Running MindTerm as an Applet
This document explores some issues which applies when one tries to run MindTerm as an applet.
The security model of Java requires applets to be signed if they are going to perform certain operations. Operations which require signing include accessing the local file-system, opening local tcp-ports and connecting to other machines than the applet was downloaded from. If you bought a commercial copy of MindTerm you should receive a signed version of the applet. But if you are using the free version, or have done modifications, you must sign it yourself. Fortunately there are lots of tutorials on the web on how to do this. For example see the list of tutorials at http://mindprod.com/jgloss/signedapplets.html. MindTerm does not yet use any of the newer (1.2 or later) security models.
The security model MindTerm follows requires different files for netscape and ie. The cab file for ie should include the entire contents of the mindterm.jar file.
To actually use MindTerm one needs to place it on a webpage. One this page you place code which actually launches the applet. This code may look like this:
<APPLET CODE="com.mindbright.application.MindTerm.class"
ARCHIVE="mindterm.jar" WIDTH=0 HEIGHT=0\>
<PARAM NAME="cabinets" VALUE="mindterm.cab">
<PARAM NAME="sepframe" value="true">
<PARAM NAME="debug" value="true">
</APPLET>
The first three lines of this are used to specify the applet files. The Sun Java Plugin will use the ARCHIVE version and the MS Java (which is obsolete) will use the specified cabinet file. After that one can add an arbitrary number of parameters to MindTerm. This example sets 'sepframe' to true (to launch the applet in a separate frame) and enables debugging. For a complete list of parameters see Settings.txt.
The MindTerm applet will always run in the users browser. This means that all network connections created by MindTerm will originate from the users computer. So a site wishing to provide SSH access via MindTerm must both make the applet available via http and open up the ssh port.
This document lists the different configuration options one may set to configure MindTerm. Settings can be specified on the command-line, stored in a per host file (~/mindterm/HOST.mtp) or specified in the html code used to launch the applet.
Common connection settings
| protocol | Preferred protocol (auto/ssh1/ssh2) |
|---|---|
| server | Name of server to connect to (see the quiet setting as well) |
| port | Port on server to connect to (see the quiet setting as well) |
| real-server | Real address of sshd if it is behind a firewall |
| local-bind | Default local address to bind to for forwards |
| username | Username to login as (see the quiet setting as well) |
| auto-username | Use local username as default value |
| password | Password for normal authentication (only saved if save passwords checked) |
| passphrase | Passphrase for publickey keypair file (only saved if save passwords checked) |
| proxy-type | Type of proxy server to connect through (none/http/socks4/socks5) |
| proxy-host | Name of proxy server to connect through |
| proxy-port | Port on proxy server to connect through |
| proxy-user | Username if authentication on proxy server |
| proxy-password | Password if authentication on proxy server |
| quiet | Don't query for server or user name if given |
| ssh1-cipher | Name of block cipher to use in ssh1 (blowfish-cbc/3des-cbc/idea-cbc) |
| auth-method | Method of authentication, either single or comma-separated list (password/publickey/tis/ secureid/cryptocard/kbd-interact) |
| private-key | Name of file containing private key publickey authentication |
| display | Local X11 display definition (i.e. :) |
| compression | Compression Level (0 means none, 1=fast, 9=slow/best) |
| x11-forward | Indicates whether X11 display is forwarded or not |
| x11-display | Local display to forward |
| force-pty | Indicates whether to allocate a pty or not |
| sftpbridge-host | Interface to listen on in ftp to sftp bridge (empty if disabled) |
| sftpbridge-port | Port to listen on in ftp to sftp bridge |
| socksproxy-host | Interface to listen on in SOCKS proxy (empty if disabled) |
| socksproxy-port | Port to listen on in SOCKS proxy |
| strict-hostid | Strict host key check, can only connect to known hosts |
| mtu | Max packet size |
| key-timing-noise | Add noise when sending passwords to increase security |
| commandline | Command to run on server |
| allow-new-server | Set this to false to prevent the user from connecting to additional SSH servers. |
SSH2 specific settings
| kex-algorithms | Kex algorithms to use in preferred order (diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1) |
|---|---|
| server-host-key-algorithms | Host key algorithms to accept in preferred order (ssh-rsa, ssh-dss) |
