.KEYWORD sshclient
.FLYINGHEAD PALM NETWORKING
.TITLE Gain secure remote login with SSH
.FEATURE
.SUMMARY Continuing on his Palm networking theme, Contributing Editor Stephen Vance will introduce you to SSH for the Palm OS. With this securely encrypted variation on the traditional telnet program, you’ll be able to gain remote access to a command prompt on a server using your Palm handheld computer.
.AUTHOR Stephen Vance
"Tools for Palm networking" seems to be the theme of this and my last couple of PalmPower Magazine Enterprise Edition articles. Maybe it’s the geek in me, but there’s something cool about having a complete remote access toolbox in your shirt pocket. When the alternative is multiple pieces of equipment weighing in excess of ten pounds, it’s even better.
This month I’ll write about SSH for the Palm OS. SSH stands for Secure SHell. It’s essentially a securely encrypted variation on the traditional telnet program, which allows remote access to a command prompt on a server. Generally, a program called sshd (for SSH Daemon) runs on the UNIX machine. People who need secure command line access to the UNIX machine use an SSH client to talk to the server.
Unlike telnet, SSH securely encrypts the user name, the password, and the content of the login session to keep them hidden from network snoopers. Many network administrators require some form of secure access when logging in from public or untrusted networks like the Internet. Another common use is to ensure security when monitoring and controlling network hardware such as routers, caching servers, application servers, or Web servers installed in hosting centers.
.H1 Getting started
Several implementations of SSH exist, and there are other programs and protocols that serve similar functions. The main open source SSH implementation (OpenSSH) was developed for FreeBSD and is available for a wide variety of UNIX and other platforms including Windows, Macintosh, Palm OS and Java.
I recommend you have an SSH client available to test your SSH access before trying it from your PDA. Personally, I use TeraTermSSH (at http://www.zip.com.au/~roca/ttssh.html) for Windows, an extension to the TeraTerm Pro terminal emulation software (at http://hp.vector.co.jp/authors/VA002416/teraterm.html). I find it to be a good terminal emulation package, but it only supports SSH1. This is sufficient and actually beneficial for our purposes, as the Palm OS client we’ll use also only supports SSH1. Other clients are available.
I have found three Palm OS SSH clients. Two of these are commercial products or part of commercial suites, MochaSoft’s Mocha Pocket Telnet (at http://www.mochasoft.dk/palm.html#palmtelnet) and Expand Beyond’s PocketAdmin (at http://www.xb.com/products.html). The other one, Top Gun SSH (at http://www.offshore.com.ai/~iang/TGssh/), is freeware with requested donations to the Party Fund if you like it. Instructions for donation can be found at the Top Gun SSH home page. I’ll use Top Gun SSH in this article.
You can download Top Gun SSH from the link above. Following the README file, there are nine files to install altogether, the TGssh.prc file and eight shared library .prc files. The total footprint is under 120KB.
If you’re using Top Gun SSH with a Kyocera Smartphone or a keyboard, you’ll want to download and install the alternate main .prc file. This fixes some issues that are detailed on the home page at the expense of greater CPU and, therefore, battery use.
.H1 Server setup
Unlike in previous articles, I won’t tell you how to configure the server. I’ll assume this has already been done for you by your system administrators, that you can reference the documentation at the OpenSSH site or from your server vendor, or that you have another reference like O’Reilly’s SSH, The Secure Shell: The Definitive Guide (at to http://www.oreilly.com/catalog/sshtdg/).
However, I will tell you the basic requirements to use the Top Gun SSH client with the OpenSSH server. First, your PDA must support TCP/IP (Transmission Control Protocol/Internet Protocol). According to the Top Gun SSH home page, the Palm VII and the Palm i705 do not support TCP/IP and therefore cannot be used.
Second, you must have network access from your handheld to your SSH server. Personally, I’m using my PalmModem to log into my Internet Service Provider. If you need to forward the SSH traffic over a router to get it to the correct destination, perhaps through a firewall, use port 22 for TCP traffic.
Next, your server must support the SSH protocol version 1. The default behavior and setup instructions for the OpenSSH server support both version 1 and version 2 simultaneously. To verify, if you can connect with TeraTermSSH without reverting to telnet, you have version 1 support in your server. The TeraTerm icon in the left end of the window’s title bar will show you whether you’re using telnet or SSH, as shown below. Figure A shows the SSH icon.
.FIG A TeraTerm shows an icon with a key when using SSH.
