Slashdot Mirror

I have an SSH server set up on my DSL-connected Linux machine and pay for FastMail.fm e-mail that offers IMAP. When I want to manage my e-mail, I log on to my server from wherever I am using PuTTY (I changed the SSH port to something that most firewalls allow), and run Mutt.

I have it set up to use GPG for automatic signing -- all I do is type up an e-mail, press the send key, enter my GPG passphrase at the prompt (which is 35 alphanumeric chars,), and press Enter. My e-mail gets signed and mailed. When I receive a PGP-encrypted/signed mail, Mutt automatically decrypts it for me, again using my passphrase.

It's very convenient (setting it up is the hardest part, and that's also easy with online documentation) and very self-reliant: no special provider to go out of business, no browser to block Java, and always encryped.

If I'm ever trapped at the library or foreign language lab here at my local community college and have to accomplish something more productive than studying or listening to the instructor, I always download PuTTY, a free Win32 SSH client.

The good thing about PuTTY is that the downloable .EXE is the entire program. There's no installer and thus the application can be run from even the most locked down of machines with little difficulty.

PuTTY is also super-stable (has never crashed on me, and Notepad can't even say that) and it's GPL'd. Go PuTTY!

You can use authpf to allow access through your firewall only to logged in users. With this, each user has to first authenticate and then s/he can access the network.
One caveat with this method is that you need a SSH client on your user's computer. For UNIX-Like you can use plain SSH (users are normally familiar with it), but for Windblows, you should take something like putty and change it so it would look more like a login interface.

That is why you open a SSH tunnel to a trusted outside server with access to a squid proxy, and set your AIM proxy to point to the forwarded port on localhost: ssh -L 3128:proxyhost:3128 trusteduser@trustedhost Substitute plink for ssh if using Windows.

Couldn't you use an SSH tunnel to circumvent the blocks? Thats how I do samba and VNC (but thats for security purposes so I can keep my router zipped up tight). I don't know how tunnelling would work with a centralized server, but you could certainly tunnel ports directly to another comp. For windows user, PUTTY works great. Putty
ssh -L5903:localhost:5903 24.46.xxx.xxx

A good place to start (without having to get a CS degree) would be reading How to Report Bugs Effectively, and of course How To Ask Questions The Smart Way.

Well, not quite exactly what you've spec'd out, but a friend of mine has developed a java applet which is a telnet-over-http client. There is also a server-side component.

It's a little clunky, but what it does is provides shell access to a system by tunneling commands and output over HTTP. This allows you to log in to your boxen when you are stuck behind a firewall/proxy server that ONLY allows HTTP traffic to pass. Because it uses HTTP, you can also use HTTPS if you have a webserver running on that machine which has SSL enabled, giving you a secure connection.

Source code hasn't been released yet, sorry.

If you're just looking for a lightweight, well-written SSH/Telnet client for Win32, try PuTTY. It's a single executable (no installer required, no DLL's) which stores configuration info and keys in the registry. The executable can even be stuck on a floppy or CD if you so desire and run from there.

Here are some interesting links. Remember kids, it's not whoring if you're doing it anonymously!

http://www.mail-archive.com/cryptography@wasabisys tems.com/msg02554.html: Lucky Green discusses this issue

http://www.chiark.greenend.org.uk/pipermail/ukcryp to/2002-June/019444.html: Palladium and TCPA.

Google should yield even more interesting documents

>Please suggest a better way for me to map a drive
>letter on my Windows XP machine to my Linux web
>server in a colocation center.

Use scp to copy the files.

Putty is a nice SSH client, and includes a Win32 version of scp called PSCP.EXE.

Pretty damn hard, I'd guess. You can find discussion areas like people using TINI embedded Java card along with STA013 mp3 decoder to do it but they all seem to be characterized by an initial burst of activity and then a trailing off once enthusiasm fades away...

But go for it and post the results if you get there !

It is quite possible from a windows box, I use WinXP quite often and half of my work is done through a secure connection to my Linux boxes.

Putty is a great windows ssh client that is free to boot. It supports compression and port forwarding ( relaying too).

When configuring a new connection under putty, check the 'Connection->SSH-Tunnels' panel and check X11 forwarding, and add a local forwarding of say 5903 and destination as something like networkbox:5903. Then click Add and it will display like 'L5903 networkbox:5903'. Rember to save the session with a name and you will be set.

Rember though that the ip or system name will be relative to the box you have the ssh connection into. Packets will arive at the end of the tunnel and then be routed to the destination machine and port specified. In the above example, once connected to the remote machine, you will then be able to fire up vncviewer and connect to localhost:3 and have your connection attempt forwarded through the tunnel and on to the destination machine. Of course you will need to have vnc running as session 3 for this example to work without modification. Good luck.

