SSH Server for Windows NT/2000/XP/2003 Online Help

Introduction

Installing GoodTech SSH Server

Configuring GoodTech SSH server

    Creating and Configuring Accounts

    Creating the SSH Administrator Account � SSHd

    Setting up Configuration Variables

    Config.dat file

Specifying Listening Address

Specifying Listening IP

Specifying Listening Port

Host Key Management

Filtering - Configuring which client hosts can connect 

Screen Mode or Line Mode 

Customizing a welcome message

Configuring Client Printing

Using Alternate Command Shells

Setting up system environment variables in Windows NT

Administrating GoodTech SSH server

Working with GoodTech SSH Server

Trouble Shooting

 Back to top

Introduction

Welcome

This help document describes how to install, configure, use and administrate GoodTech SSH Server. 

Although we did our best to proofread this help, we are unfortunately not immune to mistakes and omissions. If you find any mistake or have suggestions to improve this help, please let us know.

Back to top

Credit Information 

GoodTech SSH Server product uses the cryptographic library cryptlib, by Digital Data Secutity (DDS). cryptlib is a powerful security toolkit, and it is used in GoodTech SSH Server product to implement encryption and authentication services. All cryptlib copyrights are reserved to DDS.

Back to top

Introduction to GoodTech SSH Server

GoodTech SSH server for Windows NT4, 2000, XP, and 2003, provides secure remote access to your Windows machine that includes: Remote Console, File Transfer and Port Forwarding. GoodTech SSH Server for Windows NT/2000/XP/2003 is an SSH Server application that runs on a host computer and allows remote users to securely  access the host.  

It supports the following  services:

  • Secure remote access via console (i.e. vt100, vt220)
  • Secure file transfer using SFTP and SCP (compatible with all standard clients)
  • Secure TCP/IP connection tunneling (port forwarding)

When Goodtech SSH Server is installed on your Windows system, you can securely access from remote systems and run programs on your Windows System. It is a secure, functional, easy to use and high performance tool, that is written based on security standards, can communicate with any standard SSH client and is highly integrated with Windows operating system.

You can connect to GoodTech SSH Server from anywhere in the world and login as if you were sitting at the console, using SSH client. Whether you are a system administrator, a programmer or a DOS application user, GoodTech SSH Server can provide you with the SSH Server functionality that you need.

Back to top

How GoodTech SSH Server Works

The installation program creates a SSH service called SSHd and adds it to the list of services available on your Windows system.

When the SSH Server service is started, either manually or automatically, it executes a program named SSHd.exe.

The program SSHd.exe opens a log file SSHdv#.log (v# is the SSH server version number) in the %gt_SSHD_installation_dir% directory (gt_SSHD_installation_dir is a system environment variable created during installation, that contains GoodTech SSH server installation directory)

SSHd.exe is now ready for connection requests. It listens to requests on the specified listening address and on the specified port. If a listening address was not specified it listens on all host IPs. If a port was not specified it listens on the default SSH port (#22) . 

When a user wants to remotely access the host running GoodTech SSH Server, he runs a secure SSH client. The SSH client program sends a connection request to the listening address.

The SSHd.exe program gets the request and opens a thread, which is responsible for this connection with the client. This thread relieves SSHd.exe from communicating with the client and let SSHd.exe focus on listening to other connection requests.

The client thread starts the authentication process. It asks the SSH client for login information. The login information consists of a User ID, Password and optional Domain. The client thread then uses the internal Windows security mechanism to check if the user is allowed to access the host. If the user passes authentication, he is logged onto the host system.

The client thread creates a process that runs a program named SSHcmd.exe. The SSHcmd.exe program creates a shell process that by default runs the cmd.exe or a a different shell that was specified. The remote user is now ready to work on the host.

Back to top

GoodTech SSH Server Key Uses

 
Remotely and securely administrate corporate servers

With SSH Server, the remote administrator can support a system that may be physically located miles away. You can securely access and administrate web, mail, database, and application servers.

Remotely and securely maintain corporate user machines You can securely control and maintain corporate user machines from your desk. The machines can be physically spread out miles away from you and from each other.
Share corporate server resources  Remote users can run programs on corporate servers rather than on their machine. It is more efficient to do so in case the program requires large amounts of resources that reside on the host.
Edit files remotely

Use text oriented editors (e.g., EDIT and vi) to edit files on the remote system.

Remote-command execution

Run unattended batch files or scripts using remote command execution.

Run old platform applications  You can port applications from old platforms to run on Win NT/2000/XP. A secure shell is used to provide the interface to the users.
Run multiple users on a single Windows system Windows NT/2000/XP can handle multiple users running different jobs at the same time. For example, a compilation server can be used by a group of programmers at the same time.

 
Automated secure file transfers

Use secure clients to automate file transfers.

Internet/Intranet file transfer

Secure upload and download of files from/to  the corporate  to/from outside the corporate.

Support for domain users Use user@domain to authenticate domain users, in addition to local users
Business-to-business solutions

Create a secure file sharing infrastructure for exchanging files with customers and partners.

 
Turn any standard TCP/IP insecure server applications into secured apps 

Use GoodTech SSH Server secure channel. GoodTech secure server communicates securely with the client and forwards the communication to the insecure server application.

Back to top

GoodTech SSH Server Key Features

 
SSH2 support

Provide secure remote access based on SSH2 protocol standard. 

User authentication

Control access to servers and networks using Windows built-in usernames and passwords.

Data encryption

Support for a wide selection of ciphers including: Blowfish, RC4,IDEA.

Host identity verification

Host server identifies itself to a client using a unique host key.

Filters  Limit the access by host names or IP addresses.
Port forwarding

Forward TCP/IP ports to a secure channel.

Access Control

Access to files and folders is restricted based on Windows operating system permissions .

Specify listening address  Control which IP and port to listen on. 
Secure Shell client compatibility

Connect with a wide variety of Secure Shell clients including: GTTerm from GoodTech systems, OpenSSH, PUTTY, F-Secure, SSH Communications, and other standard SSH2 clients.

