TTSSH: An SSH Extension to Teraterm

By Robert O'Callahan (roc+tt@cs.cmu.edu)

What TTSSH Is

TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free and its source is available too. Furthermore, TTSSH has been developed entirely in Australia, and can be exported from here to anywhere in the world (apart from places where people aren't allowed to own cryptographic software at all :-( ).

To be more precise, the current version of TTSSH (1.2) includes the following features:

Compatible with SSH protocol version 1.5
Ciphers: 3DES, IDEA, Blowfish, DES, RC4
Server authentication using the ssh_known_hosts database (including the option of adding a server's key to the database)
Authentication using password, RSA, rhosts and rhosts+RSA
Compression support
Connection forwarding (special handling of X11 is not provided, however)

Note that TTSSH is just an SSH client and does not include any other SSH tools (scp, ssh-keygen, ssh-agent, etc). Furthermore, because it's tied into Teraterm, it's only suitable for interactive use. For non-interactive uses such as interprocess communication, you want a straight port of the Unix client.

What's New

July 7, 1998, version 1.3: An overseas friend was able to insert the CORE-SDI patch to guard against the SSH insertion attack. At the same time he fixed a few bugs. Download now!
June 24, 1998: I finally wrote some documentation.
June 24, 1998: I'd just like to remind everyone that I cannot fix any bugs at this time, because I will not jeopardize the worldwide distribution of TTSSH by touching the code while I'm in the United States. (I'd also like to avoid prosecution and/or deportation.)
June 24, 1998: To work around a bug that prevents TTSSH from seeing when a new configuration file is specified by the "/F" option, I have created a new version of TTSSH.EXE. See the documentation page for details.
June 6, 1998, version 1.2: Connection forwarding added and a few bugs fixed. Since I'm returning to the USA tomorrow, this will be the last release for several months unless an overseas maintainer is found.
June 3, 1998, version 1.1: RSA, rhosts, rhosts+RSA support added. Default authentication options dialog box added. ttxssh.exe added. Numerous bugs fixed (thanks DK).
June 1, 1998, version 1.02: Another bug fix. Non-SSH sessions used to crash at the end of the session.
June 1, 1998, version 1.01: Oops! I released the debug version by mistake and it didn't work for many people. Replaced it with the correct release version.
May 20, 1998, version 1.0: Initial release.

How to Obtain and Install TTSSH

Currently TTSSH is only available for Win32 platforms (Windows 95 and NT). Support for Windows 3.1 is plausible but I don't have the tools to build it. Perhaps someone will be able to help with this. Furthermore, it's only available for Intel platforms. Again, I don't have the tools to compile it anywhere else, and someone else may be able to help.

Download the software package.
Unzip it into a directory where you've already installed Teraterm 2.3. This will create files LIBEAY32.DLL, TTXSSH.DLL and TTSSH.EXE.
Run "TTSSH.EXE" and the extension should be available. You should see a new "SSH" option in the "New Connection" dialog box and new menu items "Setup / SSH...", "Setup / SSH Authentication..." and "Help / About TTSSH...".
IMPORTANT NOTE: If you are in a country where the RSA patent applies (such as the USA), then you may need to obtain a special version of LIBEAY32.DLL that has been modified to use their implementation, if you want to be legally squeaky clean. This version of LIBEAY32.DLL can be downloaded from a US crypto site if you are a US or Canadian citizen in the US or Canada; see the downloads page for details.

How to Use TTSSH

There is now a TTSSH documentation page.

What the Government Wants You to Know

This code contains cryptographic software covered by US ITAR regulations and by the laws of various countries. Its distribution and use may be restricted by these laws and regulations. In particular, it is probably illegal to make this code publically available at a US site.

When in the US (and possible in some other places) you may need to use the RSAREF-based LIBEAY32. This is discussed further in the installation section above.

What I Want You to Know

All the usual free software legalese applies. There are no warranties of any kind. The software is provided entirely "as is", and use is entirely at the discretion and risk of the user. Enjoy!

Who to Thank

This code started with Ian Goldberg's Top Gun SSH for the Pilot.
It makes use of Eric Young's cryptographic library, taken from SSLeay 0.8.1. His copyright notice is included as LIBEAY.TXT. The LIBEAY32 used by TTXSSH is a plain "out-of-the-box" build.
This code uses the GNU zlib library (version 1.0.4). That library is (C) 1995-1996 Jean-loup Gailly and Mark Adler.
Finally, this would not have been possible without the cooperation of T. Teranishi. Many thanks!

What to Do about Bugs

TTSSH has been tested in Windows 95 and NT 4.0. Mileage with other platforms may vary, but I'm interested in getting bug reports.

Known bugs:

Patterns in ssh_known_hosts files that contain many * wildcard characters may take excessive time to match against the hostname. The program should fall back to a worst-case quadratic time algorithm.
If you connect to a host, then disconnect, then quickly try to reconnect to the same host, there is about a 1 in 500 chance that the reconnection will fail (in which case you should just try again). This is because we try to allocate a privileged port between 512 and 1024 for the socket to make rhosts authentication possible. Unfortunately, if some other socket is in a TIME_WAIT state (i.e. closure in progress) then we may successfully 'bind' to the same port but then 'connect' will fail, complaining that the port is already in use. This only happens when we try to connect to the same host that the other socket was connected too. Weird, eh? We try random ports to try to prevent this from happening too much. If rhosts is not needed, all this stuff can be disabled; see the documentation.
Sometimes the remote host will disconnect and the window will not close even if you've specified "close window on disconnect". This happens when a dialog box or message box is showing when the disconnect is detected. This is actually a Teraterm "feature", and there's nothing I can do about it.
If you specify /ssh or -ssh (or /T=2) on the command line, you also need to specify /t=0 BEFOREHAND in order for things to work 100% properly.
Using multiple extensions at once (e.g. having SSH and SSL installed at the same time) does not work.
There is a bug in the handling of the command-line options that start with "/ssh" or "-ssh". The symptom is that Teraterm complains it cannot connect to the host, even though it should be able to. It may also crash under some circumstances. The work-around is make sure that the last command-line parameter is not an "/ssh" or "-ssh" option.
Teraterm has a bug in the processing of the /F option for selecting a different configuration file. Basically, TTSSH never sees this option, so it always gets its settings from TERATERM.INI. I have made a workaround --- a new version of TTSSH.EXE that supports a new "/ssh-f=" option. See the documentation.

What the Terms and Conditions are

Redistribution and use in binary forms, without modification, are permitted provided that the following conditions are met:

Redistributions must contain the files ttssh.html and ttxssh.dll, unmodified.
The conditions of the contributors must be met. In particular, if libeay32.dll is included, then libeay.txt must be included and its conditions followed.

Robert O'Callahan