The Java-SSH applet and this page have been written by Cédric Gourio for his Diploma's project. If you have comments about this applet, please send them directly to Cédric, as I just host and maintain this page.
If you have problem running the applet, check the compatibility and usage sections.
- Description
- This applet implements the Ssh Protocol 1.5. The Terminal Emulation is almost VT100 compliant. It provides secure communications over insecure networks. All communications are automatically and transparently encrypted. Encryption is also used to protect integrity.
- For more information about Ssh, click here to read the Ssh FAQ or visit the Ssh home page or contact Cédric Gourio, the author of this applet:
- You can download and use this program for free.
- Compatibility
- The applet is working with:
- Internet Explorer 4.0;
- Applet viewer fom sun (JDK 1.1.5)
- You will need the AWT1.1 update with Netscape Navigator. (otherwise you will get: a java.lang.NoSuchMethodError exception)
- Usage
- Java is designed to run its applets within a "sandbox" of safety, which prevents it from creating any network connection excepted with the computer from which the .class files itself come. This is either the host where the html page came from, or the host specified in the codebase parameter in the applet tag, with codebase taking precendence.
- So if you want to use this applet, you can either:
- copy the Ssh classes on the host you want to connect to and use it from there.
- change your browser security (otherwise you will get a SecurityEceptionEx : ..cannot access ...)
- Note:
- Hermes does not provide any Ssh access.
- If the host you want to connect to, does not provide a Web server but a ftp server with anonymous login, you can use it to download the .class files from there. ftp:\\hostname\Ssh.class would be an approriate URL It would allow you to connect to "hostname" via Ssh without changing your browser settings.
- Features
- The cipher used is IDEA in CFB mode. (the other possibility was 3DES in CBC mode) If the server does not support the encryption method the connection is closed.
- The only authentification method provided is the password authentication. (you provide a user-id and a password)
- The login-password authentification presents some flaws so a small enhancement
was added. It is possible to authentificate the server through his RSA public Key. You can set the MD5 result of the host public key modulo, in the applet parameters ("hashHostKey") This modulo is always accesible on the server. You will need a MD5 binary to compute this hash result. Before to send your password and login the program will check that the hash values match and that the host is therefore valid. This prevent somebody from DNS, routing, or IP spoofing concerning the server. Of course, if you download the applet over an unsecure channel, it can be spoofed as well. So, the best is either to have already the applet on your hard disk, or to use a secure HTTP connection such as SSL. Hopefully, spoofing is not as easy as eavesdropping.
- Parameters
- hostname
- The host you want to connect to, the default is the host from where the applet is downloaded.
- hashHostKey
- The MD5 of the server_key_public_modulus from the host. If this parameter is set and the value does not correspond the login and password will not be sent. This gives a way to be sure of the host. Of course, if we doubt the host authenticity we should doubt the applet authenticity.
- login
- Your user-id the default is ""
- port
- The port used for the connection the default is 22 (The port has been officially registered).
- scrollbar
- The position of the terminal scrollbar (scrollbar = East) - (scrollbar = West). If the parameter is not Est or West no scrollbar will be used.
- scrollingBufferSize
- The size of the buffer used with the scrollbar
- numberOfCharsDisplayBeforeScreenUpdate
- If we call this number n, the screen will be updated every n characters sent to the terminal. If n is 0, it will be updated after the numberOfBytesProcessed from the protocol layer have been sent to the screen. This influences how quick the display will be.
- ScreenUpdateForEachPacket
- This field can be set to 'true' or 'false', the default being 'false'. When the client receives data, it receives a few packets (3-4) at the same time. If this field is set to false; it will process all of them and then display the result. Otherwise, it will display the data after each packet is processed.
- Related documents
- Here is an index of some documents used for the implementation.
- Port Numbers and services
- SSH Remote Login Protocol Version 1.5
- Cryptographic algorithms from www.cs.hut.fi
- RSA algorithm from world.std.com
- PKCS #1: RSA Encryption Standard (used in the SSH protocol 1.5)
- Message Digest 5 : RFC 1321
- telnet Protocol RFC 854
- ANSI/VT100 Terminal Control
- Sources
- To carry out my applet, three external sources were used:
- Java Technology Home Page
- The Systemics Cryptix Cryptography Library.
The cryptix libraries were used to implement the IDEA encryption and the MD5 hash function. It was the version 2.2 (the current is 3.03) With regards to RSA (PKCS #1) required in the protocol, it was implemented using 'java.math.BigInteger' from sun, Cryptix was not straightforward and anyway, the PKCS # 1 standard was not provided.
Note: The cryptix package was modified such that the propgram can be used as as a simple applet (untrusted). Indeed, when loaded, the cryptix classes try to load native libraries. This, produces a security exception, which stops the applet.
- The Java(tm) Telnet Applet.
Here, two classed we used to implement a 'simple character display'. (a kind of enhanced java.awt.TextField) The classes are 'display.CharDisplay' and 'display.SoftFont' Special thanks to Matthias L. Jugel for having provided two exclusive licences for using these classes.
- The Java Ssh sources are available... alternatively, you can try to decompile them :-)
- Copyright
- This java Ssh applet includes a copyright. The code was developed on my own machine. Please note that two libraries used are provided with their own copyrights:
- This product includes software developed by the Cryptix Development Team http://www.systemics.com/docs/cryptix and comes with its own copyright
- The Display package from The Telnet Java applet is available under the terms of the GNU General Public License. Here an exclusive licence for the Ssh applet was provided by the Telnet authors since the GNU General Public License cannot include programs using RSA.