Option to use alternative command shells

Use CMD.exe or other popular shells available like Bash, Korn and C Shell.

Terminal emulation

Support for VT 100, VT 220, etc.

Screen mode and line mode with scroll buffer

Option to switch between screen mode for screen mode applications to line mode with scroll buffer.

Full function keys and Alt keys support F1 thru F12, CTRL-F1 thru CTRL-F12, SHIFT-F1 thru SHIFT-F12, ALT-F1 thru ALT-F12. Support for CTRL-C and ESC.
Graphics, color, and screen resize support  Colorful and graphic PC applications keep their look. (i.e.  Edit.com, FCW.exe, etc.)  Support for screen size other than 25*80.
Secure FTP client compatibility

Connect with a wide variety of Secure FTP clients including: WinSCP, CuteFTP, etc.  

Administrative  interface 

Control services, user sessions and printer queues via either command line interface or a Web interface.

Administrative commands Control services: Shutdown, restart, pause, and resume. Control user sessions: monitor user sessions, enable/disable new sessions, limit the number of sessions, kill open session, etc.
General server configuration

Configure general server options like listening port, idle timeout period, etc.

Host key management 

Generation and management of the host server key.

SSH, Ciphers, MACs, and compression

Choose SSH protocol, cipher algorithm for data encryption, MAC for data integrity and compression for faster transfer rate.

Filters

Configure which hosts can connect by IP address.

Customized welcome message

Display customized text when users connect. 

User logon script Allow user to automatically run an application/script following logon.
User home directory Allow to set up user home directory
Graceful termination  Graceful termination in all cases including abnormal termination of client because of link or computer failure.
Local or domain user logon

Logon using a local machine user or a domain user.

Client printing 

Allow a remote host program to print on the printer attached to your local terminal (or PC running terminal emulation).

Back to top

Registration

When you purchase GoodTech SSH server we email you your registration number along with your registered copy of the product. Our simple licensing policy lets you purchase as many copies as you need and get a single license for all copies. It simplifies multi copy installations.

Back to top

Installing GoodTech SSH Server 

System Requirements

GoodTech SSH Server requires Windows NT 4.0 (all service packs),  Windows 2000, Windows XP and Windows 2003.

The TCP/IP protocol must be installed on your Windows System. This protocol is included with the Windows operating system but is not always installed on all systems. You can check if TCP/IP is installed on your system by choosing Network from the Control Panel. If TCP/IP is installed on your system it should show up in the list of Installed Network Software.

You should use the Administrator account or any other account with administration privileges to install GoodTech SSH Server.

Make sure that all users have READ/WRITE/EXECUTE permissions to the SSH Server installation directory, and READ permission to the SYSTEM32 directory. (e.g. C:WINNT\SYSTEM32). You can change the permissions to the executable files in the SSH Server installation directory to READ only.

Back to top

Running the Evaluation copy Installation Program

After downloading the evaluation copy of GoodTech SSH server or receiving the registered copy, you have to perform the following steps:

  1. Run the sshdSetup.exe program.

Utilities:

  • hostgen.exe - Utility that generates a host key. 
  • Kbdmap.exe � Utility that stores key mapping information in a file called gt_SSHD_kbd.map. Use this utility only if you use a keyboard other than US and some of the keys or special characters in your language don�t work properly.
     
  1. The installation creates a new service with the internal name SSHD. If a service with a name SSHD is already in use in your system, you have to uninstall the existing service before you install GoodTech SSH Server.

    The installation program generates the host key. You will be prompt to type host key password. A valid password is a string of any characters, with length of 2-1023 characters. If you do not type any password and hit the enter key, the message: " Invalid password, should be at least two characters long" is displayed and you have to type a valid password.

    The installation creates a system environment variable named GT_SSHD_INSTALLATION_DIR that contains GoodTech SSH Server installation directory. SSH Server service starts automatically every time that you reboot your machine.

    Please note that silent installation is also supported by issuing the command: sshdSetup.exe /S /PASSWORD=<host key password> /D=<SSH Server installation directory>

Back to top

Running the Registered product installation program

If it is the first time that you install GoodTech SSH Server and you don't have the evaluation copy installed on your computer, follow the instructions for "Running the evaluation copy installation program". 

In case an evaluation copy is already installed on your computer (or an earlier version of the product) you have to uninstall the evaluation copy (follow the "Running the uninstall program" section) and then install the registered software as listed in ""Running the evaluation copy installation program". 

Upgrading to a New Version

If you want to install a new version of GoodTech SSH Server but have a previous version currently on your system, you have to do the following:

  1. Uninstall your current version of GoodTech SSH Server. Please refer to "Running the Uninstall Program".
  2. Follow the installation steps for the new version.

Back to top

Running the Uninstall Program

If you want to uninstall GoodTech SSH server from your system, choose one options from the following 3 options:

  • From the Add/Remove programs select GoodTech SSH Server and click on the Remove button.
  • From the Start/Programs select GoodTech SSH Server and click on uninstall
  • From the GoodTech SSH Server installation directory run the uninst.exe program.

Please note that silent uninstall is also supported by issuing the command: uninst.exe /S

Back to top

Configuring GoodTech SSH server

Creating and Configuring Accounts

Creating the SSH Administrator Account � sshd

sshd is the SSH administrator account. Administration commands can be performed only from the sshd account. You have to create an account for the user sshd (in lower case!), using the Windows NT User Manager or User Manager for Domains. No special permissions/groups are required for this account.

Back to top

Using Windows  User Accounts

When a user logs in to your system via GoodTech SSH Server, he must be a valid user that was created by the Windows network administrator, using  Windows User Manager or User Manager for Domains.

GoodTech SSH Server sets a user�s process to run in the security context appropriate to that user. The user privileges on the SSH host machine are identical to those he would have  if he sits in front of it and logs in on the console.

Back to top

User Home Directory

If a user�s home directory is specified in the Windows account database, GoodTech SSH Server changes to that home directory when the user logs on. Network drive for a user home directory is supported.

If the user home directory is not specified in the Windows account database, the configuration variable gt_SSHD_user_home is used by GoodTech SSH Server. Please refer to "Setup Configuration Variables" for information on how to setup a configuration variable.