Figure B shows the telnet icon.
.FIG B TeraTerm shows a monitor with a "VT" when using telnet.
Finally, the Top Gun SSH home page details how to get your server to recognize the handheld client’s terminal type. This isn’t necessary, but it will provide a more pleasant experience if you intend to use this extensively.
.H1 The SSH Client
Figure C shows the Top Gun SSH start screen on the PDA.
.FIG C The Top Gun SSH start screen prompts you for host and login information.
It prompts you for the host name and the usual user name and password. Enter the information and hit the Login button. It will automatically connect, if necessary.
You’ll see several dialogs go by about Connecting to Host, Exchanging Keys, and the like. Once it connects, you’ll see a screen like the one in Figure D.
.FIG D This shows the login shell on my server through Top Gun SSH.
Across the top, in the area of the image I have blurred for my own privacy’s sake, it displays the host and port to which you are attached.
When you enter text, it will appear between the bold and fine lines at the bottom of the screen. When you have entered the desired commands, you hit either the Send or the SendCR buttons. The Send button sends the text without a return, good for entering partial commands. The SendCR button sends the text with a return, entering the command.
The menus are useful but pretty basic. The File menu allows you to close the connection or get an About dialog. The Edit menu provides the normal Cut, Copy, Paste, and a couple of extra options useful for terminal emulators. The other two menus allow you to change the font size and the screen width. If the font and width adjustments cause the line length to exceed the width of the screen, the bold line turns into a slider that allows you to scroll back and forth. Unfortunately, there’s no vertical text buffer or scroll bar.
There are also provisions to enter non-printable characters, particularly important for vi or emacs users. To use them, you have to know the corresponding control character (e.g., control-I is Tab), the C programming escape sequences (e.g., \r is carriage return) or some special escape sequences (e.g., \e is ESC). The Top Gun SSH FAQs on the home page address the details.
.H1 Wrapping up
I experienced occasional problems resolving the domain name. My regular monitoring indicates that the problem is either with my ISP or with Top Gun SSH, but I couldn’t resolve it further. If you see similar problems, I recommend you simply try again. If the problem continues, then diagnose it or use an IP address.
Another feature that many SSH clients have that is missing in Top Gun SSH is SSH forwarding, a feature that allows normal unencrypted network traffic to piggyback on the encrypted SSH socket to make it secure. This is a limitation of the single-tasking nature of Palm OS and should not be seen as a deficiency in Top Gun SSH or any other Palm OS-based SSH client.
Yet another common feature of SSH clients is public key authentication. This allows you to establish a public-private key pair that can be used to automatically authenticate you instead of using a user name and password. I see this as an undesirable feature for a handheld, so I don’t mind that it’s not present. After all, do you really want anyone who possesses your PDA to have access to your secure network?
.BEGIN_KEEP
I hope you find a use for SSH on your handheld. As always, I’m interested in hearing about any new or unusual uses for these applications. If you’ve got something to say, email me at steve@vance.com.
.BEGIN_SIDEBAR
.H1 Product availability and resources
For more information on Top Gun SSH, visit http://www.offshore.com.ai/~iang/TGssh/.
For more information on TeraTerm Pro, visit http://hp.vector.co.jp/authors/VA002416/teraterm.html.
For more information on TeraTermSSH, visit http://www.zip.com.au/~roca/ttssh.html.
For more information on OpenSSH source and binaries, visit http://www.openssh.com/.
For more information on O’Reilly’s SSH book, visit http://www.oreilly.com/catalog/sshtdg/.
For more information on MochaSoft’s Mocha Pocket Telnet, visit http://www.mochasoft.dk/palm.html#palmtelnet.
For more information on Expand Beyond’s PocketAdmin, visit http://www.xb.com/products.html.
For more information on Palm handhelds, visit http://www.palm.com.
.H1 Easy, flexible article reprints
ZATZ now offers a quick, easy, flexible and inexpensive way to use article reprints in your marketing and promotion efforts. You can now get article reprints for a one-time fee of only $200. For details, visit http://mediakit.zatz.com/reprints.
.END_SIDEBAR
.BIO Stephen Vance is a Contributing Editor for PalmPower Magazine and PalmPower’s Enterprise Edition. Visit his Web site at http://www.vance.com. He can be reached at steve@vance.com.
.DISCUSS http://powerboards.zatz.com/cgi-bin/webx?50@@.ee6ffcb
.END_KEEP
