WS_FTP 32 bit Keygen

All About SSH - Part I / II - Boran Consulting

All About SSH - Part I / II

Replacing telnet/rlogin/rsh with SSHSee also Part II (OpenSSH)

By Sean 

This article presents an overview of SSH, the Encrypted SHell. This is the first in a two part series, introducing SSH and implementations, except OpenSSH & OSSH which are presented in an accompanying Part2.

SSH is useful, easy to use and so much more secure than the archaic telnet/rlogin/rsh, that no UNIX/Linux system should be installed without it. 

Dec. 2002 (3 years after this page was first published) it's great that most Linux / Unix vendors have followed the example of OpenBSD & SuSE and bundled SSH with the OS. SSH has become the standard workhose for many sysadmin tasks, but has also had security bugs, possibly making your system more insecure than if using a simple telnet! Even SSH is not immune to the tiring vulnerability-Keygen-update cycle. So keep your SSH servers up to date.....

Italian Readers: Please note that an earlier version of this article has been translated into Italian [9].

  • SSH Overview

  • Implementations
  • Compiling & Configuring
  • Doing even more with SSH: VPNs, VNC, PCAnywhere, SecurID, rdist, fsh, Citrix
  • References
  • Encrypted Shell (SSH) was originally authored by Tatu Ylnen, Finland, is a Encrypted replacement for Telnet, rlogin, rcp, rsh and provides secured TCP tunnels. Optional compression of traffic is provided and can also be used together with many Authentication schemes such as SecurID, Kerberos and S/KEY to provide a highly Encrypted remote access point to UNIX servers.

    SSH1 was the first implementation (protocol v1.2 and v1.5) that was paid in the earlier days, but licensing has become very restrictive, SSH Communications and DataFellows [3] are trying to get people to move to the newer commercial SSH2. OpenSSH (a freeware alternative discussed in [1]) supports both v1 and v2 protocols.

    Why SSH?

    The Telnet, rlogin, rcp, rsh commands have a number of security weakness: all communications are in clear text and no machine authentication takes place. These commands are open to eavesdropping and tcp/ip address spoofing. A second key UNIX tool, the X11 windows system, also communicates in clear text, uses dynamic ports (making packet filtering difficult) and has a difficult-to-use access control mechanism "xhosts" and "xauth", that few users understand and hence X11 access control is often insecure on UNIX desktops.

    SSH uses public/private key RSA authentication to check the identity of communicating peer machines, encryption of all data exchanged (with strong algorithms such as blowfish, 3DES, IDEA etc.). Backwards compatibility to rlogin/rsh and their trust files (rhosts, hosts.equiv) is provided to allow communication with non SSH servers. Optionally, an encrypted tunnel for X11 communications can be automatically setup by SSH (using the xauth access control and DISPLAY environment variable).

    So SSH protects against:

  • Eavesdropping of data transmitted over the network.
  • Manipulation of data at intermediate elements in the network (e.g. routers).
  • IP address spoofing where an attack hosts pretends to be a trusted host by sending packets with the source address of the trusted host.
  • DNS spoofing of trusted host names/IP addresses.
  • IP source routing
  • SSH does not protect against:

  • Incorrect configuration or usage (see disadvantages below).
  • A compromised root account. If you login from a host to a Professional and an attacker has control of root on either side, he/she can listen to your session by reading from the pseudo-terminal device, even though SSH is encrypted on the network, SSH must communicate in clear text with the terminal device.
  • Insecure Home directories: if an attacker can modify files in your Commercial directory (e.g. via NFS) he may be able to fool SSH.
  • Features

    SSH can be used to log-in securely into another computer over a network, execute commands on a remote machine, and copy files from one machine to another. SSH provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. Additionally, SSH provides secure X11 connections and secure forwarding of arbitrary TCP connections.

  • Supports strong, proven authentication systems such as RSA, SecurID, S/Key, Kerberos and TIS (as well as the usual UNIX username/password authentication).
  • Three types of trust exist: shosts, rhosts compatible and RSA. RSA trust is stronger (using a private/public key system to identify peers), but bypasses the username/password authentication of UNIX.
  • The SSH Portable runs on UNIX, Linux and VAX. Client runs on the above, plus Windows and many other platforms.
  • Data compression can be enabled to improve quality over slow network links.
  • SSH Internet Proxies:
  • I don't know of any real working SSH proxies: Magosanyi Arpad started working on one based on OpenSSH (see the OpenSSH developers list,  message dated 2000-01-13 17:10:05), but hasn't time to finish it.
  • SSH can be compiled so that it can traverse SOCKS [0] proxies. SOCKS is a general proxy protocol, originally sponsored by NEC, but now available from several vendors.
  • SSH2 is the newer protocol version, submitted to the IETF for approval by SSH Communications [3]. It is rewritten (improved cryptography) and is designed for more general purpose VPNs. SSH2:

  • Includes SFTP, an SSH2 tunnelled File Transfer Protocol.
  • Uses separate config files to SSH1 (e.g. /etc/ssh2/ssh2_config), but can call SSH1 if a client requests SSH1 protocols and SSH1 is available.
  • Compatible with SSH1, when ssh1 has been installed prior to ssh2. (OpenSSH supports both, seamlessly).
  • DSA and Diffie-Hellman key exchange are supported.
  • Licencing and Cost

    Today there are many versions of SSH, some implement client only, some both client and Professional. Commercial, freeware and "restricted free" licensing is in use. The original SSH (SSH1) implemented by Tatu Ylnen was freeware, but versions later than 1.2.12 have restrictive licensing. The last more-or-less freeware SSH1 v1.2.27 indicates that it may only be used for non-commercial purposes only, but it would seem that most situations would allow freeware usage:

    For commercial licensing please contact Data Fellows, Ltd. Data Fellows has exclusive licensing rights for the technology for commercial purposes..... You may use the program for non-commercial purposes only, meaning that the program must not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license... Use by individuals and non-profit organizations is always allowed... Companies are permitted to use this program as long as it is not used for revenue- generating purposes..