If no home directory is specified, the %SystemDrive% is assumed as the home directory.

Back to top

User Login Script

If a user�s login script is specified in the Windows NT local account database, GoodTech SSH Server executes the login script in the user�s home directory when the user logs on. GoodTech SSH Server supports local logon script and domain logon script.

If you want to specify a local login script, you can put it in the default scripts directory:
%systemroot%\SYSTEM32\REPL\IMPORT\SCRIPTS

If the login script is located in a subdirectory of the default login directory, precede the filename with that relative path. For example, you might type clerks.bat if the script is located in the default script directory, or you might type \admin\clerks.bat, if the script is located in a subdirectory admin under the default logon path.

If you want to specify a domain login script, you can put it in the default domain scripts directory, on the domain server machine:
\%systemroot%\sysvol\domain\scripts (e.g. c:\winnt\sysvol\domain\scripts)

You can also define global login script that will be used for ALL users.

Back to top

Setting Up Configuration Variables

Config.dat file

You can create the file config.dat in your installation directory in order to change the default configuration of GoodTech SSH server. You can specify in the file only the parameters that you need to change their value. The file contains a list of parameters and their values, one in a row, in the following format:

PARAMETER=value

The parameter should be written in upper case. No spaces next to the equal sign. 

Back to top

GT_SSHD_LOGIN_IDLE_TIME - Login Timeout

Definition: Specifies the time period, in seconds, allowed for the login process before it is automatically disconnected from the host. if a user doesn�t provide login input in the timeout period (for example, 30 seconds), the session is closed by the SSH Server. In case a session is disconnected, the message "Timeout period expired" is displayed on the user�s SSH window.

Default value: 60 seconds

Back to top

GT_SSHD_SESSION_IDLE_TIME - Session Timeout

Definition: Specifies the time period, in minutes, allowed for a session to be idle before it is automatically disconnected from the SSH Server. In case a session is disconnected, the message "Timeout period expired" is displayed on the user�s SSH window.

Default value: 120 minutes

Back to top

GT_SSHD_MAX_USERS - Limiting the number of users

Definition: Specifies the maximum number of concurrent SSH users allowed to connect the host machine. For example, if you have a 10 concurrent connections license, and you set gt_SSHD_max_users to 5, then 5 users at the most can be concurrently connected to the host.

Valid values: 0 < GT_SSHD_MAX_USERS <= License limit

Default value: License limit

Back to top

GT_SSHD_USER_HOME - Specifying User Home Directory

Definition: Specifies the home directory for the users. If a user�s home directory is specified in the Windows NT account database, GoodTech SSH Server changes to that home directory when the user logs on. If the user home directory is not specified in the Windows NT account database, this configuration variable is used. 

If no home directory is specified, the %SystemDrive% is assumed as the home directory.

Valid value: Full path of the user home directory

Default value:  If no home directory is specified, the %SystemDrive% is assumed as the home directory (Windows environment variable).

Back to top

GT_SSHD_DISABLE_WEB_ADMIN - Disabling web administration

Definition: Allows to disable the Web administration interface. In this case, the command line interface is used for administration. 

Valid values: yes

Default value: not defined

Back to top

GT_SSHD_HTTP_PORT - Specifying Port for web administration

Definition: Specifies the HTTP port for Web administration. You can later administrate the SSH Server at the following URL: 

http://name or IP address of machine that runs SSH Server:GT_SSHD_HTTP_PORT value (e.g. http://localhost:2280)

Default value: 2280

Back to top

GT_SSHD_DOMAIN_ENABLE - Show domain prompt in authentication

Definition: You can enable a domain prompt during login phase, by setting this configuration variable to 'yes'. Enable the domain prompt to allow remote authentication. (The user provides the remote domain name during login). For local authentication on the server where GoodTech SSH server runs, there is no need for the domain prompt. In this case, the local account database is searched.

Valid values: yes

Default value: not defined

Back to top

GT_SSHD_DEFAULT_DOMAIN - Default domain when domain is disabled

Definition: In case the GT_SSHD_DOMAIN_ENABLE is set to yes, this parameter defines that domain name for authentication. A User can override it in the login process by typing a different domain name.

Valid values: Valid domain name

Default value: not defined

Back to top

GT_SSHD_DISABLE_UNMAP - Disabling unmap of network drives

Definition: When a user exits a session, all mapped drives are removed by default. To leave the mapped drives, set this parameter to 'yes'.

Valid values: yes

Default value: not defined

Back to top

GT_SSHD_DISABLE_JOB - Disabling the termination of job process tree

Definition:  A user can run applications in the background (i.e. clock, or notepad) while working in a SSH session. When the user exits the session, all the applications are closed by default. To leave background applications running after session exit, set this parameter to 'yes'.

Valid values: yes

Default value: not defined

Back to top

GT_SSHD_PROTOCOL - SSH protocol (SSH2)

Definition: Specifies the SSH protocol used for communication between the SSH server and the SSH client. SSH2 is the preferred protocol. 

Valid values: SSH2

Default value: SSH2

Back to top

Setting global login script

You can define global login script for ALL users using the SSH Server. The file will be executed as part of the login process of each user connecting through the SSH Server. You should create environment variable named gt_sshd_login_file and set the value to the full path of your login file. (Including the file prefix).

Valid values: Full path of the login script.

Default value: None

Back to top

Disabling SSH or SFTP

You can disable SSH (Secure Shell) or SFTP (Secure file Transfter) for users using SSH Server. You can add the following line to your config.dat file when you want to disable SSH:

GT_SSHD_DISABLE_OPTION=SSH

Valid values: SSH or SFTP

Default value: Both options (SSH and SFTP) are enabled.

Back to top

Setting the bell character

By default the bell character (ASCII 0x7) is heard on the Server machine when using SSH protocol. In order to hear the bell sound on the SSH Client, you should create a system environment variable named gt_bell_char and set the value to ASCII decimal 134 (which is a lowercase a with a circle over it). Any application running on the server that writes the ASCII value 134 to the screen will enable the bell sound on the client side. This option in only valid when using screen mode.

