 +0000 From: Dave Subject: Re: automated ssh only works one way didds wrote: > > On 24 Dec, 00:32, Dave wrote: > >> I'm not sure why you are using authorized_keys2. > > that's what I was told to do by our Solaris support service wallahs/ > resellers. What version of ssh are you using - the one supplied with Solaris? If so, the server is at /usr/lib/ssh/sshd and the client at /usr/bin/ssh. I've server up password-less ssh on numerous machines and it works every time as I said. It *might* be possible to disable it in the server config file, but by default it should work. bash-3.00$ ssh -V Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f If you see something mixing an ssh server from ssh.com, and a client from OpenSSL, it might be the cause, as I don't think the keys are compatible, although I believe you can convert from one key to the other. I've long since stopped using the tools from ssh.com. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.sys.sun.admin NNTP-Posting-Host: 213.78.42.15 References: Message-ID: <49524acd@212.67.96.135> Date: Wed, 24 Dec 2008 14:44:19 +0000 From: Dave Subject: Re: automated ssh only works one way didds wrote: > two systems, usdb7 (v490) & usdb11 (v440) both sol 10 8/07. > Instructions here followed to the t. > http://www.sun.com/bigadmin/content/submitted/ssh_setting.html > Only... connecting from usdb7 to usdb11 still requests a password, > wheras in reverse it doesn't. > -v option doesn't show anything obvious (to me anyway ... !) [but > see below] > any ideas? > > cheers > > ian. > Looking at your outputs in more detail, you don't provide sufficient information for me to be 100% sure what you are doing. This is my client where I log in from. bash-3.00$ cat $HOME/.ssh/id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAN6hOf4gqfDW8qmLtts7okHL6nHLvPQSyeZKuzGjQPkRSawDlsh9NWkzohtG AXcnlDQjV0K5cYBzpZqBOni3w5k0oxpBrqAnJSjW7XHIN0m3fbmFclnt4Oq1bzxA2qnojtN+siKjguQ6 XTNoqEe0KGwYvShBBCLEOr07NMV6m7PrAAAAFQC1TD0OG0b7Y8HLBFCSg+oaRkSNWQAAAIBgJAOEltW3 6fZJ83ad4lNINNkR0mKq1ZONVX71NComxp0QKNV0oCv1GbO8vVuv1e9Rc15AVG+sIftlVXTA3YgNbtTj zgAn9QyVu/TfwWjBPqqIEkKM38+QCajPdKaFfytNeI+Gqlp85pVHfYKMaxyJ92Wm7ZI+0RLrbMBfVBdo pgAAAIAy/o2Gfh9s/B48FKw2Y0AadekIKDJyX0/GEedNVNdmRNzfjudA6/gy9biHBh9/vnqkYGXG6vJV IJbOEKmVNgZ2+NQMd+uaOVrNsM8ftmIWMzWc7sEXUoCF7MYXQLtwlKoNimqCQly14ITV3gHwMYmaeBWp 8wQ4s7fkxpOTxgII+w== drkirkby@sparrow There should be only one key in $HOME/.ssh/id_dsa.pub, which is created with $ ssh-keygen -t dsa This is the server which I log into. In this case, there are two keys, as I log into it from two different machines. [drkirkby@main-webserver ~]$ cat $HOME/.ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAN6hOf4gqfDW8qmLtts7okHL6nHLvPQSyeZKuzGjQPkRSawDlsh9NWkzohtG AXcnlDQjV0K5cYBzpZqBOni3w5k0oxpBrqAnJSjW7XHIN0m3fbmFclnt4Oq1bzxA2qnojtN+siKjguQ6 XTNoqEe0KGwYvShBBCLEOr07NMV6m7PrAAAAFQC1TD0OG0b7Y8HLBFCSg+oaRkSNWQAAAIBgJAOEltW3 6fZJ83ad4lNINNkR0mKq1ZONVX71NComxp0QKNV0oCv1GbO8vVuv1e9Rc15AVG+sIftlVXTA3YgNbtTj zgAn9QyVu/TfwWjBPqqIEkKM38+QCajPdKaFfytNeI+Gqlp85pVHfYKMaxyJ92Wm7ZI+0RLrbMBfVBdo pgAAAIAy/o2Gfh9s/B48FKw2Y0AadekIKDJyX0/GEedNVNdmRNzfjudA6/gy9biHBh9/vnqkYGXG6vJV IJbOEKmVNgZ2+NQMd+uaOVrNsM8ftmIWMzWc7sEXUoCF7MYXQLtwlKoNimqCQly14ITV3gHwMYmaeBWp 8wQ4s7fkxpOTxgII+w== drkirkby@sparrow ssh-dss AAAAB3NzaC1kc3MAAACBAL+nRizKAJyn50owFO0RTTQ7zIHdtpbgVixoinbAuAX9P3cO49zq34evmC3t 0Fv66eVUsQUMfyJqwUpzfd080P0x9yXU8n11V19yknHtQnsqvfQMRis07YA0SxuVIZ4prULHQPDkJzuc 63o+Pb/3ZCY+aptxvf1akNdJTMBlZfozAAAAFQD+J6w8/AosRXTTVin+SaL0vgBqvQAAAIEAuhN7pZpM zNWOhlRjUWZ7smuThlLVthElZoAkwvIB4O/iHN38wTj/pwo55Nq0+BpX33TIJ1ogpw2aoxih8Os9oHyJ 5azggho0wlb1gYwcZaGEW2MslYUEHDo8cXr1Qt2IKTWzMZsEm+8QOzeobOzr8rDufTVXp9mgCD3r/RRt EL4AAACAKYJFjM3w4bYHNaL2B4RrRO8/z3BS/ISr16MOe5sUUuwt6+O4vt/bng37Z62mimDSLQKexn+4 hcKs+B7JlEkVY2aRZlaUzJ3OF+AQDFPmVh7oD/g4GP5yOxrwlKYR+07oraumWkHulgZesJXH0L1qVWnO YzOuCpshcLI1IhtFqEQ= drkirkby@kingfisher I think the username@server is ignored - it is only there to help you remember what key is what. To get it to work both ways, from machine A to B and from B to A, you need to: 1) Append $HOME/.ssh/id_dsa.pub of A to $HOME/.ssh/authorized_keys of B. This allows you to connect from A to B. 1) Append $HOME/.ssh/id_dsa.pub of B to $HOME/.ssh/authorized_keys of A. This allows you to connect from B to A. I'm not sure if blank lines are allowed in $HOME/.ssh/authorized_keys Blank lines are probably ignored, but server could just stop reading at that point. I note you have a blank