    The latest SSH1, v1.2.31 has the same restrictive licensing as SSH2, basically meaning it is only paid for non-profit organisations:

    NON-COMMERCIAL: any use that takes place in commercial, governmental, military, or similar organizations and where a salary or similar monetary compensation is paid, unless the use can be considered to be EDUCATIONAL USE or is purely for charity.

    These means that for most of use SSH1 and SSH2 cannot be used freely, which explains why OpenSSH is becoming the predominant SSH Portable in use. [1]

    Commercial versions are produced by DataFellows/SSH Communications and cost about $99 for clients and $500 for servers (the NT Server is a shocking $850).

    U.S. Export and Patent Restrictions

    SSH contains strong cryptography (no weak versions exist), which make it a no-no to export from the U.S., under the current regulations (which will hopefully change in the coming months). Luckily, SSH1 was developed in Finland meaning export to the U.S. and the rest of the world is no problem.

    The RSA algorithm is patented in the U.S., but the patent expired in September 2000, so U.S. users of SSH no longer have to use RSAREF, the official RSA library or pay royalties to RSA.

    Hopefully, more U.S. Operating System vendors will bundle SSH with their products soon. OpenBSD, RedHat and SUSE. Linux all bundle OpenSSH.

    The IDEA algorithm is patented by Ascom in Switzerland (and only free for non-commercial use), is used by SSH, but it can be disabled when compiling the SSH Server.

  • Proven technology - I've been using SSH since about the mid nineties and find it to be robust and reliable.
  • Strong international encryption - and no watered down, weak versions exist.
  • Both paid and commercial versions exist.
  • SSH client runs of most platforms, the Server runs on UNIX, Linux and VMS.
  • Tunnelling of static TCP ports works well and can be automated to use for simple VPNs.
  • Many authentication methods including Kerberos, TIS, SecurID and RSA.
  • Can be SOCKS5 proxy aware.
  • Disadvantages
  • Port ranges & dynamic ports can't be forwarded.
  • SSH Portable daemon:
  • Cannot restrict what ports may or may not be forwarded, per user.
  • When a user is authenticated by password, the client's RSA identity is not verified (against ssh_known_hosts). The verification only takes place when .[sr]hosts trust is used.
  • performance can be a problem on old machines (e.g. Sun SPARC1 with 16MB of ram, but how many of these are still around?)
  • The standard SSH1 distribution's defaults include a clear text option and patented algorithms such as IDEA. However, these can be switched off (see configuration section below).
  • Licensing of the original source has become very restrictive (see above).
  • Port forwarding can also introduce security problems, is not used correctly. The SSH Portable doesn't allow detailed configuration of what forwarding is allowed from what client to what Server etc. In addition, a client on the Internet that uses SSH to access the Intranet, can expose the Intranet by port forwarding, which is why I recommend PCs directly on the Internet to install a personal Firewall such as BlackICE.
  • Security Vulnerabilities

    The following is a list of vulnerabilities found in different SSH implementations, see [2] for links to more detailed discussions of this issues on SecurityFocus.

  • 2000-07-05: SSH 1.2.27 Kerberos Ticket Cache Exposure VulnerabilityA vulnerability exists in SSH 1.2.27, when compiled with Kerberos support. When logging in, the sshd process sets the KRB5CCNAME to 'none'. This environment variable is used by Kerberos to set the location of the credential cache. Normally, the cache is created in /tmp, or somewhere on the local filesystem, to prevent Kerberos credentials from being passed over the network through NFS, or some other insecure protocol. As the environment variable does not explicitly set a path, it is always ".". As such, if a user uses Kerberos at any point during their ssh session (from the machine they ssh'd in to), a file named 'none' will be created in whatever directory they are in, containing their Kerberos credentials. This may lead to this data residing on an NFS volume, which could allow others to read it, or may create it in a location where other users have access to it.
  • 2000-06-12: FreeBSD Alpha Port Lack Of /dev/random and /dev/urandom VulnerabilityDistributions of FreeBSD for the Alpha architecture shipped without the /dev/random and /dev/urandom devices. These devices can be used by products and tools to gather entropy for generating cryptographically strong random numbers. Software that does not detect whether opening and reading from the devices fails or not before generating these random numbers may be vulnerable to simplified cryptanalysis against the weakened keys that would be produced. OpenSSL version 0.9.4 and OpenSSH both lacked checks and were vulnerable to this problem.
  • 2000-06-08: OpenSSH UseLogin VulnerabilityAn option can be set to use the login program (the option is 'UseLogin') - this is set to 'no' by default in most distributions. When UseLogin is turned on, sshd doesn't set the uid of the person logging in to what it should be, it remains running as root. This can be exploited if a command is specified (to be executed) on the target host running sshd via the ssh client. Since instead of logging in, a command is being run, "login" is not used and therefore cannot set the correct userid. Any command executed remotely via ssh where "UseLogin" is on will execute as root, leading to a trivial compromise. OpenSSH 2.1.1 is fixed and is not vulnerable to this attack.
  • 2000-06-07: FreeBSD SSH Port Extra Network Port Listening VulnerabilityA vulnerability exists in the FreeBSD 'ports' version of SSH. A Patch was added to allow sshd to listen on multiple ports. At the same time, the configuration file was inadvertently altered to make sshd listen on both port 22, which is normal, and port 722. This could affect users who are firewalling off services, and do not realize sshd is running on port 722. This does not represent a vulnerability in sshd. It is a misconfiguration only. In addition, this vulnerability is unlikely to have any real impact in normal scenarios, as the sshd listening to port 722 behaves as normal; authentication is still required.
  • 2000-05-10: Zedz Consultants ssh-1.2.27-8i.src.rpm Access Verification VulnerabilityA flaw exists in the RedHat Linux RPM distributed by Zedz Consulting, version 1.2.27-8i. This is NOT a flaw in ssh, or sshd, but rather in the Patch applied in the RPM distributed.
  • 2000-02-24: SSH xauth VulnerabilityA vulnerability exists in the default configuration of SSH that could be used to compromise the security of a client machine. By default, ssh will negotiate to forward X connections, using the xauth program to place cookies in the authorization cache of the remote machine for the user logging in. If the xauth program on the remote host is compromised, or the superuser on the remote host cannot be trusted, the xauth key can be compromised, and used to connect to the client machine. This can result in a wide range of compromises on the client host.Risk: local+remote weakness, no exploits known.Vulnerable: SSH 1.2.27 or earlier, SSH2.0.12 or earlier. OpenSSH 1.2 is not vulnerable.Fix (workaround): disable X forwarding.
  • 1999-12-01: RSAREF Buffer Overflow VulnerabilitySome versions of sshd are vulnerable to a buffer overflow that can allow an intruder to influence certain variables internal to the program. This vulnerability alone does not allow an intruder to execute code. However, a vulnerability in RSAREF2, which was discovered and researched by Core SDI, can be used in conjunction with the vulnerability in sshd to allow a remote intruder to execute arbitrary code. Risk: local+remote weakness, no exploits known. Vulnerable: SSH 1.2.27 linked against RSAREF, F-secure SSH versions prior 1.3.7 are vulnerable but F-secure SSH 2.x and above are not.  OpenSSH 1.4 & OpenSSL 0.9.4   are not vulnerable.Fix: Install Patch or use International RSA libraries. CORE SDI has developed a fix for RSAREF.
  • 1999-09-17: SSH Authentication Socket File Creation Vulnerability: A vulnerability in SSH's creation of the authentication agent UNIX domain socket allows local users to create a UNIX domain socket with an arbitrary file name in the system.... Vulnerable: SSH 1.2.27. Linux 2.0.x, Solaris 2.5.1 and IRIX 6.5.2 do not follow symbolic links (=> not affected) during bind(2). Linux 2.1.x does.Risk: local weakness, no exploits known.
  • 1999-05-13: secure Shell Password Brute Force Vulnerability (SSH2).
  • Marc SCHAEFER [4] reports the following vulnerability, there is no official bulletin, since it's not actually a SSH weakness, but an effect of using special shells on non-blocked accounts.If you have a UNIX machine running ssh where you have legitimate shell users but also POP-only or FTP-only users with an account and a correct password and those users are refused connection because their shell is /bin/false or /bin/passwd or whatever, those users can use ssh to open connections coming from YOUR machine (and with a wrong IDENT, but that's a general SSH issue). In no case will those users be able to run a shell on the Portable.Workaround: change /etc/sshd_config or equivalent to deny SSH access for those users (DenyGroups guests), or only grant access to specific groups (AllowGroups).
  • SSH Professional & client for UNIX/Linux