Valid values: ASCII number 134

Default value: None

Back to top

Displaying ALL characters

By default ASCII characters under decimal 32 will be replaced by the space character (ASCII 32). In order to see ALL characters including the ones under ASCII 32, you should create a system environment variable named gt_show_all_chars and set the value to 'yes'.

Valid values: yes

Default value: Characters under ASCII 32 (space char) will be replaced by the space character.

Back to top

Changing the default window size

By default the Window size is set according to the size of the SSH client. In case you want to change the default behavior you should create a system environment variable named gt_window_size and set the value to rows,cols. For example to set the default window size to be 10 rows and 40 columns the value for this system variable should be 10,40.

Valid values: rows,columns

Default value: 25,80 (Depending on the SSH client window size)

Back to top

Specifying Listening Address

Specifying listening IP

The IP that GoodTech SSH server listens on is defined in a file called: gt_sshd_address.dat

If the file does not exist (this is the default), SSH Server listens on all the IPs defined on the server machine.

The format of the file is one line that specifies a valid IP address, (i.e. 10.0.0.250). Host name is not supported.

Back to top

Specifying listening Port

The default SSH port is port number 22. However, in case port 22 is used by another application, you can set up GoodTech SSH server to use a different port.

You can set a different port by doing the following:

1. Click on the start button and run the REGEDIT program.
2.OpenHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHD
3. Highlight SSHD and right click on the mouse.
4. Select the option "New Key" and name the key "parameters".
5. Highlight the new key "parameters" and right click on the mouse.
6. Select the option "New DWORD Value" and name it "port".
7. Double click the "port" and set the base to "Decimal".
8. Enter your port number in the "Value Data" and click OK.

This method works for both, automatic and Manual startup of GoodTech SSH Server.

Another way to do this is to specify the port number to be used by the SSH Server in the Startup parameters input box when starting the SSH Server service. This method works only if you start and stop the SSH Server manually.

The SSH client program must be set up to use the same port as the SSH Server. If you set up the SSH Server to use a port different than the default (#22), you also have to  set up the SSH client to use the same port.

Back to top

Host Key Management

Host server identifies itself to a client using a unique host key. The first host key is generated during the installation of GoodTech SSH Server. In the installation process the administrator is prompt for host key password. This password is used as a key-encryption key. The host key is stored in encrypted form in the file sshd_hostkey.dat. 

It is recommended to establish a policy that determines the permitted lifetime of the key host, and to generate a new host key anytime the key lifetime is over. The program that generates a new host key is named: hostgen.exe, and is located in the SSH installation directory. Anytime that you run this program, you are prompt for a new password.

Back to top

Filtering - Configuring which client hosts can connect

Remote access can be limited to specific hosts or IP addresses.  Host or IP filters are enforced when the file gt_sshd_ipf.dat exists in your installation directory. 

The first line in this file can be ONE of the keywords, INCLUDE or EXCLUDE.  When the first line contains the INCLUDE keyword, all hosts or IP addresses listed in the following lines are the only hosts/IP addresses that have the permission to access the server machine via SSH. All other hosts or IP addresses are not allowed. If the first line contains the keyword EXCLUDE, all hosts/IP addresses listed after this line do not have permission to access the server machine via SSH. All other hosts or IP addresses are allowed. 

The following lines list IPs or hostnames, one in a row. It is also possible to list a partial IP, i.e. 10.0.0 to refer to all the IPs that start with 10.0.0 (from 10.0.0.0 to 10.0.0.255) 

For example:
EXCLUDE
10.0.0.100

Back to top

Screen Mode or Line Mode

In full screen applications, such as MS edit, VI, FCW. etc., the cursor can be located anywhere on the screen. Screen mode applications are displayed properly only if you are in screen mode.

In Line mode, the cursor is always located on the last line of your SSH session window. In this mode you can use the scroll buffer.

You can setup a system environment variable gt_mode to either screen mode or line mode (valid values are "screen" or "line"), based on the mode that most system users use the most. The default is screen mode. It is possible for users to change the mode on the fly during a SSH session. In order to change the mode from screen to line, issue the command: set gt_mode=line. To switch back to screen mode issue the command: set gt_mode=screen

In addition you can also create a file named gt_ip_mode.dat in your SSH Server installation directory that contains the default mode for a specific IP address. (line or screen). For example the following line sets the default mode to be line mode for IP 192.168.10.1:

192.168.10.1 line

You can also sets the default mode for a specific user. You can create a file named gt_user_mode.dat in your SSH Server installation directory and create a line that contains the user with the default mode. (line or screen). For example the following line sets the default mode for user Sam to be screen mode:

sam screen

Each of the above files can contain more than one line.

Back to top

Customizing a Welcome Message

You can customize the welcome message that appears during login phase by creating a file named gt_sshd_welcome_message.dat in your SSH Server installation directory. You can put your custom welcome message in this file and it will be displayed during the login phase.

Back to top

Configuring Client Printing

If you want users to print locally from a SSH session, you need to configure both the SSH Server and the SSH client. The configuration of the SSH Server side is explained below. Please refer to "Configuring the SSH Client/Client Printing" for information on how to configure the SSH Client for client printing. See also "Work with GoodTech SSH Server/Client Printing" for information on how to set up your SSH session to print locally.

You need to Follow the steps below if you want to allow users to print locally on their printers:

  1. Enabling Client Printing

    The following system environment variable is used to control client printing:

    gt_print_monitor - controls whether client printing is enabled or disabled.

    Set this variable to Y to enable client printing.

    If this variable is not defined, or if it has a value other than Y, client printing is disabled. For instructions on how to set system environment variable please refer to the "Setup System Environment Variables in Windows NT" section.