line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.sys.sun.admin NNTP-Posting-Date: Wed, 24 Dec 2008 09:11:13 -0600 References: <4951831a@212.67.96.135> <490ffc81-8a84-4d50-8d5d-f667a05a4630@f3g2000vbf.googlegroups.com> <49524564@212.67.96.135> Message-ID: <1230131473.645127@news1nwk> Organization: Sun Microsystems Date: Wed, 24 Dec 2008 10:11:12 -0500 From: Martha Starkey Subject: Re: automated ssh only works one way On 12/24/08 09:21, Dave wrote: > didds wrote: >> On 24 Dec, 00:32, Dave wrote: >> >>> I'm not sure why you are using authorized_keys2. Good call, Dave. The instructions that didds' support service pointed him to mentions that ssh is provided starting with Solaris 9 and that it uses "authorized_keys" instead of "authorized_keys2". But that's not mentioned until paragraph #14 or so. Here's another reference: docs.sun.com Home > Solaris 10 System Administrator Collection > System Administration Guide: Security Services > Authentication Services and Secure Communication > 19. Using Solaris Secure Shell (Tasks) > Using Solaris Secure Shell *How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell *How to Reduce Password Prompts in Solaris Secure Shell ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 128.164.129.3 NNTP-Posting-Date: Thu, 08 Jan 2009 13:38:25 -0600 References: <7b9d7c02-762f-4296-b449-4efd1bd978f3@l33g2000pri.googlegroups.com> <4975c4aa-c472-4727-8ccf-44f1474e1913@q30g2000prq.googlegroups.com> Message-ID: Date: Thu, 08 Jan 2009 13:38:25 -0600 From: Chris Mattern Subject: Re: ssh for any user On 2009-01-08, james.bruckmann@yahoo.com wrote: > > Thanks ! I cannot try this at the moment, no access to the sun boxes. > Are yiu sure? at the target box wont the operator be the the only user > that matters? Yes, *at the target box*, only operator matters. So you'd put the public keys of all the authorized users into ~operator/.ssh/authorized_keys. That gives all the authorized users access to the operator account. > .... > $cmd = "ssh operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user > \n"; > ... > Maybe I just have to copy operator's private key into each users .ssh > dir\? > Bad, bad idea. This has all kinds of security implications, none of them good; the worst part is you've just made it impossible to distinguish between operator and the other users for *any* attempts to gain ssh access via private key, anywhere. -- Christopher Mattern NOTICE Thank you for noticing this new notice Your noticing it has been noted And will be reported to the authorities ////////////////////////////////////////////////////////////////////////////// There is support for OpenSSH with Kerberos and GSSAPI: http://www.sxw.org.uk/computing/patches/openssh.html ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh, comp.terminals NNTP-Posting-Host: 91.153.142.172 NNTP-Posting-Date: Sun, 26 Apr 2009 08:28:24 +0000 (UTC) Message-ID: <9ccbda29-061e-4ae6-bc55-bbbb5f95c30a@x1g2000prh.googlegroups.com> Date: Sun, 26 Apr 2009 01:28:24 -0700 (PDT) From: Ronja Subject: Kudos to Putty developers, answer not necessary Summary: A big thank you to the Putty team - and all who developped ssh to the point where Putty could get started - for a *reliable* piece of software. I have clearly spent too many years in the Microsoft world as I had all but forgotten how it feels to leave a program running overnight or longer and come back and find it still up and running, without hogging virtual memory and generally just behaving well without any extra fuss. Thanks! Details: I woke up to continue on some work that was left half-way yesterday and noticed that the Putty terminals to both *nix servers that I had left open on my laptop were alive and well. And suddenly I was washed over with such relief and gratitude - there still is software around that is stable and reliable, that won't crash on you the minute you turn your back (or earlier), that won't start gobbling up virtual memory after running more than one hour and that won't *require* an update every one or two weeks just to stay tolerably functional. Mostly out of professional necessity (all of my customers use Windows and MS Office) I have used mainly Windows for the last five years or so. Before that I used mostly Unix or Linux (my first Unix-like experience was on a Zilog System 8000 in 1987-88, and it was love at first sight). This experience with Putty is just one more lately that makes me more convinced that my next laptop will be Linux-based, and as much as possible