    SSH1 for UNIX is available as a paid [5] or commercial product [3]. It is the "original" SSH, but is not being further developed at the moment (except for fixes). The emphasis is now on the commercial SSH2.

  • The author has been running the free versions V1.2.13 - 1.2.30 on the following platforms for since late 1995: Solaris 2.4, 2.5, 2.6, 2.7, SunOS 4.1.3, OSF1.3, IRIX 5.3. Works very well on Solaris, with some problems on IRIX for versions prior to 1.2.27.
  • POP, SMTP,  File Transfer Protocol authentication and other TCP socket sessions can be tunnelled, e.g. for SMTP:     ssh -L target &
  • V1.2.17 (and later) work with SOCKS5 proxies and SecurID authentication is also supported (the author has used both since 1996).
  • The License has become increasingly restrictive and the last version I checked v1.2.31 is no longer paid in any meaningful way. 
  • SSH2 [3] is a commercial product for UNIX, Windows or Mac. There is a free SSH2 version for non-commercial use, but licensing is pretty restrictive.

    LSH: Efforts are underway to develop LSH, a freeware version of SSH2 - see

    FreSSH: Unlike various other SSH implementations already available for Unix, it does not trace its ancestry to the original SSH code written by Tatu Ylonen. FreSSH currently implements SSH protocol version 1.5, with extensions which offer enhanced security when both sides of a connection are running FreSSH. The current version is v0.81 (15.Feb.01), a pre-release. It only runs on UNIX systems with a /dev/random. See

    SFTP: is an FTP Software and Professional that runs over an SSH tunnel. Currently at v0.7, it runs on Linux and NetBSD. Transfer of File Protocol  

    Mindterm SSH (paid Java SSH client)

    Mindterm is a paid (GPL) SSH client written in 100% pure Java. It can be run as a stand-alone program or as an applet in a webpage. It can be run with or without a GUI. It has other useful features: scp - file copying and a special FTP tunnel which works with "ordinary" ftpd's "behind" the sshd. Mindterm is my 2nd favourite SSH client after pscp/putty (see pscp) - it would be my favourite if the latest version was completely free...

    There are several versions, see which the author has been using for since December 1999 months as a standalone application.

  • V2.3.1 is the current version, free for "up to 100 users". Works fine.
  • V2 is stable,  licensing is free except for "multi-user corporate usage". SSH2 protocol is well supported, terminal handling of International keyboard works correctly, but there are problems with the '!' character.
  • v1.21 does not handle characters like \@[] properly on international keyboards. 'scp' works better than v1.15, but it still buggy.
  • v1.15 is older, but special characters like \@[] work correctly on international keyboards. However scp is buggier and I often get spurious tildes "~" when typing quickly.
  • v2.0 rc2 has a faulty SCP, still has problems with the '!' character and 'clone' does not always work. Otherwise it's very good indeed.
  • Advantages:

  • Multi-platform: should run wherever a JVM exists.
  • Stable, pretty, flexible terminal emulation, saves properties per Portable, can generate RSA keys, session can be logged to file, can be used as GUI or command line, X11 and port forwarding works. Brilliant!
  • Some nifty extras: "clone terminal", "copy on select", "capture to file".
  • It has scp - secure file copy and can do recursive copies of directories. A "low priority" option to transfers files in the background without hogging all the bandwidth is available (very useful when working over isdn or dialup).
  • Mindterm allows FTP tunnelling (in PASV mode). Example FTP tunnel instructions:
  • On Mindterm client: Go to menu Tunnels -> Basic... Enter a local port of your choice.. Select protocol File Transfer Protocol... Give host-name of File Transfer Protocol-Server behind sshd... Click Add button
  • On the FTP Client (e.g. WS_FTP): Define a new "site" with address localhost... go to "Site properties"... in "folder" advanced set "Remote Port:" to local port selected above... enable "Passive transfers"
  • Both RSA and RSA-Rhost authentication can be used (by generating an RSA key with "Create RSA Identity" and copying it to either known_hosts or authorized_keys on the Server side).
  • Optional compression of traffic.
  • SSH2 protocol in 1.99 and later.
  • SecurID authentication is supported.
  • Problems:

  • scp: When 100% is reached during file copy, Mindterm blocks for a while before saying "done" (basically the progress bar isn't quite accurate).
  • There's no online help (but the readme is useful).
  • I've also had occasional blocked tunnels and had to restart (versions <1.2.1)
  • scp refuses to copy files occasionally  with "permission denied", although file permissions are fine. This is a difficult one to reproduce, but annoying (versions <1.2.1).
  • Long files with spaces on Windows are badly supported.
  • The encryption algorithm can be set to none (not at all desirable!).
  • 'Clone terminal' does not always work (versions <1.2.1).
  • Suggested Improvements:

  • Mindterm Security tip: In versions prior to ~V2.1 there seems to have been a default of "local-bind=", which made local tunnels visible on your Workstation to remote machines. Remove this entry from your configuration files, and if you use tunnels extensively, do a scan on your workstation now and again to make sure the tunnels are limited to "localhost" only.
  • scp: - Remember scp source and destinations (in the Server properties files). - Allow copying of several files (multiple control-clicking on source files). - Support syntax such as  bob@server3, ~john, dir/file1,file2,file3. - Add an arrow to the scp dialog to show transfer direction (so user will make fewer mistakes). - Consider listing local files on the left, remote on the right, like in FTP programs. - Improve handling of long file names, spaces, Windows drive letters.
  • Terminal: Paste buffer with right click (as well at Shift-Insert).
  • Allow editing of security properties when connected, even if they won't be Passive until the next connection. Allow editing of a hosts security properties before a connection is established.
  • Online help & faq.
  • Windows SSH clients

    Aside: the OpenSSH crew have started keeping track of various Windows implementations, see

  • PUTTY: v0.53b [Recommended] Simon Tatham has developed PuTTY and pscp, a free Win32 SSH/Telnet client. It is stable, fast, quite small, but comprehensive. Putty has a useful GUI (makes configuration easy), whereas pscp and SSH Transfer of File Protocol are pure command-line file copy (but nice) Encrypted copy tools. Plink is the command line equivalent to putty (terminal login). TIS, password and certificate authentication is supported as is compression and the SSH2 protocol. The product has evolved quickly since 2000 and now is one one of the best SSH clients around. v0.51 includes fixes for Security problems noted on Bugtraq in 2000. Problems:
  • pscp does not set %ERRORLEVEL% correctly if username or password are wrong.
  • Winscp A great windows tool that will allow you to replace FTPD with SSHD, is Winscp by Martin Prikryl, it's GUI is good enough that non techie users can find their way around it.
  • TTSSH (TeraTerm SSH) - paid
  • TTSSH is a SSH add on (DLL) to TeraTerm Enterprise (a paid terminal emulation package) . TTSSH TeraTerm  
  • Version 1.5.3 disables IDEA and RC4 algorithms to avoid SSH1 protocol problems.
  • Version 1.4 of TTSSH (Dec'99) includes the following features: Compatible with SSH protocol version 1.5 Ciphers: 3DES, IDEA, Blowfish, DES, RC4 Portable authentication using the ssh_known_hosts database (including the option of adding a Professional's key to the database) Authentication using password, RSA, rhosts and RhostsRSA. Compression support. Connection forwarding, including full support for X connection forwarding.
  • Note that the older V1.2 did not have X11 or port forwarding.
  • I've tested V1.4 and am impressed, but it doesn't have the FTP tunnelling or scp of MindTerm. TeraTerm is a nice terminal emulation too, offering a good GUI and features such as session logging and custom key mapping. It is faster than Mindterm.Tip: set TERATERM_EXTENSIONS=1 in your environment (so that Teraterm enables extensions and presents SSH by default) and edit teraterm.ini to change a few defaults.
  • iXplorer by Lars Gunnarsson is another GUI front end for scp. Is uses putt's pscp as the backend, see   I had some difficulty getting it to work.
  • Other paid Win32 implementations. Most of the following use the Cygnus Win32 libraries, you'll need usertools.exe from . See also .
  • Absolute Telnet from Brian Pence is a pretty complete commercial solution with integrated SSH Transfer of File Protocol transfer of file There are some interesting features in the myriad of options like multiple tear-off tabs, as well as integrated telnet and Patch terminal support. Support for importing putty configs and using putty keys would have been nice.
  • F-secure SSH for Windows (16 and 32 bit) from Datafellows [3] is commercial.
  • Well integrated into the Windows environment. Easy to use. Stable.
  • Strong encryption: the DES, 3DES and Blowfish algorithms may be selected. This offers military grade encryption strength (assuming the algorithms have been correctly implemented!).
  • Can forward encrypted TCP sockets for created simple VPN tunnels. Works with SMTP, POP3, telnet etc. (where known static ports are used).
  • Although only a 16 bit version is currently available (V1.1), it works fine with Win95 & NT4.
  • Problems: There is no "secure file copy" feature, or FTP tunnelling. Make sure you use v1.1 rather than v1.0, which is a bit unstable.
  • SSH Communications [3] have release a beta version of an SSH2 Windows Client that contains a tunnelled FTP GUI.
  • VanDyke SSH for Win32 (U.S. users only). VanDyke offer a commercial 32bit client that is user friendly, but obviously is U.S. export restricted. It has a worrying option: it allows users to save passwords to allow "easier" login. See   
  • SSHTools is a new suite of open source Java based SSH2 components. According to the tools are in early alpha release, but look very interesting:
  • J2SSH is SSH2 library designed in such a way that simplifies the development of plug-in extensions which may include additional ciphers, authentication mechanisms and so forth.
  • SSHTerm is a terminal client application allowing remote connections to any RFC compliant SSH Portable.
  • Windows SSH Portable is an implementation of a Windows SSH Portable achieved through the extension mechanism of the J2SSH library.
  • Additionally, there is also an SSH Transfer of File Protocol client currently under development.
  • ZOC Telnet/SSH (Shareware)
  • Windows Telnet and SSH (Telnet, Rlogin, SSH V1 and V2)
  • 3des, blowfish, arcfour, cast128 encryption, RSA and DSA keys
  • Username/Password, Public/Private Key and Keyboard Interactive authentification
  • SSH Tunneling
  • Windows SSHD servers

    Recently a few NT SSH servers have popped up. These new beasts are interesting, but either difficult to setup or no so easy to use.