  2. Create a Virtual Printer
  • Go to Control panel/printers/add printer.
  • Select any available port for the printer (lpt1, lpt2 or lpt3).
  • Select manufacturer as Generic and printer as Generic/tText Only.
  • Name the printer gt_printer.
  • Define it as a shared printer and name the share gt_printer.
  1. Pause the printer
  • Go to Control panel/printers
  • Select gt_printer
  • Right click the mouse and enable pause printing.
Back to top

Using Alternate Command Shells

GoodTech SSH Server for Windows NT supports other command shells than CMD.EXE. For example, 4Dos for Windows NT (4NT) from JP Software is supported.

If you want all the SSH users to make use of a command shell other than CMD.EXE, change your ComSpec system environment variable to point to that command interpreter program. For example, if you want to make use of 4NT, change the ComSpec system variable to point to 4NT.EXE program instead of to CMD.EXE program. For instructions on how to change the Comspec variable value please refer to the "Setup System Environment Variables in Windows NT" section.

If different users have different preferences regarding what command shell to use, it is possible to make the change at a user level. A user can change the command shell used from its SSH session. For instructions on how to do that, please refer to Work with GoodTech SSH Server/alternate command interpreter.

Back to top

Setting Up System Environment Variables in Windows NT

Go to the control panel, system, environment, select the system variable scrolling list, then enter the parameter (gt_print_monitor, gt_mode or comspec) in the variable text box and the value in the value box. Press the Set button and then the OK button. You have to reboot your computer after defining system environment variables for the change to take effect. (Please note that you need to create SYSTEM variables and not USER variables).

Back to top

Administrating GoodTech SSH Server

Web Interface

Connecting to the Web Interface

Administration commands can be performed via a web browser. This management option gives you a graphic interface to administrate the SSH Server product. You can always use the command line interface to get the same results. In order to use this option, you should open a web browser with the following URL: 

http://name or IP address of machine that runs SSH Server:GT_SSHD_HTTP_PORT value

For example:

you can write http://my-machine:2580 

In this case the host name is my-machine and the GT_SSHD_HTTP_PORT configuration parameter is set to the value of 2580.

or you can write http://192.168.0.1:2280

In this case the host IP is 192.168.0.1 and the default http port is used (GT_SSHD_HTTP_PORT configuration parameter is not set).

Back to top

Login page

If the SSH Server is up you get a login page. You can login as a 'sshd' user or any other user that belongs to the administrators group. Administrators group is the only group that has SSH Server administrative privileges.

Back to top

Administration Options Page

This page offers the following options:

  1. Query SSH sessions - displays a list of all current open sessions.
  2. Pause SSH Server - new connections can not be established.
  3. Continue SSH Server - new connections can be established again, after a pause.
  4. Shutdown SSH Server - shuts down the SSH Server service.
  5. Restart SSH Server - shuts it down and restarts it.

Press the Submit button to execute the option of your choice.

The Disconnect button disconnects you from the server.

The Refresh button refreshes the SSH Server status on the status line.

Back to top

Sessions Status page

The following information is displayed for each open session:

Login time - client login time

Sid - system identifier of the client session

IP address - client IP address

User name - client user name

Kill Connection button - kills all checked client sessions.

Main Menu button - takes you back to the options page.

Refresh button - refreshes the SSH Server status on the status line.

Back to top

Command line interface

Using Command Line Interface

Administration commands can be performed only from the 'sshd' account. You have to SSH to the host as user sshd, either locally, from the host itself, or remotely, from a client.

More than one sshd user can SSH out to the host at the same time. However, each is count against the maximum number of concurrent connections allowed. It is recommended to keep at least one sshd user session open, so administration commands are available even when all concurrent connections are in use.

The following commands are available:

Service Administrating Commands

  • SSHd shutdown � Stops the service. Any open connection is closed and new connections can not be established.
  • SSHd disable � New connections can not be established.
  • SSHd enable � New connections can be established.

Clients Administrating Commands

  • SSHd status � Displays a list of all current open sessions.
  • SSHd kill [sid]- Kills the client session identified by sid. To get the client sid, use the command "SSHd status".

Back to top

Using Windows Interface to Control GoodTech SSH Service

Automatic Startup

It is possible to specify an automatic startup for GoodTech SSH Server. To do so, you have to perform the following steps:

  1. Go to the Control Panel / Services program, select GoodTech SSH Server from the list of Services, push the Startup button, and then, select automatic startup.
  2. The next time you will restart your computer, the GoodTech SSH Server service will start automatically.

Starting GoodTech SSH server Service

You have the following options:

  • Go to the Control Panel / Services program, select GoodTech SSH Server from the list of Services and press the Start button.
  • Go to the Command Shell Prompt and type "NET START SSHD"

Stopping GoodTech SSH server Service

You have the following options:

  • Go to the Control Panel / Services program, select GoodTech SSH Server from the list of Services and press the Stop button.
  • Go to the Command Shell Prompt and type "NET STOP SSHD"

Pausing GoodTech SSH server Service

You have the following options:

  • Go to the Control Panel / Services program, select GoodTech SSH Server from the list of Services and press the Pause button.
  • Go to the Command Shell Prompt and type "NET PAUSE SSHD"

Continuing GoodTech SSH Server Service  

You have the following options:

  • Go to the Control Panel / Services program, select GoodTech SSH Server from the list of Services and press the Continue button.
  • Go to the Command Shell Prompt and type "NET CONTINUE SSHD"

Restarting GoodTech SSH Server Service from remote  

  • Create a bat file (i.e. remoterestart.bat) with the following lines in it-

    net stop SSHd

    net start SSHd

  • Logon to the server from a remote SSH session as a privilege user and execute the bat file-

    start /b [bat file]

    for example: start /b remoterestart

    The remote session will be disconnected, but you can reconnect.

  • Verify that your user has the right privileges-

    Logon locally as this user (not in a SSH session)

    Run the bat file and make sure you get no errors.

Back to top

Administrative Messages from the SSH Server

 

message:

Is displayed when..

Evaluation copy of GoodTech SSH Server version X has expired

Your 30 day evaluation period is over

Invalid Password. Should be at least two characters

Host key generation program is running (either automatically during installation or when you run keygen.exe) and you type invalid password (no password, or one character long).

Shutting down SSH Server �

You performed the command "SSHd shutdown"

Missing or invalid parameter

You performed the command "SSHd kill [sid]" without specifying the [sid] or with an invalid [sid].