| enc-algorithms-cli2srv | Encryption algorithms client to server |
| enc-algorithms-srv2cli | Encryption algorithms server to client |
| mac-algorithms-cli2srv | Mac algorithms client to server |
| mac-algorithms-srv2cli | Mac algorithms server to client |
| comp-algorithms-cli2srv | Compression algorithms client to server (none, zlib, zlib@openssh.com) |
| comp-algorithms-srv2cli | Compression algorithms server to client (none, zlib, zlib@openssh.com) |
| package-version | Package version to send to server in protocol version exchange |
| alive | Connection keep-alive interval in seconds (0 means no keepalive packets are sent) |
| filelist-remote-command | Remote command to list files |
Supported ciphers and modes:
3des-cbc, 3des-ecb, 3des-cfb, 3des-ofb, 3des-ctr, blowfish-cbc, blowfish-ecb, blowfish-cfb, blowfish-ofb, blowfish-ctr, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, rijndael128-cbc, rijndael192-cbc, rijndael256-cbc, twofish128-ctr, twofish128-cbc, twofish192-ctr, twofish192-cbc, twofish256-ctr, twofish256-cbc, twofish-cbc, twofish-ecb, twofish-cfb, twofish-ofb, cast128-cbc, cast128-ecb, cast128-cfb, cast128-ofb, idea-cbc, idea-ecb, idea-cfb, idea-ofb, arcfour128, arcfour256, arcfourSupported macs:
Terminal window settings
| ascii-line | Use ASCII Line-draw-characters instead of drawing |
|---|---|
| auto-linefeed | Do auto-linefeed |
| autowrap | Auto wrapping of line if output reaches edge of window |
| backspace-send | What to send on BACKSPACE: BS (^h, 0x08), DEL (^?, 0x7f), or ERASE (^E[3~) |
| bg-color | Background color ( or ',,') |
| copy-crnl | Put instead of at end of lines in copy/paste |
| copy-select | Copy directly on mouse-selection |
| cursor-color | Cursor color (<name> or '<r>,<g>,<b>') (name of colors are: black, red, green, yellow, blue, magenta, cyan, white, i_black, i_red, i_green, i_yellow, i_blue, i_magenta, i_cyan, i_white) |
| delete-send | Character to send on DELETE: BS (^h, 0x08), DEL (^?, 0x7f), or ERASE (^E[3~) |
| encoding | Character encoding the server uses |
| fg-color | Foreground color (<name> or '<r>,<g>,<b>') |
| font-name | Name of font to use in terminal |
| font-size | Size of font to use in terminal |
| geometry | Geometry of terminal ('x') |
| input-charset | Character set to assume input is in. Currently the only supported name here is 'vga'. The default value is 'none' which means use the system default. |
| insert-mode | Toggles insert mode |
| line-space-delta | Number of pixels to modify the line spacing with. |
| local-echo | Do local echo |
| local-pgkeys | Use PgUp, PgDn, Home, End keys for local scroll or escape them |
| map-ctrl-space | Map + to (e.g. for emacs) |
| passthru-prn-enable | Enable passthrough printing |
| paste-button | Mouse button for paste, (shift+left/middle/right) |
| repos-input | Reposition scroll-area to bottom on keyboard input |
| repos-output | Reposition scroll-area to bottom on output to screen |
| rev-autowrap | Reverse autowrap when going off left edge of window |
| rev-video | Reverse video in terminal |
| save-lines | Number of lines to save in scrollback buffer |
| scrollbar | Scrollbar position (none/left/right) |
| select-delim | Delimiter characters for click-selection ("") |
| term-type | Name of terminal to emulate (xterm, linux, scoansi, att6386, sun, aixterm, vt220, vt100, ansi, vt52, xterm-color, linux-lat, at386, vt320, vt102 and tn6530-8) |
| visible-cursor | Toggles if cursor is visible or not |
| visual-bell | Toggles if audible or visual bell will be used |
Applet parameters
| debug | Set to true to generate debug output (on console) |
|---|---|
| menus | Controls if there should be any menus. Possible values are: no (no menu), yes (normal menu), popN (popup menu on control+mouse-button N). |
| exit-on-logout | Set to true to exit when the user has logged out |
| savepasswords | True if passwords should be saved in settings-files |
| sepframe | True if the application shoudl open in a sparate frame |
| verbose | Set to true to generate verbose output (on console) |
| useAWT | Set to true to force the applet to use the AWT toolkit |
SFTP Module settings
| module | sftp.cwd-local Local start directory |
|---|---|
| module | sftp.cwd-remote Remote start directory |
SCP Module settings
| module.scp.cwd-local | Local start directory |
|---|---|
| module.scp.cwd-remote | Remote start directory |
Port forward module settings
| local<n> | Port forward setting <n=0-31>. Example: local0=/general/5222:localhost:5222 |
|---|---|
| remote<n> | Port forward setting <n=0-31>. Example: remote=/general/5222:localhost:5222 |
Telnet module settings
| module.telnet.inhibit | Set to true to disable use of the Telnet module |
|---|---|
| module.telnet.havemenus | Set to false if the terminal window should be without any menus. |