Web template
updated by
Christopher Spry

Guide for setting up Windows client software (Tera Term Pro & TTSSH) to access computers running secure 'ssh' v 1 resources

This page was written by Christopher Spry. 'ssh' software provides secure connections between computers. It replaces telnet and other connections that do not support a high level of encryption and authentication between computers. This guide shows how I installed 'Tera Term Pro' and 'TTSSH' on 16 November 1999, on my PC running Windows NT v 4 service pack 6, in order to make secure access from my PCs to host Unix computers. I thank Peter Tribble for advice about doing this. With this software I am now able to connect securely to UNIX computers running 'ssh' v 1. A straight port is also available of the 'ssh' Unix client program if you need to use 'ssh' non-interactively. 'PuTTY', another free Win32 Telnet/SSH Client, is also available.

Note that 'ssh' version 1 and version 2 are not compatible, although ssh2 is ssh1 'aware' and can be installed over ssh1. There are freely distributed versions of ssh v 1 and client programs to access 'ssh' v 1, as described in this guide. 'ssh' v 2 is only available as free software to a limited range of users and I have not been able to find a free client program to access ssh v 2 - see my related 'Guide to installing ssh v 1' and 'Guide to installing ssh v 2'. 

FTP transfers using 'Port Forwarding' in a 'TTSSH' session
Secure ftp connections can be made from a Windows computer, which is using TTSSH and an ftp program such as 'ws_ftp', to computers running ssh1. This is described at http://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htm and worked well for me. If the NT computer is already using port '21' for incoming ftp connections, It is possible to map the Windows outgoing 'ftp' port to numbers other than '21'.
It is not possible to use a remote computer to set up a secure ftp connection to Windows computers, unless the Windows computer is running an 'ssh1' service. I do not know of any Windows 'ssh1' service software. Please email me if you know of any.

1. Introduction 
2. Installing 'Tera Term Pro'
This provides the connection resources to the host computer
3. Installing 'TTSSH' The 'ssh' implementation on Windows
4. 'RSA key' login Authenticating the to computers
5. A sample session and defaults
6. MI/X Server
Use of X-Windows in an 'ssh' connection

1. Introduction

Software is available to enable users on one computer to access other computers across a 'public' network in a way that ensures that the connection is secure from outsiders. Like most other users, I have been accessing UNIX computers using 'telnet'. 'ftp' and other protocols that are not secure. Now, I use software that replaces 'telnet' and 'ftp' and ensures that my connections are not only secure, but also authenticated, as I have to use encryption techniques to validate myself and the remote computer, before a connection is made. This encryption software can communicate through 'firewalls' which prevent access through insecure routes to internal networks. This guide shows how to install 'ssh' client software on a PC. A similar guide is available at http://www.jfitz.com/tips/ssh_for_windows.html 

An 'open' version of the SSH suite of network connectivity tools called 'OpenSSH' is being developed at the OpenBSD Foundation, but I have no experience of it. I have been told that an SSHD server for Windows NT is available and that SSH has been ported to the windows platform using the Cygwin Win32 GNU libraries.

I recommend that we all switch from insecure to secure communication software, now that this is available free of charge. This guide describes how I set up software on my PCs to access other UNIX computers where I have accounts and which run the software to enable secure connections. Before you start, check that the remote computer, which you will connect to securely, is running 'ssh'. Telnet to it and type 'ps -el | grep ssh'. This should show that an 'ssh' daemon is running. If it is not, then you should ask the administrator of the remote computer if 'ssh' could be installed. Another way to see if ssh is running on another computer, even one on which you do not have an account, is to type 'telnet <remote_computer> 22'. If ssh is running on port 22 (the default) it will reply with the name and version of ssh running there. Type 'ctrl-]' then 'quit' to close the telnet connection.

'SSH, The Secure Shell: The Definitive Guide' by Daniel J. Barrett & Richard Silverman, 558 pages, $39.95, is published by O'Reilly, January 2001, ISBN 0-596-00011-1.

2. Installing 'Tera Term Pro'

TeraTerm Pro v 2.3 for Windows 95/NT. I downloaded 'ttermp23.zip' (943,376 bytes). I read the details of this free software. I unzipped it and ran 'setup.exe', which installed 'Tera Term Pro' in 'C:\Program Files\TTERMPRO'. I renamed 'C:\Program Files\TTERMPRO\readme.txt' to 'C:\Program Files\TTERMPRO\Tera_Term_Pro_Readme.txt' and updated the 'start' menu option with this new name. 

3. Installing 'TTSSH'

TTSSH v 1.5.4. This program adds 'ssh' functions to 'Tera Term Pro'. The programs are available worldwide. I downloaded 'ttssh151.zip' (274,124 bytes) from the UK resource. I also downloaded and printed the documentation for TTSSH. I unzipped 'ttssh154.zip'  into the 'C:\Program Files\TTERMPRO' directory, where I had already installed Tera Term Pro v 2.3. The unzipped files included LIBEAY32.DLL, TTXSSH.DLL and TTSSH.EXE. I renamed the 'readme.txt' file to 'TTSSH_readme.txt'. I put shortcuts for TTSSH.EXE and 'TTSSH_readme.txt' into the 'start' menu.