Also a very addictive game called crack attack, which runs on windows and linux, and is under the GPL:
Crack Attack

Other things that you should consider include Python and PyGame (don't forget SDL as well!).

[x]Chat runs under windows (native), and is the only irc I'd consider using (beats the hell out of mirc).

Putty is an open source ssh/telnet client. Its possibly the best telnet client for use under windows. Then again, could anything be worse than C:\Windows\Telnet.exe ?

I've probably missed quite a few good ones, but these are things I seriously like.

I cannot imagine anyone using a Windows machine without the magnificent PuTTY ssh, telnet, and rlogin client. It is probably the best ssh programme I have ever had the pleasure of using, and its terminal emulator is superior to most xterms in many ways. Your CD collection would be incomplete without it.

I would assume you would be in the clear with either method -- unless of course you're sending mail and they have a keylogger or screen capture.

Putty is an amazing little win32 ssh client (does telnet and a few other things as well). For me, if I am working on windows and need to check my mail, I ssh out to my linux box and fire up pine. No muss, no fuss. It is worth checking out the license link... Simon, you ROCK!

Sorry to burst your bubble, bud, but no system administrator worth his salt discards a perfectly good tool in favor of a more trendy one without a good reason.

One of the best reads I've ever located on the web relating to development is rather peculiar. If you do C or C++ development though, this page may very well astonish and gross you out.

It explains how to implement coroutines in C, using a not-so-well known feature of switch statements: cases may be inside blocks inside a case statement.

I printed this out and showed it to my boss. I think he said something about firing for using code like that, but I didn't pay much attention to him. ;-)

• PuTTY is an SSH1+SSH2 implementation. PSCP, an scp-style program for Windows, is also available.

  PuTTY is available under the MIT licence (BSD-like).

  "PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."

• TTSSH (SSH1) is an SSH1-only implementation, by Robert O'Callahan.

  "TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free to download and use and its source is available too, with an open source license. Furthermore, TTSSH has been developed entirely in Australia [...]."

• Cygwin (POSIX software on top of Windows)

  OpenSSH (SSH1 and SSH2 protocol) with Cygwin can run on Windows using the portable version of OpenSSH.

• MSSH

  MSSH from the Metropolitan State College of Denver supports Windows 95 and Windows 98, supporting SSH1 protocol.

• OpenSSH for Windows

  Another OpenSSH running on top of Windows..

• Secure iXplorer

  Secure iXplorer is graphical front end to PuTTY's pscp.exe.

• WinSCP

  WinSCP is a scp(1) program for Windows, with PuTTY integrated into it.

• NiftyTelnet 1.1 SSH is an SSH1-only implementation which comes with a scp-style program. Written by Jonas Wallden.

  "NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol. Please read the included Readme file before distributing this version."

• MacSSH is an SSH2-only implementation.

  "MacSSH is a modified version of BetterTelnet with SSH2 support. [...] The only SSH2 client for MacOS that I could find is a commercial product thats costs more than $100, and it crashes my Mac when closing a session... Since it's best to do things by oneself, here's MacSSH."

• PuTTY is an SSH1+SSH2 implementation. PSCP, an scp-style program for Windows, is also available.

  PuTTY is available under the MIT licence (BSD-like).

  "PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."

• TTSSH (SSH1) is an SSH1-only implementation, by Robert O'Callahan.

  "TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free to download and use and its source is available too, with an open source license. Furthermore, TTSSH has been developed entirely in Australia [...]."

• Cygwin (POSIX software on top of Windows)

  OpenSSH (SSH1 and SSH2 protocol) with Cygwin can run on Windows using the portable version of OpenSSH.

• MSSH

  MSSH from the Metropolitan State College of Denver supports Windows 95 and Windows 98, supporting SSH1 protocol.

• OpenSSH for Windows

  Another OpenSSH running on top of Windows..

• Secure iXplorer

  Secure iXplorer is graphical front end to PuTTY's pscp.exe.

• WinSCP

  WinSCP is a scp(1) program for Windows, with PuTTY integrated into it.

• NiftyTelnet 1.1 SSH is an SSH1-only implementation which comes with a scp-style program. Written by Jonas Wallden.

  "NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol. Please read the included Readme file before distributing this version."

• MacSSH is an SSH2-only implementation.

  "MacSSH is a modified version of BetterTelnet with SSH2 support. [...] The only SSH2 client for MacOS that I could find is a commercial product thats costs more than $100, and it crashes my Mac when closing a session... Since it's best to do things by oneself, here's MacSSH."

You can get Putty here: http://www.chiark.greenend.org.uk/~sgtatham/putty/ .

Another excellent (and free) Windows client is PuTTY

Not only the beta version. The 0.52 release does port forwarding quite nicely!