User�s session [sid] was terminated

You performed the command "SSHd kill [sid]"

Back to top

The Log Files

What are the Log Files

GoodTech SSH service uses two Log files, SSHd.log and SSHdcmd.log, to keep a record of everything it does. The log files are kept in GoodTech SSH server installation directory.

For information on how to monitor your Log file please see the section "Monitoring the Log File".

Resetting the Log Files

Your log files can grow quite large and quite fast, especially if your host gets a large number of SSH users per day. The size of the files can eat into your disk quota and tie up needed space.

To reset your log files, you need to delete the files when the SSH Server service does not run. The next time the SSH Server will run, new log files will be created.

Back to top

Working with GoodTech SSH Server

Choosing Your SSH Client software

GoodTech SSH Server can work with any standard secure SSH client and secure file transfer client. There are quite a few SSH and file transfer clients available. We recommend GTTerm from GoodTech systems. Some of them are free. For example, you can use PuTTY as SSH and port forwarding client and WinSCP as GUI secure file transfer client. 

Back to top  

Configuring your SSH Client

Encryption, Authentication and Compression

You can configure your SSH client to use the following encryption and authentication algorithms, which are supported by Good|Tech SSH Server:

AES, Blowfish, CAST, DES, triple DES, IDEA, RC2, RC4, RC5, and Skipjack, conventional encryption, MD2, MD4, MD5, RIPEMD-160 and SHA hash algorithms, HMAC-MD5, HMAC-SHA, and HMACRIPEMD-160 algorithms, and Diffie-Hellman, DSA, Elgamal, and RSA public-key encryption.

Back to top

Port Forwarding / Tunneling 

If you need to secure an unsecured server application in use in your organization, you can use the secured channel of GoodTech SSH Server. GoodTech SSH Server gets the client requests on a secured channel and forwards them, locally, to the unsecured  server. All you need to do is define on the client a source port on which the client listens, and a destination port and IP to which data is transferred. 

Back to top

Keyboard Mapping

The key maps expected by GoodTech SSH Server are listed below. Check the SSH client for documentation on how to add entries into the keyboard mapping table.

The first column is the keyboard key and the second column is the string sequence GoodTech SSH Server expects to receive for the keyboard key. Double quotes are shown in the escape sequence for reading convenience,  but are NOT to be sent. Numbers (\xxx) are given in decimal notation. For example, to simulate F1, the SSH client should send ASCII number 27(not the string 27), followed by O and P (\027 stands for the decimal ASCII 27).

 

Keyboard Key
Escape Sequence
F1
"\027OP"
F2
"\027OQ"
F3
"\027OR"
F4
"\027OS"
F5
"\027OT"
F6
"\027OU"
F7
"\027OV"
F8
"\027OW"
F9
"\027OX"
F10
"\027OY"
F11
"\027OZ"
F12
"\027OO"

 

 

[ Ctrl ] F1
"\027CP"
[ Ctrl ] F2
"\027CQ"
[ Ctrl ] F3
"\027CR"
[ Ctrl ] F4
"\027CS"
[ Ctrl ]F5
"\027CT"
[ Ctrl ] F6
"\027CU"
[ Ctrl ] F7
"\027CV"
[ Ctrl ] F8
"\027CW"
[ Ctrl ] F9
"\027CX"
[ Ctrl ] F10
"\027CY"
[ Ctrl ] F11
"\027CZ"
[ Ctr l ] F12
"\027CO"

 

 

[ Shift ] F1
"\027SP"
[ Shift ] F2
"\027SQ"
[ Shift ] F3
"\027SR"
[ Shift ] F4
"\027SS"
[ Shift ] F5
"\027ST"
[ Shift ] F6
"\027SU"
[ Shift ] F7
"\027SV"
[ Shift ] F8
"\027SW"
[ Shift ] F9
"\027SX"
[ Shift ] F10
"\027SY"
[ Shift ] F11
"\027SZ"
[ Shift ] F12
"\027SO"

 

 

[ Alt ] F1
"\027AP"
[ Alt ] F2
"\027AQ"
[ Alt ] F3
"\027AR"
[ Alt ] F4
"\027AS"
[ Alt ] F5
"\027AT"
[ Alt ] F6
"\027AU"
[ Alt ] F7
"\027AV"
[ Alt ] F8
"\027AW"
[ Alt ] F9
"\027AX"
[ Alt ] F10
"\027AY"
[ Alt ] F11
"\027AZ"
[ Alt ] F12
"\027AO"

 

 

Cursor up
"\027[A"
Cursor down
"\027[B"
Cursor right
"\027[C"
Cursor left
"\027[D"
Insert
"\027[1~"
Home
"\027[2~"
Page Up
"\027[3~"
Delete
"\027[4~"
End
"\027[5~"
Page Down
"\027[6~"
[ Shift ] Cursor up
"\027[\129"
[ Shift ] Cursor down
"\027[\130"
[ Shift ] Cursor right
"\027[\131"
[ Shift ] Cursor left
"\027[\132"
[ Shift ] Insert
"\027[\133"
[ Shift ] Home
"\027[\134"
[ Shift ] Page Up
"\027[\135"
[ Shift ] Delete
"\027[\136"
[ Shift ] End
"\027[\137"
[ Shift ] Page Down
"\027[\138"

 

 

[ Ctrl ] Cursor up
"\027[\139"
[ Ctrl ] Cursor down
"\027[\140"
[ Ctrl ] Cursor right
"\027[\141"
[ Ctrl ] Cursor left
"\027[\142"
[ Ctrl ] Insert
"\027[\143"
[ Ctrl ] Home
"\027[\144"
[ Ctrl ] Page Up
"\027[\145"
[ Ctrl ] Delete
"\027[\146"
[ Ctrl ] End
"\027[\147"
[ Ctrl ] Page Down
"\027[\148"

 

 