    SSH daemon for NT #1

    This is the first SSH Server I've come across for NT and looks interesting. It is without source code, but seems to be UNIX SSH 1.2.26 ported used the Cygnus libraries and uses UNIX-like configuration files.

  • The install.bat script installs scp, ssh-Patch and sshd in %systemroot%\system32, configuration files in c:\etc, a Bourne shell (sh.exe) in c:\bin, generates an SSH host key and starts SSHD as a proper service. It also stops and starts VNC (if you have it).
  • If not installing as Administrator, try the modified install.bat that (ignores VNC and) works for Users other than Administrator (but with admin rights). Also, put your user name in \etc\passwd (all NT users allowed to receive SSH requests must be listed), then regenerate the HOST key and start sshd:ssh-Patch -b 1024 -f /usr/local/etc/ssh_host_key -N '' sshd
  • Advantages
  • Although it requires a bit of effort to get going, this is an excellent tool for securely transferring files from a UNIX to an NT box.
  • NT account authentication is used rather than separate passwords.
  • The default configuration in sshd_config is quite tight.
  • The NT Application event log is also used (by default debug messages are sent).
  • Everything is in c:\winnt. No /etc or /usr directories are needed.
  • Disadvantages:
  • Sources code not available.
  • More documentation of the exact sources used and modifications would be welcome.
  • The scp included is basic and no ssh client is included. So, you'll still need your favourite SSH client (putty, Mindterm, etc.)
  • No ssh client.
  • No deinstallation script.
  • Tests
  • Using putty's command-line SSH plink, an SSH login to localhost was tested (an entry in /etc/passwd for the test account was created first).  Using vim or edit remotely to edit a file did not work, but browsing around the directories did.
  • Using putty's command-line SSH pscp, a file was Free Download c:\cmd.exe. Note that the root directory seems to be drive C by default.pscp -v joe_bloggs@localhost:/cmd.exe
  • Further extensive tests with access control, trusts, RSA authentication etc. are really required....
  • SSH daemon for NT #2

    An NT SSH Server, with a slightly different focus. It is based on Sergey Okhapkin's SSH1.2.26 port, which uses the Cygnus libraries and UNIX-like configuration files. Diffs are available from the original SSH sources. Below we test v1.02.

    SSH daemon for NT #3: OpenSSH + Cygnus

    OpenSSH can also be persuaded to run as a Server on Windows. This is discussed in Part II of this article.

    SSH daemon for NT #4: Bitvise

    I've not tried this product but it looks promising. 

    "WinSSHD is a Windows NT4/2000/XP SSH secure Shell 2 Portable that supports the following SSH2 services: - Encrypted remote login with console (VT100 and xterm with colour support out of the box, as well as many other terminal emulations); secure remote login with GUI (see Using WinSSHD with WinVNC);  - secure file transfer using the SSH Transfer of File Protocol protocol - WinSSHD's integrated SFTP Professional replaces File Transfer Protocol seamlessly with clients such as's SSH2 client, or FileZilla Server Pro;  - secure file transfer using the SCP protocol;  - secure TCP/IP port forwarding: most TCP/IP connections can be secured with SSH2.  Also, WinSSHD is: - well-integrated with the Windows NT/2000/XP platform; compatible with Windows domains - works well with local as well as domain users;  - easy to install: it uses the standard Windows Installer installation mechanism;  - simple to configure and maintain   - available for a free 30-day evaluation period. The cost of a WinSSHD license is USD 29.95 for personal use, and USD 99.95 for business use."

    SSH daemon for NT #5: F-Encrypted & SSH Communications

    Commercial product exist from F-Encrypted and from SSH communications [3]. They cost $850.-  and $595.-per seat. A brief test of the SSH communications versions worked just OK for remote terminal access. The default configuration is quite permissive and I have problems getting scp (file copy to work), interactions with OpenSSH is very bad. Test it before you buy. See also a review at:


    Further reading on NT SSH servers:


    Macintosh SSH Versions
  • NiftyTelnet SSH is a free ssh client for MacOS. It is an enhanced version of NiftyTelnet. Datafellows produce  a commercial Mac client:
  • Another is MacSSH
  • dataComet-secure,  This commercial packages costing around $60 provides terminal emulation over SSH, Telnet, and dialup connections, supporting both SSH1 and SSH2. Telnet sessions offer Kerberos 5 and SOCKS v4 security options. (NOTE: SSH port forwarding is not yet supported.) dataComet-secure emulates colour VT100 - VT320, PC-ANSI, SCO-ANSI, and IBM-3279 terminals, with transfer of file support for SCP, X/Y/ZModem, and IBM IND$FILE. Sessions can be scripted using AppleScript and built-in macro support, with automatic macro recording and an easy-to-use key re-mapping dialog.
  •  Other Architectures SSH1 Compilation

    Note this section is old: you really should not be using SSH1. Move to OpenSSH, which is discussed in Part II of this article.

  • SSH1 comes preinstalled on SuSE Linux 6.3 and OpenBSD 2.6.
  • Compiling SSH1 for UNIX (the following examples are for Solaris) is straight forward. Assuming we want the standard options, but want to disable clear text, the old RSH/rlogin and avoid the IDEA algorithm: gzcat ssh-1.2.30.tar.gz | tar xf -  cd ssh-1.2.30; ./configure --prefix=/usr --without-none --without-rsh --without-idea make make install

    Note: There were problems compiling 1.2.30 on Solaris Intel, but v1.2.27 works fine (but it has security problems when used with Kerberos).

