Pragma FortressSSH is executed automatically by InetD, when a user logs into the system using any ssh client.
Users need have a username, password, and domain of a valid Windows account with "Log on Locally" rights to access Pragma FortressSSH. Leaving the domain blank will cause the server to search for the username, beginning with the local accounts, then the current domain, followed by any trusted domains. A delay during user authentication might be caused by this network search. Speed up the process by entering a domain. If a password is used, the password must be currently valid. If the password needs to be changed, the user will be unable to log on. Username is cached with a certificate logon, which domain users cannot use. . After login, the user may be prompted for session options that can be configured by the server administrator. Enter the best matching value for each prompt. See User Management for instructions on setting prompts. Automatic logon can be setup using the Auto Logon feature.
The user is given a command shell session and the security context is set to represent the logged on user account. Most console applications can be used during the session. . If an application does not appear to run and the command prompt does not appear, exit the application normally, then try launching the application with the wrapper technology. See the topic on the Wrapper Technology for more details.
To end the session, type "exit" and the server will gracefully end the client session.
If a session fails to connect due to an AllocConsole error, the InetD Desktop Count should be increased. See InetD Configuration for more information.
Port Forwarding
Pragma FortressSSH can be used to forward other TCP ports through the ssh port, such as telnet and POP, giving these protocols secure sessions. To use port forwarding, the client must be configured to monitor multiple ports and which port to forward to on the server, then a ssh session should be initiated. Initiate the alternate protocol on the port being monitored by the client. For remote port forwarding, configure the client for remote port forwarding, then initiate the alternate protocol sessions from the server side in the ssh session. Using Pragma FortressSSH with a firewall that only allows ssh access, would guarantee that any supported protocol leaving the network would be encrypted.
See Port Forwarding for more information.
File Transfer
There are three ways to transfer files with Pragma FortressSSH: scp, sftp, and a forwarded FTP channel.
SCP is a secure file copy, which invokes the local ssh client to initiate a non-interactive ssh session with the remote machine. A separate scp program must be present on both the client and server. A single command is processed on the server, which copies the files. See Pragma SCP for more information.
SFTP is a secure file transfer, similar to FTP, that is part of the SSH2 protocol. It is similar to SCP in that separate programs are required. The sftp client uses similar syntax to ftp, allowing a shell like interaction. See SFTP Server for more information.
The standard FTP traffic can be forwarded through another port. A standard ftp client can be used as long as it supports a passive mode. The copy is performed in 2 steps. First a connection with a ssh client, forwarding the ftp ports. Second, a ftp connection is made to the new port, with passive mode set. See Port Forwarding for more information.
Text Editors
Many text editors can be used in an Pragma FortressSSH session The
DOS edit program, vi from the MKS Toolkit, and xvi, a freeware vi
editor, can all be used without problem. The vi editor from the
Windows Resource Kit can be run using the Wrapper Technology. A
version of Emacs can be obtained from the
User Home Directory and Command Profile\Login Script
If a user's home directory, profile, and login script are specified in the Windows account database, accessed by the Windows User Management, Pragma FortressSSH will change to that home directory when the user logs on, and execute the profile and login script. A home directory and login script can also be specified in the Fortress configuration. See User General Settings for more information on specifying a home directory in Fortress, and Full Console Settings and Stream Settings Startup Program for more information on setting a login script under Fortress. If no home directory is specified, the system-wide default user directory ( %SystemDrive%\users\default ) is assumed as the home directory.
The Windows Logon Script can be turned off for ssh sessions under User General Settings.
Client Window Size
If the client communicates the terminal window size, Pragma Fortress will support the negotiated window size. If no window size is communicated by the client, then a window defined by the Console settings will be assumed. If a window size less than 24 lines is communicated, Pragma Fortress will still run session as 24 lines.
24/25 line restriction
If a window size of less than 25 lines is used, Pragma Fortress is forced to squeeze 25 lines into 24. In normal operation, the 24th line is not displayed and line 25 is displayed in its place. For most editors and applications, this line (line 24) is relatively unimportant, whereas the last line of the text (line 25) usually contains important information. However, if the cursor is on the 24th line, then line 24 will be displayed instead of line 25. Fortress will dynamically decide which line to display.
If the client supports greater than 24 lines, set the client side and server side rows to the same value. The 24th line can be seen by setting the server to 25 lines and the client to 26 lines. This should keep the client from scrolling the top line.
Use the optimized screen scraper to avoid the remapping completely. Using this option, the server will send only the number of rows determined by the client.
Check keyboard mapping
If a key appears not to work from the client application, check the keyboard mapping of the application. Many terminal emulators do not map all the keys. They require the keys to be added to the keyboard mapping. Common examples of these are PAGEDOWN and PAGEUP, which many client programs do not map initially. Check the client for documentation on how to add entries into the keyboard mapping table. See Appendix D for the expected escape sequences for the supported terminal emulations.