Here's a download link link for the lazy.

Both OpenSSH and SSH are industry proven and supported software. SSH is supported by the original author of the protocol, Tatu Ylonen, among others. OpenSSH is supported by acknowleged Open Source security experts including Markus Friedl, Dug Song, and Theo de Raadt.

The version of SSH that Sun is shipping with Solaris is in fact OpenSSH. Sun is not trying to hide this, they are proud of shipping it because it is an excellent program.

Most major insurance companies run SSH (if they are Microsoft shops) or OpenSSH (if they are not). Most hospitals run OpenSSH.

I use both products. Support is superb for both; but SSH.com has friendly, personable phone support while the OpenSSH support comes mostly from Usenet and Email (and can be fiery if you ask exceptionally stupid questions). OpenSSH fixes bugs faster than SSH.Com, but both products have had about the same number of problems, and all have been quickly and effectively resolved.

Popular clients for windows include putty and Teraterm SSH. Make sure you get a recent version, however, older versions of those programs use versions of SSH ( v 1.5) that have known bugs.

If you are dealing with a company that thinks commercial software is "better" than "freeware" you should be careful how you approach this project. If there is a single person who has created this mindset, that person is likely to be both powerful and not very analytical - a dangerous combination.

You're in luck then, because the latest version of Putty does port forwarding. In fact the new Macromedia Dreamweaver MX uses putty to port forward regular ftp traffic securely.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Tera Term on Windows is the best.

It's good, but I've switched to PuTTY, mainly because it can heartbeat an SSH connection with an empty packet every minute to prevent sessions being timed out by over-zealous firewalls - very convenient if you need to monitor several machines.

You can't download?

or do you have the problem I do. Too much ssh traffic gets automatically blocked at the firewall.

The programmer's bible for this is The Art of Computer Programming by Don Knuth. It isn't the easiest book in the world to read, however, and consists of three volumes and an additional one Knuth wrote recently.

An interesting example of this I found out about recently are coroutines. I struggled with writing part of a program for weeks on end trying to do something similar to this. Had I known about this kind of technique then, I would've done it in a day.

PuTTY will leave some Registry entries, and a random seed file, on the PC. If you are using PuTTY on a public PC, or somebody else's PC, you might want to clean these up when you leave. You can do that automatically, by running the command

"putty -cleanup"

You're using https, I hope.

Why?

So you're sure that the program your client receives is the same as the program your server sends, not a trojaned version which turns off encryption, for example.

...and how does that trojaned version get onto the server? If salfter.dyndns.org is 0wn3d, I have bigger problems to deal with than a corrupt SSH client. I suppose someone could clone my website, hack dyndns.org to get the DNS entry for salfter.dyndns.org to point to the cloned site, and put a trojaned PuTTY on the cloned site that would know the IP address of the real salfter.dyndns.org...but who the hell's going to go to that kind of bother? Mine is just a personal website of maybe average quality (depending on whose opinion of it you seek). There are plenty of other targets that would be much more attractive for someone to take over.

(Now that I've thought about it a bit, though, I suppose an end-run around such an attack would be to use the IP address instead of the name. It's easy enough to remember. Someone who's determined could crack these guys and reassign my IP address to another system...but then that basically knocks my machine off the net (so no harm will come to it), and (again) who would care enough to want to bother doing that?)

FWIW, the PuTTY download page isn't running on a secure server. It supplies various checksums for the files which you can use for verification, but (as Simon Tatham points out) the programs that do that verification aren't themselves verifiable. There is a point beyond which an eye for security turns into paranoia...nothing is ever 100% secure. At some point, you need to weigh the odds of something bad happening against the measures needed to protect against that something.

One final note: Keeping a copy of PuTTY on a secure site would entail getting a certificate from someone like Verisign, and they don't exactly have the best reputation in the world.

Putty feels nice, but putty is ssh v1 only

Either you are using an old version, or you havent figured out how to use a "menu system". Let me refer you to the developers FAQ page:

A.1.1 Does PuTTY support SSH v2?

I hope that clears that up

PuTTY is a great free product. I have to use it for school as telnet access is blocked. It is probably for the best though.

The BIGGER problem with Teraterm is that the SSH module doesn't and won't implement SSH v2. At this point SSH v1 is about as secure as telnet and should be disabled unless there is a reason that makes it absolutely necessary. I think it's safe to say that by now PuTTY, which progresses at an amazing rate, has claimed any market share that Termaterm had among the freeware SSH clients. It is an excellent tool.

Managers already do this. Many companies put all their employees on web proxies for exactly this reason. I have friends that work in large companies where it is a known fact that managers review

1) Page views
2) Attempts to view blocked pages
3) Email with questionable content
4) Usage statistics on mail servers

As a result, I've helped those friends use web proxies and and SSL to add privacy to their workstations. putty port forwarding and a remotely running squid are their best worktime friends.