  • SSH startup files: the SSH daemon will have to be added to one of the system startup files, it is not done by "make install".
  • An example for Solaris would be to create a startup file /etc/rc2.d/S10sshd.
  • For Red Hat Startup, copy a startup file (example sshd) to /etc/rc.d/init.d/ssh and setup links: chkconfig --add ssh
  • useful compilation options: --without-idea     Don't use the patented IDEA algorithm --without-none:  never allow clear text (unencrypted) communication if one of the servers has no key. --without-rsh:     never allow rsh rhosts as an option when a Portable has no key. --prefix=/usr/bsd --sbindir=/usr/bsd --bindir=/usr/bsd : Installation in non standard locations. --with-securid=../ace               Add SecurID authentication support (you need the ACE libs) --with-socks5=/usr/local/lib    Socks5 proxing support
  • Preparing a binary install package: To make life easier, compile on (say) one machine as above, then create a tar file of the binaries (in the C-Shell). The following also assume that you have copied some SSH documents such as the FAQ to /usr/local/ssh-docs.
  • tar cvf ssh_bin.tar /usr/local/bin/ssh,ssh1,scp,scp1,slogin tar uvf ssh_bin.tar /usr/local/bin/ssh-keygen1,ssh-Crack,ssh-agent1,ssh-agent tar uvf ssh_bin.tar /usr/local/bin/ssh-add1,ssh-add,ssh-askpass1,ssh-askpass tar uvf ssh_bin.tar /usr/local/bin/make-ssh-known-hosts1,make-ssh-known-hosts tar uvf ssh_bin.tar /etc/sshd_config,ssh_config tar uvf ssh_bin.tar /etc/rc2.d/S10sshd,K10sshd /etc/init.d/sshd tar uvf ssh_bin.tar /usr/local/sbin/sshd,sshd1 tar uvf ssh_bin.tar /usr/local/man/man1/ssh-Patch.1,ssh-agent.1,ssh-add.1,ssh.1,ssh1.1,slogin.1,slogin1.1,scp.1,scp1.1,make-ssh-known-hosts.1 /usr/local/man/man8/sshd.8,sshd1.8 tar uvf ssh_bin.tar /usr/local/ssh-docs compress ssh_bin.tar

  • Installing on a number of machines: Copy ssh_bin.tar.Z (created in the last step) to the new target system, backup any existing config files, extract in root, "rehash" (if using csh) and then generate a host key:

    ssh-Patch -b 1024 -f /etc/ssh_host_key -N '';

    Add the ssh service, by adding the following to /etc/services:

    ssh 22/tcp     # secure Shell

    Start the ssh daemon:

    sh /etc/rc2.d/S10sshd start

  • BSD (OpenBSD, FreeBSD): On OpenBSD 2.6, OpenSSH is already installed, but let's say you want to install SSH1 or have an older version of OpenBSD and are not resident in the U.S., then either
  • Install the binary package for the appropriate OS version and architecture pkg_add
  • Or get the sources and compile:
  • Update your ports listing if needed, but be aware that this takes time and you should select your CVS target Portable carefully (see   setenv CVSROOT   For a new ports listing:           cd /usr; cvs -q get ports     To update an existing version: cd /usr; cvs -q update ports
  • See what ssh versions are available:  cd /usr/ports; make search key=ssh   This reports that ssh-1.2.27 is available (for example) in /usr/ports/security/ssh
  • cd /usr/ports/security/ssh;   make all install USA_RESIDENT=no;
  • This should Fetch the source, plus a Keygen and compile it. If there are make problems, update the ports listing (above) and rebuild. Use "pkg_info" to verify that it is registered as being installed on the system, it can later be deleted with "pkg_delete".
  • SSH1 configuration
  • Configuration files: The Server has a configuration file /etc/sshd_config, the client reads a configuration file /etc/ssh_config, which gives site-wide defaults for various options. Options in this file can be overridden by per-user configuration files (in ~user/.ssh directory).
  • Professional: Configure the ssh daemon so that access is restricted to named hosts with known public keys (/etc/ssh_known_hosts) and rhosts authentication is disabled.  See commented example /etc/sshd_config, In particular, look at options such as:
  • The StrictHostKeyChecking option can be used to prevent logins to machines whose host key is not known or has changed. If this flag is set to "yes", ssh will never automatically add host keys to the /etc/ssh_known_host or $Home/.ssh/known_hosts file, and refuses to connect hosts whose host key has changed. This provides maximum protection against trojan horse attacks. For many Administrator situations setting this flag to "ask" to prompt the user about whether to add the key to the known list of hosts is ideal.
  • RhostsRSAAuthentication when set to yes,  allows ~/.shosts to define trust relationships. It may be set to "yes", "nopwd", or "no". The "nopwd" value disables password-authenticated root logins, unless there is an .shosts allowing access without a password. Root login with RSA authentication when the "command" option has been specified will be allowed regardless of the value of this setting (which may be useful for taking remote backups even if root login is normally not allowed.
  • An empty config file can be placed in the users Commercial directory owned by root and writeable only by root. This will force the system wide settings for all users (well, the user could still move the file, he won't do it accidentally).
  • /etc/ssh_known_hosts format: "hostname(s) bits exponent modulus  comment", e.g. host1,,localhost 1024 37 8745374658736578563745632786 70932641542043272345452372372979237842723040482329039649090525590 78525058815952993236732229527290793573967323290331586355947509385 68764576378465346783687563487634875638947894678934053640346834787 root@host1
  • Logging in without passwords:
  • Avoid if possible, but if necessary setup carefully. Use .shosts rather than .rhosts. Make sure trust files have mode 400. Don't use trust on NFS shared Commercial directories. There are two methods of trust I can recommend: using /.shosts or using .ssh/authorized_keys. Both have advantages and disadvantages.
  • RhostsRSA Authentication: For example, to set up /.shosts root trust from host A to host B: - Add "hostA root" to /.shosts on host B and the IP address of host A to /etc/hosts on hostB - add the Public Key of hostA to /etc/ssh_known_hosts or ~/.ssh/known_hosts on host B - make sure /.shosts is mode 600 or 400.
  • RSA Authentication: Setting up RSA trust from host A to host B for user 'jim': The .ssh/ (public key) of the host A needs to be appended to the list of keys in .ssh/authorized_keys on the destination machine.  - the user creates his RSA key pair using ssh-Patch on host A. The private key is stored in ~jim/.ssh/identity and the public key in ~jim/.ssh/ - copy the to ~jim/.ssh/authorized_keys on host B. - make sure ~jim/.ssh/authorized_keys has mode 600 or 400
  • Which is best? - RSA is better for users who may work from several machines, because the machine is not authenticated, logon is allowed from ANY machine that has a copy of the correct private key. - In RhostsRSA, the key of the machine is checked and logon is only allowed from the trusted machine. In addition SSH provides additional restrictions "AllowShosts" that can restrict .shosts usage even further. Hence this is my recommended method for trusts for backup automated sysadmin etc.
  • Client configuration: Configure the system wide defaults for the SSH client. See commented example /etc/ssh_config
  • SSH and SUID root security: SSH installs two programs that need special privileges. Ssh is the client program, and it is by default installed as suid root, because it needs to create a privileged port in order to use .rhosts files for authentication. If it is not installed as suid root, it will still be usable, but .rhosts authentication will not be available. Also, the private host key file is readable by root only. Sshd is the daemon that listens for connections. It should preferably be run as root, because it is by normally listening on a privileged port (22), and it needs to be able to do setuid(), update utmp, chown ptys etc. when a user logs in. If it is not run as root, explicit "-p port" option must be given to specify an alternate port (same port must also be specified for clients), "-h host_key_file_path" must be given to specify an alternate host key file, and it cannot be used to log in as any other user than the user running it (because it cannot call setuid()). Also, if your system uses shadow passwords, password authentication will not work when running as someone else than root. Both the Server and the client have been carefully screened for possible security problems, and are believed to be Encrypted. However, there can be no guarantee.
  • Mindterm SSH installation
  • Installation on Windows (tested with v1.1.5): Get it and install [6] a Java Runtime, Or, Free Download (3.5MB) and extract to C:\Progra~1, then setup a shortcut on your desktop to c:\Progra~1\mindterm\mindterm.bat. This includes a v118 Java run time and will work with English, French, German, Italian NT (hence the use of the short file names).