of the software on it will be open-source. Then at least if something does not work, I have the consolation that a) I did not pay a cent for it anyway and b) if that particular functionality really is important for me I can help fix it. Thanks for making my Sunday morning & happy hacking! Ronja http://www.iki.fi/~ronja/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.security.ssh NNTP-Posting-Host: f7aa2210.newsspool4.arcor-online.net NNTP-Posting-Date: 15 May 2009 08:24:13 CEST Message-ID: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net> Organization: Arcor Date: 15 May 2009 06:24:13 GMT From: Paul Mueller Subject: Are OpenSSH and Putty generated SSH keys compatible? Default extensions? Are SSH keys which are generated by OpenSSH compatible with those which are generated by Putty Key Generator? What are the default file extensions of public and private key files? Paul . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.security.ssh NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net> Message-ID: Organization: WOMUMP Date: 16 May 2009 13:02:42 +0100 (BST) From: Jacob Nevins Subject: Re: Are OpenSSH and Putty generated SSH keys compatible? Default extensions? Paul Mueller writes: > > Are SSH keys which are generated by OpenSSH compatible with those which > are generated by Putty Key Generator? The native format for keypairs is different, but PuTTYgen can freely interconvert between OpenSSH's and its own formats. See the PuTTYgen documentation for more information: http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter8.html#pubkey-puttygen > What are the default file extensions of public and private key files? PuTTYgen's default extension for keypair files (which contain private key material) is .PPK. The PuTTY suite doesn't have a "native" format for public key files. OpenSSH, deriving as it does from a Unix background, doesn't really use Windows-style file extensions. Key files are traditionally called id_rsa.pub (for the public key) and id_rsa (for the keypair), for the example of an RSA keypair. I don't know about other implementations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.security.ssh NNTP-Posting-Host: 98.216.96.196 NNTP-Posting-Date: Sat, 16 May 2009 16:08:04 +0000 (UTC) References: <4a0d0a8c$0$31334$9b4e6d93@newsspool4.arcor-online.net> Message-ID: Date: Sat, 16 May 2009 09:08:04 -0700 (PDT) From: Nico Kadel-Garcia Subject: Re: Are OpenSSH and Putty generated SSH keys compatible? Default extensions? Small note: I'd urge people to use DSA keys for the use of SSH 2 and its features, over those of SSH 1. But tastes on this vary, for both excellent technical reasons and simple widespread rumors. But yes, Puttygen deals well with both. I just find myself wishing that ssh-keygen and Puttygen, both, would insist by default that a passphrase be provided and that a command-line option or special secret option be used to prevent the generation of passphrase keys, because I am amazingly tired of explaining to people that keys without passwords are like putting your housekeys under the doormat. ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: user-0c8htsf.cable.mindspring.com [24.136.247.143] NNTP-Posting-Date: Sat, 13 Jun 2009 06:43:46 -0500 References: <13e38c93-149d-46d2-a68e-cdabef62cccd@z8g2000prd.googlegroups.com> Message-ID: Organization: IBM Systems & Technology Group Date: Sat, 13 Jun 2009 07:43:42 -0400 From: Cindy Ross Subject: Re: windows scripts for putty >In fact, even worse, I don't see how to start a given session from a >windows command line. See section "3.8 The PuTTY command line" in the documentation: http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-cmdline ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: 92.232.150.252 NNTP-Posting-Date: Fri, 22 May 2009 22:08:11 BST References: Message-ID: Date: Fri, 22 May 2009 21:08:11 GMT From: Mark Hobley Subject: Re: Sometimes Putty doesn't terminate after exit command Thomas Wiedmann wrote: > > What may be the reason for this strange behavoiur, sometimes occurring? > How can this problem be avoided? I remember reading something in a manual about this a long time ago. I think it was so that final output is preserved on the screen. It did not concern me, because I was only opening windows to access a remote, and it was easy enough to close them. From memory there was an option to prevent this. I did a quick Google to jog my memory, and it tells me "close window on exit" from the session menu. It didn't jog my memory any further though. I would just try that one and see. