This document explores some issues which applies when one tries to run MindTerm as an applet.
The security model of Java requires applets to be signed if they are going to perform certain operations.
Operations which require signing include accessing the local file-system, opening local tcp-ports and connecting to other
machines than the applet was downloaded from. If you bought a commercial copy of MindTerm you should receive a signed
version of the applet. But if you are using the free version, or have done modifications, you must sign it yourself.
Fortunately there are lots of tutorials on the web on how to do this. For example see the list of tutorials at
http://mindprod.com/jgloss/signedapplets.html.
MindTerm does not yet use any of the never (1.2 or later) security models.
The security model MindTerm follows requires different files for netscape and ie. The cab file for ie should include the entire contents of the mindterm.jar file.
To actually use MindTerm one needs to place it on a webpage.
One this page you place code which actually launches the applet. This code may look like this:
<APPLET CODE="com.mindbright.application.MindTerm.class"
ARCHIVE="mindterm.jar" WIDTH=0 HEIGHT=0\>
<PARAM NAME="cabinets" VALUE="mindterm.cab">
<PARAM NAME="sepframe" value="true">
<PARAM NAME="debug" value="true">
</APPLET>
The first three lines of this are used to specify the applet
files. The Sun Java Plugin will use the ARCHIVE version and the MS
Java (which is obsolete) will use the specified cabinet file. After
that one can add an arbitrary number of parameters to MindTerm. This
example sets 'sepframe' to true (to launch the applet in a separate
frame) and enables debugging. For a complete list of parameters see
Settings.txt.
The MindTerm applet will always run in the users browser. This means that
all network connections created by MindTerm will originate from the users
computer. So a site wishing to provide SSH access via MindTerm must
both make the applet available via http and open up the ssh port.
This document lists the different configuration options one may set to configure MindTerm. Settings can be specified on the command-line, stored in a per host file (~/mindterm/HOST.mtp) or specified in the html code used to launch the applet.
|
Commom connection settings
|
protocol Preferred protocol (auto/ssh1/ssh2)
server Name of server to connect to (see the quiet setting as well)
port Port on server to connect to (see the quiet setting as well)
real-server Real address of sshd if it is behind a firewall
local-bind Default local address to bind to for forwards
username Username to login as (see the quiet setting as well)
auto-username Use local username as default value
password Password for normal authentication
(only saved if save passwords checked)
passphrase Passphrase for publickey keypair file
(only saved if save passwords checked)
proxy-type Type of proxy server to connect through
(none/http/socks4/socks5)
proxy-host Name of proxy server to connect through
proxy-port Port on proxy server to connect through
proxy-user Username if authentication on proxy server
proxy-password Password if authentication on proxy server
quiet Don't query for server or user name if given
ssh1-cipher Name of block cipher to use in ssh1
(blowfish-cbc/3des-cbc/idea-cbc)
auth-method Method of authentication, either single or
comma-separated list (password/publickey/tis/
secureid/cryptocard/kbd-interact)
private-key Name of file containing private key publickey authentication
display Local X11 display definition (i.e. :)
compression Compression Level (0 means none, 1=fast, 9=slow/best)
x11-forward Indicates whether X11 display is forwarded or not
x11-display Local display to forward
force-pty Indicates whether to allocate a pty or not
sftpbridge-host Interface to listen on in ftp to sftp bridge
(empty if disabled)
sftpbridge-port Port to listen on in ftp to sftp bridge
socksproxy-host Interface to listen on in SOCKS proxy
(empty if disabled)
socksproxy-port Port to listen on in SOCKS proxy
strict-hostid Strict host key check, can only connect to known hosts
mtu Max packet size
key-timing-noise Add noise when sending passwords to increase security
commandline Command to run on server
allow-new-server Set this to false to prevent the user from connecting
to additional SSH servers.