4. 'RSA key' login

When you start the 'TTSSH.EXE' program, you will see a 'Use RSA key to login' check box in the 'SSH Authentication' page. This is a way to tell the host computer that the client computer is what it says it is, e.g. that it is not 'spoofing' the connection. If you check this box, the host computer will send a 'challenge' to the client computer. If an 'identity' file on the client computer corresponds to what the host knows as 'genuine' in its '.ssh/authorized_keys' file, it will allow the connection to proceed. Each line in the hosts 'authorized_keys' file should contain the contents of the 'identity.pub' file that was made at the same time as the 'identity' file. You have to setup these files in order to use 'RSA key' authentication. It is not required for ssh connections, but it does make the link more secure. Generate these files as follows:

Because there is no Windows program to generate the 'identity' and 'identity.pub' files on the Windows client computer, it has to be done on the remote host computer using the 'ssh-keygen' program. Run this program on the host computer. It will make the files you need, in a directory called '.ssh'. Copy the '.ssh/identity' file to a directory called 'C:\Program Files\TTERMPRO\.ssh' on the Windows client computer. Make, or open a file called '.ssh/authorized_keys' on the host computer and add to it the single line from '.ssh/identity.pub'. 

5. A sample session and defaults

I edited 'c:\Program Files\TtermPro\TeraTerm.ini' and altered the line 'Host1=myhost.mydomain' to 'Host1=<remote.host.with.ssh>' and saved the file.

I then started a login session using the 'TTSSH.EXE' program. This program starts 'Tera Term Pro' using the 'ttssh'  plugin which provides the encryption interface to the connection.  In the 'new connection' window, in the 'Host' box, I entered the name of the remote computer. I checked the  'SSH' check box then clicked 'OK'. This opened a 'SSH Authentication' window. I entered my username and passphrase, which is sent encrypted. I checked the 'Use RSA key to login' check box and entered the location of the 'identity' file (.ssh/identity) in the dialog box. 

When I clicked on 'OK' the program logged me securely into the remote host. I was then able to work on the computer, just as if I had connected with telnet, but with encryption of traffic between the two computers.

While I was still connected, and with the 'Tera Term' window available, I set the default settings for 'Tera Term Pro' using the dropdown list under 'Setup'. I set the 'font' to show the text most clearly. I set 'SSH.../'Read/write file:' to 'ssh_known_hosts'. I set the ssh settings so that RSA authentication was used and the identity file was entered as in '.ssh/identity'. I checked the box in 'setup | SSH forwarding' that said "Display remote &X applications on local X server". This last option allows X-Window applications on the other computer to be sent over and viewed in 'MI/XServer', discussed below. Do not check this option if you are not going to use X-Windows. I moved 'Blowfish' to the top of the list in 'setup | SSH' I clicked on 'Save setup' to 'TERATERM.INI', overwriting the default. 

TTSSH connections to remote computers are closed in the same way as 'telnet', using 'exit or quit' as appropriate. Further details of how to use these programs are in the *.txt files in 'C:\Program Files\TTERMPRO'. 

6. MI/XServer

MicroImages has a shareware implementation of X-Windows called 'MI/X' v 2, for computers running Microsoft Windows. (Version 3 will be released in May 2001 as a self-extracting 'InstallShield' program). The program is available from them on a trial basis for 15 days then costs $25. (The version for Macintosh computers is free to use). There is a free version of the program for PCs at HGMP, which is available by anonymous ftp to  'ftp.hgmp.mrc.ac.uk', directory '/pub/Xwindows/NEW/. I downloaded the following files to 'c:\temp\x':  

  • -rw-r--r-- 1 5000 2026257 Feb 10 1999 file0001.bin
  • -rw-r--r-- 1 5000 50542 Feb 10 1999 file0002.bin
  • -rw-r--r-- 1 5000 347817 Feb 10 1999 getme1st.exe

I unzipped 'getme1st.exe' to 'c:\temp\x' and ran 'setup.exe'. This installed 'MI/XServer' in 'C:\MIX_NT'. (I am using Windows NT). I started the program 'MicroImages X Server' which said that it was "1280x1024x24 bit  tech@microimages.com  Build Date: 19 Mar 1997". Then I started 'TeraTerm SSH', to connect the PC to a Unix computer running 'ssh' as described above. I typed 'toolchest &' to start the toolchest on the Indy and this appeared in the MI/X window on my PC. I was then able to run commands from it directly from the PC.

Do not type in the SSH window 'xterm -ls -display <computername>:0' (which is often used to send X-Windows to other computer) as X-Windows are sent automatically using the secure tunnelled X channel defined in TTSSH, as described above. The X server (i.e. the software that is running on your PC) displays the X-windows which it accepts as coming from an application running on itself. For this reason, you can then set the PC's X-security to be 'host based' and restricted to localhost= X-Windowing impostors from other computers will then be rejected. (I am grateful to Alan J Flavell for this last advice.) 

Please let me know about errors and omissions in this little guide.

Return to the 'home page'

Return to the 'Computing index page'

Return to the 'Indy administration index'