Instructions for ALT Key keyboard mapping
Windows intercepts keys supplemented with the ALT key from programs (like a ssh client) and interprets them as local menu keys. As a result, some other keys have to be entered at the client in order to have them mapped to the ALT key by Pragma . By default, CTRL-A has been re-mapped to act as the ALT key in a session. Many applications require the ALT key and most terminals do not specify an ALT key. For example, when working in EDIT.COM, to access the File Menu, instead of pressing ALT-F, press CTRL-A (release), then F to represent ALT-F. When using Pragma's Console SecureShell Client this is not needed, all keys act as they would normally. The ALT key can be re-mapped in User General Settings.
Instructions for Edit keys
Pragma Fortress recognizes all editing keys (INS,
Instructions for viewing graphic characters
PC applications use the PC's character set to generate character graphics. For example, the TREE and EDIT DOS commands use line drawing characters from the PC character set. Many terminal emulators' graphic character set is different than that of the PC, for example Digital VT terminals. In order to get all graphic characters properly displayed via Fortress, use a ssh client that supports character set or font selection. Choose the character set or font that is based on the IBM PC character set.
To change the displayed character from the client sent character, characters can be defined using the charmap.ini file. Following the examples in the file, assign a new value to a received character. This will improve many displays. See User General Settings for more information.
The graphic character set used with VT emulations also defines how characters are displayed. By default, Pragma Fortress uses the DEC Special Graphics character set. This can be changed by adding the registry string value "DECCharSet" under each user registry key in HKEY_LOCAL_MACHINE\SOFTWARE\PragmaSystems\SSHD\Users. The possible values for DECCharSet are:
0 - ASCII;
1 - DEC Supplemental;
2 - DEC Special Graphics; ** default value
3 - DEC Technical;
4 - User-preferred supplemental
5 - ISO Latin-1 Supplemental
Instructions for running graphics applications
Pragma FortressSSH sessions only support character mode or console applications. GUI programs can be started, but their output will not be shown on the client. If the InetD Service is setup to start with the "Allow service to interact with desktop" setting, the GUI program will show on the server.
The utility guistart.exe can also be used to launch a GUI application on the server, without the "Allow service to interact with desktop" set for the InetD service. Run guistart with the program to run as a program argument on the command line, such as, guistart notepad hello.txt. Remember that once a GUI application has been launched on the server, it is unusable from the session, unless the program implements an automated session, or is specifically designed to work with the ssh protocol. The program can be closed when the session ends, by using Monitor Child Processes.
Generally, graphical applications should not be started from SSH sessions.
Connect 1000+ SSH sessions to a machine running Pragma FortressSSH
In order to connect 1000+ SSH sessions to a machine, the hardward
must be up to the task. Below is an example of a machine that will
handle 1000+ sessions:
|
Processor: |
Intel Xeon 1.8 GHz |
|
Memory (RAM): |
4.00 GB |
|
Operating System bit: |
64-bit (recommended) |
Multiple ssh sessions from a single
server (SSHD) process
Pragma SSHd process now supports multiple shell, sftp and scp
sessions within a single SSHD process. There are two key advantages:
1) User productivity improvement - a user have to only login once to
a remote machine and then can start multiple shells, sftp, scp
sessions as needed.
2) Resource efficient - a single ssh-to-sshd authenticated TCP
network connection runs these multiple sessions using channels (like
virual circuits) of ssh protocol.
We support up to 64 sessions within a single SSHD processes in the
current release. If more sessions than 64 are asked for, the clients
will get resource limit reached error message.
Microsoft Powershell
Pragma FortressSSH supports Microsoft Powershell. CmdLets and
executables of the Powershell can be run within the SSH sessions
launched by Pragma FortressSSH.
Microsoft's new Windows PowerShell is a new generation .NET based
modern shell which can be considered a replacement of cmd.exe.
PowerShell provides full access to .NET commands and APIs and
supports C#, VB.Net, VB languages thus making it much more powerful
than even UNIX shells. Powershell can be extended through cmdlets and
other documented methods.
Pragma's SSH and Telnet/TelnetSSL server provide full support of
Microsoft's Windows PowerShell. Powershell can be invoked from the
command line by typing "powershell" or configured to be the
defualt shell by changing configuration info using "Pragma Local
Server Configuration" graphical program.
Powershell can be run in Pragma's Advance Console or Full Console
mode. It cannot be run in Pragma "Stream" mode as it needs
richer I/O interaction support from SSH or Telnet servers.
Microsoft's new Windows PowerShell is now bundled with Windows Server
2008 and Windows 7. PowerShell can also be freely downloaded from
Microsoft for running in Windows XP, Windows Vista and Windows Server 2003.
Microsoft Windows 7 and Windows Server 2008 R2 Support
Pragma FortressSSH have been tested on the new operating system from Microsoft, Windows 7 and Windows Server 2008 R2.