[Shift][Ctrl]Cursor up
"\027[\149"
[Shift][Ctrl]Cursor down
"\027[\150"
[Shift][Ctrl]Cursor right
"\027[\151"
[Shift][Ctrl]Cursor left
"\027[\152"
[Shift][Ctrl]Insert
"\027[\153"
[Shift][Ctrl]Home
"\027[\154"
[Shift][Ctrl]Page Up
"\027[\155"
[Shift][Ctrl]Delete
"\027[\156"
[Shift][Ctrl]End
"\027[\157"
[Shift][Ctrl]Page Down
"\027[\158"

 

 

[ Shift ] Tab
"\027\160"
[ Ctrl ] Enter
"\027\161"

 

 

[ Alt ] Cursor up
"\027[\170"
[ Alt ] Cursor down
"\027[\171"
[ Alt ] Cursor right
"\027[\172"
[ Alt ] Cursor left
"\027[\173"
[ Alt ] Insert
"\027[\174"
[ Alt ] Home
"\027[\175"
[ Alt ] Page Up
"\027[\176"
[ Alt ] Delete
"\027[\177"
[ Alt ] End
"\027[\178"
[ Alt ] Page Down
"\027[\179"

 

 

[Ctrl][Alt]Cursor up
"\027[\180"
[Ctrl][Alt]Cursor down
"\027[\181"
[Ctrl][Alt]Cursor right
"\027[\182"
[Ctrl][Alt]Cursor left
"\027[\183"
[Ctrl][Alt]Insert
"\027[\184"
[Ctrl][Alt]Home
"\027[\185"
[Ctrl][Alt]Page Up
"\027[\186"
[Ctrl][Alt]End
"\027[\188"
[Ctrl][Alt]Page Down
"\027[\189"

 

 

[Shift][Alt]Cursor up
"\027[\190"
[Shift][Alt]Cursor down
"\027[\191"
[Shift][Alt]Cursor right
"\027[\192"
[Shift][Alt]Cursor left
"\027[\193"
[Shift][Alt]Insert
"\027[\194"
[Shift][Alt]Home
"\027[\195"
[Shift][Alt]Page Up
"\027[\196"
[Shift][Alt]Delete
"\027[\197"
[Shift][Alt]End
"\027[\198"
[Shift][Alt]Page Down
"\027[\199"

 

 

[ Alt ] A
"\001\027"
[ Alt ] B
"\001\002"
[ Alt ] C
"\001\003"
[ Alt ] D
"\001\004"
[ Alt ] E
"\001\005"
[ Alt ] F
"\001\006"
[ Alt ] G
"\001\007"
[ Alt ] H
"\001\008"
[ Alt ] I
"\001\009"
[ Alt ] J
"\001\010"
[ Alt ] K
"\001\011"
[ Alt ] L
"\001\012"
[ Alt ] M
"\001\013"
[ Alt ] N
"\001\014"
[ Alt ] O
"\001\015"
[ Alt ] P
"\001\016"
[ Alt ] Q
"\001\017"
[ Alt ] R
"\001\018"
[ Alt ] S
"\001\019"
[ Alt ] T
"\001\020"
[ Alt ] U
"\001\021"
[ Alt ] V
"\001\022"
[ Alt ] W
"\001\023"
[ Alt ] X
"\001\024"
[ Alt ] Y
"\001\025"
[ Alt ] Z
"\001\026"

 

 

[ Ctrl ] A
"\001\001"
[ Ctrl ] B
"\002"
[ Ctrl ] C
"\003"
[ Ctrl ] D
"\004"
[ Ctrl ] E
"\005"
[ Ctrl ] F
"\006"
[ Ctrl ] G
"\007"
[ Ctrl ] H
"\008"
[ Ctrl ] I
"\009"
[ Ctrl ] J
"\010"
[ Ctrl ] K
"\011"
[ Ctrl ] L
"\012"
[ Ctrl ] M
"\013"
[ Ctrl ] N
"\014"
[ Ctrl ] O
"\015"
[ Ctrl ] P
"\016"
[ Ctrl ] Q
"\017"
[ Ctrl ] R
"\018"
[ Ctrl ] S
"\019"
[ Ctrl ] T
"\020"
[ Ctrl ] U
"\021"
[ Ctrl ] V
"\022"
[ Ctrl ] W
"\023"
[ Ctrl ] X
"\024"
[ Ctrl ] Y
"\025"
[ Ctrl ] Z
"\026"

Back to top

The Backspace Key

If you want the backspace key to work properly, configure the backspace key to send backspace and not delete. The backspace key should send CTRL-H.

Back to top

Graphic Characters

PC applications use the PC character set to generate character graphics. Many terminal emulator graphic character sets are different from the PC character set. In order to get all graphic characters properly displayed by GoodTech SSH Server, use a SSH client that supports character set or font selection. Choose the character set or font that is based on the IBM PC character set.

Back to top

Color

Some PC applications make use of colors. In order to get all colors properly displayed by GoodTech SSH Server, use a SSH client that supports colors. Choose the ANSI color option in the SSH client setup menu.

Back to top

ESC key

To simulate the ESC key, you need to press the Escape key twice.

Back to top

Client Printing

Follow the steps below if you want to print locally from your SSH session:

  1. Your SSH Client  MUST support direct path through printing to port. Some SSH Clients support it and some don't. 
  2. Enable the option direct path through printing to port and select the port that your printer is connected to.
Back to top

Enable an Alternate Command Shell

You can make use of a command shell other than the default CMD.EXE, by running the other shell program from the SSH session. For example, to use 4NT from JP software, you can run 4NT.exe from your SSH session prompt.

Back to top

Working with the SSH Client

Connecting to GoodTech SSH Server

Once you have chosen a SSH client or file transfer client, connecting to GoodTech SSH server is simple. Although SSH clients and file transfer clients vary in their exact configuration, most of them will simply require you to specify a "remote host". Your remote host is the host where the SSH Server runs.

Once you are connected, you are prompted for your login name, login password and optionally for domain (if the configuration variable GT_SSH_DOMAIN_ENABLE is set to yes).

The login name is the name of the user account.

The password specifies the password for the user account.