Yes, BNETD is completely dead. The DMCA has prevailed.

- A.P.

Er, I think you are neglecting pscp, which comes as part of the PuTTY package.

There's a discussion on how terrorists use steganography (or not)

Well, you weren't asking, but puTTY is a freakin' great SSH client for windows. It's small, light, and generally great.

putty is a good ssh client for windows- I'm not sure if it's what you meant tho... really configurable, and we we normally reccomend to freshmen who are still using telnet.

I just grabbed Secure iXplorer. This is a GUI app that lets you browse, Windows Explorer style, your remote SFTP directory. So far I'm really impressed, might just use it as file managment for my remote machine, since it's easier to look at than a putty window.

Requires PSCP.exe and plink.exe, which are part of the PuTTY toolkit iXplorer does include these in its standard install distro.

Both are Open Source (PuTTY is MIT, iXplorer is GPL), both are really swell, and iXplorer would be good for desktop users unfamiliar with a command line.

What about a shell account and SSH? I haven't used everything in your list but security was a concern of mine.

I have had Unix shell account for the past 5 years that I pay about $5/month for.
Accessing this shell account via SSH and using the port forwarding function would provide just about everything you would need.

The shell provider supports IMAP, SMTP, POP, Fetchmail, Procmail, a web interface for email, and Squid.

I use Putty (its free) in Windows to connect via SSH and forward over my local ports 119, 25, 110, 143, and 3128 over to the shell providers. For Linux I use higher local ports but to the same listed ports on the remote. Now I have an encrypted channel over all of these ports to my shell provider. Aside from being encrypted, it allows me access to all of these ports as if I was dialed into the provider or local on the providers machine. I can send mail as anyone (because I am considered a local user, its not relaying) to anyone. I can use IMAP with Pegasus (or Outlook and Eudora) on my laptop and keep the messages on the server, use the same on home PC but POP in to retrieve and delete. I prefer Pegasus on Windows due to a better method of selecting profiles and can be changed on the fly, supports PGP, and its also free. Fetchmail gets and filters the mail from my normal dialup provider and any other POP accounts I have to the shell account. I can also use the providers news server and squid. At work, this would help me mask my browsing and downloading habits.
Did I mention that I also have 10MB of space to store files that can be SCP'd over and a real live command prompt if needed?

I believe this is about as close to an all in one solution that you will find.

Well, not always...?

PuTTY, a free ssh client for windows, is a single file with no installer. It saves its settings in the registry, and personally, I prefer this, since it means I just have to delete one file to uninstall it. I can download it to a friend's computer, throw it on the desktop, and not have to hunt around the desktop for the prefs file it created when I want to delete it.

Sure, it leaves a few registry keys around, but as long as they're innocuous, I think that's a better solution that creating a file every time?

It does not cost too much. If you can't afford it, don't use it. Did you think buying a computer was just the hardware?

Are you serious? I havent even been ASKED to pay for software since I got on the open/free bandwagon back in 1997. (My employer's hardware is a different story.)

But you're right about PuTTY. I didn't think the SecureCRT people were even in business any more.

> a free standards compliant SSH client on all your Windows boxes (does such a thing exist?)

Like PuTTY?

On the other hand, Google listings appear to be quite stable for some subjects. Consider PuTTY, a Win32 ssh client and terminal emulator: the Google URL for it is actually shorter than its official URL (http://www.chiark.greenend.org.uk/~sgtatham/putty /).

(You can check out a HOT translation here. No credit card, no registration required! Absolutely free! Here's a teaser:
Ev'n haughty Juno, who, with endless broils,
Earth, seas, and heav'n, and Jove himself turmoils;
At length aton'd, her friendly pow'r shall join,
To cherish and advance the Trojan line.
Yeah baby! Angry chicks are HOT and if you treat them right, they just might advance your line too, if you know what I mean :)))!)

IBM has had the same thing out now for a while... I have one.

Check out the 8mb model for $25...

although telnet in windows is icky

Well, the Windows-supplied telnet client is icky. I highly recommend PuTTY for all of your Windows telnet and ssh needs.

Hrm. Well, except for MUDding, actually. A good MUD client really helps. I seem to recall that zMUD was a good Windows MUD client, though it might be shareware. (These days, my only interaction with Windows is supporting it at work; no call for MUD clients there, and I use tinyfugue under Linux at home.)

IBM obviously didn't check Google before naming their project. GNU userv got there first (in 1996).

sftp clients? For Windows check out Putty. So you want a *nix client then of course Openssh is available. I agree with your statement that anything plugged into a network is not bulletproof but some systems have proven themselves to be much stronger than others.

Enough Said.