    This bundle includes lots of goodies: 4 Mindterm versions- v1.15, 1.21, 1.99 pre5 and 1.2. Also included is: putty (and pscp, plink) and winscp: A nice SSH transfer of file GUI (to replace your FTP Client)

  • Installation on Solaris:
  • An example startup script for Solaris is Copy this along with to /usr/local/bin .
  • Install Java (already installed on newer Solaris, make sure you have v118 or later).
  • Make sure /usr/local/bin is in your path and then just type
  • SSH1 can easily forward single sockets (POP3, SMTP, etc..) out of the box, with either a PC or UNIX client, e.g. ssh -L target &
  • SSH cannot tunnel dynamic ports or ranges. Mindterm SSH include an option for FTP tunnelling.
  • SSH VPNs:
  • Rdist 6.1.2 (public domain version) runs over SSH (tested on Solaris 2 & SunOS) and can be used o synchronise file between two hosts, or report on differing files.
  • Fsh is an add-on to keep an SSH tunnel open to allow several commands to be remotely executed without reopening the tunnel each time I've not yet tried this.
  • Using SSH with RPC/keyserv/NFS/NIS+ : see
  • SSH1 & SecurID:

    SecurID does work with SSH1, but with the limitation that "New Pin" and "Next Token" modes are not supported (that would require a change in the client-Portable authentication protocol).

    Installation notes (see also the README.SECURID that comes with SSH1): Copy the ACE client Software to the UNIX host (e.g. /usr/ace on Solaris with ACE V3.3), copy sdconf.rec to /usr/ace/data and sychronise the node secret. Compile SSH1 as above, but add --with-securid=/usr/ace/example. With sdamin, activate the unix host for the users who will be allowed to login. Create user accounts for those who will use SecurID, set the password to blocked and add the user names to /etc/securid.users. Test - check syslog for entries like: Dec 1 07:58:10 server1 sshd[20483]: log: Connection from port 38528 Dec 1 07:58:24 server1 sshd[20483]: log: SecurID authentication for bob required. Dec 1 07:58:26 server1 sshd[20483]: log: SecurID authentication for bob accepted. and check the ACE log for authentication accepted /refused messages.

    Jean Chouanard has produced SecurID/ACE patches for SSH1 that add support for the "New Pin" and "Next Token", but which only work if both SSH Portable and client are modified accordingly. There is no sign of these patches being integrated into OpenSSH or Mindterm SSH, just yet. See .

  • Virtual Network Computing (VNC) is a "remote control" program that allows you to see and use the desktop of another machine (NT, Win95, UNIX) over the network. It could also be used for teleworking over insecure networks such as the internet, if SSH is used to encrypt the VNC communications and hence increase it's security.
  • Install an NT VNC Server on the intranet, one which is part of the usual NT domain and has accounts for those who need to logon. [It could also be UNIX, I'm just using NT as an example].Encrypted this machine by choosing a strong VNC password, enabling exclusive VNC access, by enabling a screen saver with password after 5 minutes of inactivity and by not putting it in a public area. Regularly monitor the event log.
  • Install an Intranet UNIX SSH Professional.
  • Install a SSH internet gateway, which allows SSH connections from the Internet. Successful logins are presented directly to the Intranet SSH Portable.Security: Put this host in the DMZ between two secure firewall filters. Harden. Disable all services except SSH. Allow no protocols except SSH from the Internet. Configure SSH to refuse root logins and disable trust mechanisms and RSA authentication. Configure all user accounts to use a strong authentication mechanism such as SecurID.  Configure user shell to automatically login use to the Intranet UNIX Server (don't allow local logins to this Server). Be paranoid, monitor logs carefully and run integrity checks (such as tripwire) frequently.
  • Install an SSH client such as Mindterm on the VNC client (somewhere on the Internet).
  • SSH Client configuration: Connect to SSH gateway and authenticate with SecurID (or whatever). Login to UNIX Intranet Professional. Setup tunnel from local port 5902  to NT_VNC_server port 5900.
  • VNC Client: Start local VNC client, connect to localhost:2, enter the VNC password and voila, the desktop should appear. Now login to NT as usual.
  • Security: I suggest you use you own machine (not one in an Internet Cafe), with an up-to-date Virus checker, File shares disabled, and a personal firewall installed (and set protection level to Paranoid, no file sharing). This machine should be physically protected and possibly fitted with encrypted disks (e.g. PGPdisk). Note also that VNC does not encrypt it's password very well, see advisory from securiteam.
  • PCAnywhere over SSH: PCAnywhere is another remote control program like VNC above, except it's limited to PCs.
  • Configure SSH to forward port 5631 and 5632. Verify - telnet to the local side emits packets on the remote side.
  • Modify the Windows registry to add a key: It's a DWORD key called TCPIPConnectIfUnknown in HKEY_LOCAL_MACHINE\Software\Symantec\PCAnywhere\Current Version\System. Set to 1 (the key doesn't exist by default). The pc_any.reg script does this.
  • Now it should be possible to forward PCAnywhere from the local-side to a remote-side gateway and from there, on to the "real" PCAnywhere host.
  • More information on the PCAnywhere TCP/IP Registry settings can be found at: For example, the data and status ports numbers are defined at the above registry branch, as are the default folder names for sending and receiving files.