The domain specifies the name of the domain whose account database contains the user name account. For remote authentication you provide the remote domain name. For local authentication on the server where GoodTech SSH server runs, leave it blank. In this case, the local account database is searched.

While the SSH Server authenticates your login information, the message "Authentication is in progress�" is displayed on your screen.

If the authentication fails, the message " Login incorrect, please try again, authentication failure" is displayed on your screen. After three failure attempts the message " Login incorrect, Closing, 3 failure attempts" is displayed on your screen. Your session is disconnected from the host.

If you don't fill out the login information within the time period that was specified by the system administrator for login input, your session is disconnected from the host and the message: "Timeout period expired " is displayed on your screen.

After a successful login, you have access to the host Server and can issue commands at the command prompt.

 Back to top

Switch Between Screen Mode and Line Mode

You can easily switch between modes while in a SSH session. There is no need to re-login any time you change the mode.

The default mode depends on how the administrator set the system via the system environment variable gt_mode. 

If you want to switch to line mode, type the command:

set gt_mode=line

You have to type the above command in lower case letters and with no extra spaces. This command creates a new DOS session and you are ready to work in line mode. The scroll buffer is available. If the cursor does not move to the next line any time you press the enter key, you need to set up your SSH client to do so. 

If you want to switch to screen mode, type the command:

set gt_mode=screen

You have to type the above command in lower case letters and with no extra spaces. This command creates a new DOS session and you are ready to work in screen mode. The scroll buffer is not available any more.

Back to top

Changing the Window Size

Some old applications, such as EDIT.com or debug.exe, are best displayed if the window size is set to 25 lines * 80 columns. However, if the application supports a window size other than 25*80 (i.e. FCW.exe), it is possible to resize the window while connecting to GoodTech SSH server.

The window size is changed automatically when you change the window size on the SSH client.

The default window size is 25*80. 

You can also change the window size using the following command within the SSH session:

set gt_window_size=row,column

where row and column define the window size. For example, if you type:

set gt_window_size=30,80

GoodTech SSH Server will support the new window size of 30*80. 

Back to top

Pressing the Alt Key

Windows NT interprets the Alt as a local menu key. As a result, the Alt key is interpreted by Windows NT and is not transferred to the SSH Client program (or other programs). A replacement key have to be entered at the SSH client in order to have it mapped to the Alt key in the SSH Server. CTRL-A has been re-mapped to act as the Alt key in a SSH session.

For example, when working in EDIT.COM, to access the File Menu, instead of pressing ALT-F, press CTRL-A and F to represent ALT-F.

Because CTRL-A is used to simulate the ALT key, you need to press CTRL-A twice to simulate CTRL-A. To simulate ALT-A, you need to press CTRL-A and ESC key.

Back to top

Using the Number Pad Keys

To use the number pad keys, make sure that NUM-LOCK is disabled.

Client Printing

If you want to print locally from your SSH session, you need to issue the following command from the SSH session any time you SSH to the server:

NET USE lptn: \\ServerName\gt_printer

lptn: lpt1, lpt2 or lpt3 depending on what port you are printing to. lpt1 is the default port for printing.

ServeName: The remote host you are connected to.

Example: NET USE lpt1: \\YourHostName\gt_printer

This command redirects printing from the server printing port to the virtual printer, so GoodTech SSH Server can read from the virtual printer and send the printing to the client for print out.

Idle Session

If your session is connected to the SSH Server, but is idle (no input is sent from the client to the server within the time period that was specified by the system administrator), it is disconnected from the host and the message: "Timeout period expired " is displayed on your screen.

Exiting From a Session

Once your SSH connection is established, your SSH client remains connected to GoodTech SSH Server until one of the following happens:

You request to disconnect by:

  • Typing EXIT at the command prompt.
  • Choosing Disconnect from the SSH client menu.

The SSH administrator disconnects you by:

  • Killing your session
  • Automatic timeout disconnection
  • Shutting down the SSH Server

Abnormal termination:

  • The SSH client program terminates abnormally
  • A broken network link

Back to top

Messages from the SSH Server

 

The message:

Is displayed when..

All connections are in use

All the licensed connections are concurrently in use or the maximum number of concurrent users set by the administrator was reached.

Authentication is in progress�

The SSH Server receives the login information and is trying to authenticate.

Login incorrect, please try again

You type invalid user name, password or domain.

Login incorrect, Closing

You typed invalid login information 3 times in a row.

Not authorized for this command [Hit return to continue]

You try to execute an administrative command.

Timeout period expired

Either you didn't type in login information within the specified time period or your session was idle for too long.

Back to top

Trouble Shooting

Handling Problems

It is possible to encounter a problem while using GoodTech SSH server, especially if these are your first steps with the SSH Server.

The best place to look for answers to questions/problems is this help. You can try monitoring the log file. If you don't even get to the point that your SSH Server is up and running and the log file does not exist yet, try our error messages list. If your error is listed on that list, you'll find the corresponding recommended course of action. And of course, you can always contact our technical support experts. Don't hesitate to contact us, your questions are welcome. Please provide the following information when you contact our support:

  • Product Name
  • Version
  • What SSH client/file transfer client you are using
  • Problem/question description
  • Error message or error number (if applicable)
  • SSH Server log file (if applicable, attach the file to your email)

Back to top

Monitoring the Log File

The GoodTech SSH service uses Log files to keep a record of everything it does. Most of the entries you'll find in the log files are informational or success messages. However, error messages are also written to the log files, and these are what you are looking for, when you are facing a problem.

Whenever an error occurs, the SSH Server writes the error number into the log file. You can get the error number by searching the string "error no" in your log file. In case this string is found more than once, the first error message is the error you want to solve. In most cases, other errors are a result of the first one.

In the log file you will find only the error number, but you can easily translate the error number to its description by doing the following:

Go to a Command Shell Prompt and type "NET HELPMSG [error number]"

If the error description is too vague and you are not sure what should you do to overcome the problem, try to check out the error in our list of common errors for a recommended course of action.

Back to top

Common Error List

The error messages you encounter as you start using GoodTech SSH Server are most likely common errors that others encountered as well.

Back to top