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 24.136.247.143 NNTP-Posting-Date: Sat, 23 May 2009 08:51:51 -0500 References: Message-ID: Organization: IBM Systems & Technology Group Date: Sat, 23 May 2009 09:51:50 -0400 From: Cindy Ross Subject: Re: Sometimes Putty doesn't terminate after exit command In the Session panel of the PuTTY Configuration, I see an option called "Close window on exit with 3 options: Always, Never, Only on clean exit See if playing with that helps... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroups: comp.terminals NNTP-Posting-Host: 24.40.133.27 NNTP-Posting-Date: Sat, 06 Feb 2010 06:45:01 -0600 References: Message-ID: <21pqm5hgtn97gcgbgqsi4hpcfpqiq5rj8p@4ax.com> Organization: IBM Systems & Technology Group Date: Sat, 06 Feb 2010 07:45:00 -0500 From: Cindy Ross Subject: Re: Moving saved sessions in PuTTy from one computer to another In message , Putty wrote: > > Are the sessions saved, so they may be moved instead of having to > recreate them? See "4.26 Storing configuration in a file" in the PuTTY documenation: http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.html#config-file ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.unix.solaris NNTP-Posting-Host: 128.100.48.224 NNTP-Posting-Date: Thu, 12 Nov 2009 21:49:44 +0000 (UTC) References: <2e6e7e60-ac86-4489-b7bc-b1a0df5e3e35@z3g2000prd.googlegroups.com> Message-ID: <9a47132c-c18e-4040-a856-7f2e07bac16c@r24g2000yqd.googlegroups.com> Date: Thu, 12 Nov 2009 13:49:44 -0800 (PST) From: Oscar Iván Subject: Re: ssh_exchange_identification: Connection closed by remote host On Oct 21, 2:20 pm, "er.verma" <24.ash...@gmail.com> wrote: > > some time when i login to my server using ssh it show me error like > > ssh jakartassh_exchange_identification: Connection closed by remote host This is an oldish thread but we got the same problem recently. The problem was caused by script-kiddies running botnets, scanning the SSH servers with a dictionary attack. The SSH servers refuse connections after MaxStartups from the botnet is reached. From "man sshd_config" MaxStartups Specifies the maximum number of concurrent unauthenti- cated connections to the sshd daemon. Additional connections are dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. The solution was to increase the MaxStartups in /etc/sshd_config and block the botnets with something like "DenyHosts" http://denyhosts.sourceforge.net/ ////////////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: <20100104065656761@webuse.net> Message-ID: <5sg*qVg0s@news.chiark.greenend.org.uk> Organization: Tartarus.Org Date: 04 Jan 2010 09:05:05 +0000 (GMT) From: Simon Tatham Subject: Re: Numeric Keyboard Does NOT Work when Using /usr/bin/less shyl wrote: > > That is, when I was trying to search for some digit texts 123, I > typed /123 but got /ESCOqESCOrESCOs. I wonder how could that happen. "less" has deliberately asked for it, by sending a terminal control code which changes the mode of the numeric keypad. There's an option in PuTTY to disable that code: try Terminal > Features > Disable application keypad mode. -- Simon Tatham "loop, infinite _see_ infinite loop" - Index, Borland Pascal Language Guide //////////////////////////////////////////////////////////////////////// Newsgroups: comp.terminals NNTP-Posting-Host: rapun.sel.cam.ac.uk References: Message-ID: Organization: WOMUMP Date: 23 Jan 2010 13:05:20 +0000 (GMT) From: Jacob Nevins Subject: Re: Putty selection screen of predefined connection Thomas Arthur Seidel writes: > >I have a list of predefined connections, roughly 50 of them, and >because there is not a hierarchical structure possible in Putty, this >list is long. I have found a way to select one, then press one >character, so the marked line moves down. If you now press ENTER, >something funny happens: It does NOT start the highlighted line as a >connection, but starts the default session. > >To work around, I have to double-click that highlighted line. Is >there a way to start that highlighted line by keyboard instead? In 0.60, the following method is cumbersome, but works: - Press Alt+E to focus the saved-session box - Type the session name or a prefix - Press Alt+L to load the session - Press Alt+O to open the loaded session (Clearly the experience of keyboard-only users could be improved.) //////////////////////////////////////////////////////////////////////////////