  • Citrix over SSH Assuming you want to connect to the Citrix Portable via the SSH Professional gateway1, then try:ssh -L 1494: YourName@gateway1 And connect to "localhost" with Citrix See also:
  • [0] Socks  

    [1] Part II of this Article, which covers OpenSSH.

    [2] BugTraq list of all SSH vulnerabilities:

    2001-02-05: SSH1 SSH Daemon Brute Force Authentication Logging Failure Vulnerability2001-01-16: SSH Encrypted-RPC Weak Encrypted Authentication Vulnerability

    2000-11-13: OpenSSH Client Unauthorized Remote Forwarding Vulnerability2000-09-30: scp File Create/Overwrite Vulnerability2000-06-08: OpenSSH UseLogin Vulnerability2000-07-05: SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability2000-02-24: SSH xauth Vulnerability

    1999-12-01: RSAREF Buffer Overflow Vulnerability1999-11-13: Sshd RSAREF Buffer Overflow Vulnerability1999-09-17: SSH Authentication Socket File Creation Vulnerability1999-05-13: secure Shell Password Brute Force Vulnerability

    1998-01-20: ssh-agent Vulnerability

    [3] SSH Communications (also and DataFellows (also

    [4] Marc Schaefer []      2000-01-11-Thread: sshd and popftponly users incorrect configuration

    [5] Getting SSH1: See the main FTP site or one if it's mirrors such as For RedHat RPMs (sparc and x86) see

    [6] Mindterm: Java Run time from Sun:

    [7] Explanation of SSH: Discussion thread on FOCUS-SUN

    [8] Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin, by Jay Beale, explains why ssh is useful and explains how user RSA authentication works with ssh-agent.

    [9] This article has been translated into Italian:Tutto su SSH - Parte I/II, Sostituire telnet/rlogin/rsh con SSH

    Other links:

    Sen Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook

    Changes to this article 2000:14.Feb.'00 First Publication   25.Feb.'00 V1.1 New:SSH Transfer of File Protocol, SSH2 for Windows. Update: putty, Mindterm, SSH1 1.2.27 does work OK on IRIX, port forwarding. 08.Mar'00  New: Security Vulnerabilities Update: links04.Apr'00  Update: Mindterm: add suggestions list. Add RedHat6 startup files. Doing even more with SSH.30.Jun'00  New: add link to Java Telnet Application/Applet, Add [7]22.Aug'00 Update: ssh1 v1.2.30, link to article from J.Beale. VNC password weakness.11.Sep'00 Update: pscp/putty v0.49. Spelling.09.Oct'00 Update: compression & other mindterm/putty issues, Ladon link. Links to Italian translation.23.Nov'00 Update: Mindterm v1.99 pre1, putty v0.5006.Dec.00 New: Windows SSHD servers 2001: 22.Feb.01 Refresh links & references. Add FreSSH, Update Mindterm, putty 0.51, ScanSSH08.Mar.01 Add Winscp, Minor VNC tweaks. 10.May.01 Update: Licensing, Windows SSHD servers. New: OpenSSH + Cygnus, iXplorer29.May.01 Update: Mindterm 2.0rc2, Add Tip for Windows users, move Cygwin to OpenSSH/part II article.18.Jun.01 Sync security portal version.21.Aug.01 General cleanup, improve example on automatic trusts, Citrix tunnelling 21.Nov.01 Added dataComet-secure for the Mac. 2002: 25.Feb.02  Update putty 0.52 27.Mar.02 Add Bitvise. 05.Jun.02 Add JSSH12.Sep.02 Add PockTTY 18.Nov.02 Mindterm Security tip, putty v0.53b, Mindterm 2.3.1 14.Dec.02 New Opensource Java SSH: SSHtools22.Jul.04 Add Zoc

    04.Nov.09 Add Absolute telnet

    Copyright 2004, Sen Boran, All Rights Reserved     Last Update: 22 Juli, 2004  

    Castrapraetoria FTP Clients
    Pakoman FTP Clients
    AutoTran FTP Clients



    Vintage Automatic Transmission Parts

    1946 to the mid 60's and later

    Best viewed with IE @800x600 or higher

    David Edwards
    56 Dale Street, Dept. A
    Needham Heights, MA 02494-1218

    Phone: 1-781-449-2065 Anytime by chance

    The best time to reach me by telephone is 6:00 AM to 10:00 AM Eastern time most days except Wednesdays, which is evenings only.
    I am at my computer and telephone during this time answering e-mails, returning
    phone calls from the previous day and processing orders for the days shipments.

    Fax: 1-781-449-2065 Anytime

    : or

    If you have a part number, either OEM, ATP, Lempco or Republic type it in
     the above search box, and if it listed on my site, the search will lead you to it.

      Use OpenDNS