|
|
SSH2 specific settings
|
kex-algorithms Kex algorithms to use in preferred order
(diffie-hellman-group1-sha1,
diffie-hellman-group-exchange-sha1)
server-host-key-algorithms Host key algorithms to accept in preferred order
(ssh-rsa, ssh-dss)
enc-algorithms-cli2srv Encryption algorithms client to server
enc-algorithms-srv2cli Encryption algorithms server to client
mac-algorithms-cli2srv Mac algorithms client to server
mac-algorithms-srv2cli Mac algorithms server to client
comp-algorithms-cli2srv Compression algorithms client to server
(none, zlib, zlib@openssh.com)
comp-algorithms-srv2cli Compression algorithms server to client
(none, zlib, zlib@openssh.com)
package-version Package version to send to server in
protocol version exchange
alive Connection keep-alive interval in seconds
(0 means no keepalive packets are sent)
filelist-remote-command Remote command to list files
|
3des-cbc, 3des-ecb, 3des-cfb, 3des-ofb, 3des-ctr,
blowfish-cbc, blowfish-ecb, blowfish-cfb, blowfish-ofb, blowfish-ctr,
aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr,
rijndael128-cbc, rijndael192-cbc, rijndael256-cbc,
twofish128-ctr, twofish128-cbc, twofish192-ctr, twofish192-cbc,
twofish256-ctr, twofish256-cbc,
twofish-cbc, twofish-ecb, twofish-cfb, twofish-ofb,
cast128-cbc, cast128-ecb, cast128-cfb, cast128-ofb,
idea-cbc, idea-ecb, idea-cfb, idea-ofb,
arcfour128, arcfour256, arcfour
hmac-md5, hmac-sha1, hmac-sha1-96, hmac-md5-96, hmac-ripemd160
|
Terminal window settings
|
ascii-line Use ASCII Line-draw-characters instead of drawing
auto-linefeed Do auto-linefeed
autowrap Auto wrapping of line if output reaches edge of window
backspace-send What to send on BACKSPACE:
BS (^h, 0x08), DEL (^?, 0x7f), or ERASE (^E[3~)
bg-color Background color (<name> or '<r>,<g>,<b>')
copy-crnl Put <CR><NL> instead of <CR> at end of lines in copy/paste
copy-select Copy directly on mouse-selection
cursor-color Cursor color (<name> or '<r>,<g>,<b>') (name of colors
are: black, red, green, yellow, blue, magenta, cyan,
white, i_black, i_red, i_green, i_yellow, i_blue,
i_magenta, i_cyan, i_white)
delete-send Character to send on DELETE:
BS (^h, 0x08), DEL (^?, 0x7f), or ERASE (^E[3~)
encoding Character encoding the server uses
fg-color Foreground color (<name> or '<r>,<g>,<b>')
font-name Name of font to use in terminal
font-size Size of font to use in terminal
geometry Geometry of terminal ('<cols>x<rows>')
input-charset Character set to assume input is in. Currently the
only supported name here is 'vga'. The default value
is 'none' which means use the system default.
insert-mode Toggles insert mode
line-space-delta Number of pixels to modify the line spacing with.
local-echo Do local echo
local-pgkeys Use PgUp, PgDn, Home, End keys for local scroll or escape them
map-ctrl-space Map <ctrl>+<space> to <NUL> (e.g. for emacs)
passthru-prn-enable Enable passthrough printing
paste-button Mouse button for paste, (shift+left/middle/right)
repos-input Reposition scroll-area to bottom on keyboard input
repos-output Reposition scroll-area to bottom on output to screen
rev-autowrap Reverse autowrap when going off left edge of window
rev-video Reverse video in terminal
save-lines Number of lines to save in scrollback buffer
scrollbar Scrollbar position (none/left/right)
select-delim Delimiter characters for click-selection ("<characters>")
term-type Name of terminal to emulate (xterm, linux, scoansi,
att6386, sun, aixterm, vt220, vt100, ansi, vt52,
xterm-color, linux-lat, at386, vt320, vt102 and tn6530-8)
visible-cursor Toggles if cursor is visible or not
visual-bell Toggles if audible or visual bell will be used
|
|
Applet paremeters
|
debug Set to true to generate debug output (on console)
menus Controls if there should be any menus. Possible values
are: no (no menu), yes (normal menu), popN (popup menu
on control+mouse-button N).
exit-on-logout Set to true to exit when the user has logged out
savepasswords True if passwords should be saved in settings-files
sepframe True if the application shoudl open in a sparate frame
verbose Set to true to generate verbose output (on console)
useAWT Set to true to force the applet to use the AWT toolkit
|
|
SFTP Module settings
|
module.sftp.cwd-local Local start directory
module.sftp.cwd-remote Remote start directory
|
|
SCP Module settings
|
module.scp.cwd-local Local start directory
module.scp.cwd-remote Remote start directory
|
|
Port forward module settings
|
local<n> Port forward setting <n=0-31>. Example:
local0=/general/5222:localhost:5222
remote<n> Port forward setting <n=0-31>. Example:
remote=/general/5222:localhost:5222
|
|
Telnet module settings
|
module.telnet.inhibit Set to true to disable use of the Telnet module
module.telnet.havemenus Set to false if the terminal window should be
without any menus.
|
Specifications may change without notice
|
|
|