TTXSSL is used in the same way as Tera Term Pro. Thus, please refer to the documents or the help file attached to Tera Term Pro. The only points that differ to the original Tera Term Pro are the following:
If the telnetd (telnet server) you are connecting to(see note 1 below) is SSL enabled, run TTXSSL as an SSL enabled telnet client.
When running as an SSL enabled telnet client, in the title bar the code
TeraTerm - foo.hoge.co.jp VT - SSL connection using RC4-SHA
is displayed, indicating that presently SSL is being used.
If the telnet server you are connecting to is not SSL enabled, run TTXSSL as a usual telnet client.
For version 0.2a1 and later, in the directory in which Tera Term Pro was installed, there is a file called ttxssl.ini , and TTXSSL configuration is performed by editing this file.
If you select the [Help] - [about Ssl] menu, a WWW browser will activate and display documents regarding SSL implementation. Note: the documents are located on Infoscience Corporation's WWW server, and thus to display them you need to be using a computer that can connect to the internet.
(Note 1)There is an SSL enabled telnetd in which SSL was implemented by Tim Hudson. This is called SSLtelnet, and the source, which includes a SSL telnet enabled client, is available here For details, please see the SSLtelnet documents.
TTXSSL configuration is performed by editing the file called
ttxssl.ini which is in the directory that Tera Term Pro was installed in.
Following is the explanation for each section and each key.
SSL SectionNow we will perform the configuration for SSL. Currently there are no other sections apart from this one.
NOSSL KeyWhen not using SSL select 'yes'. The default is 'no'.Version KeyThis will select the SSL protocol version. Default is 2.Cert KeyThis will designate the path of the client's certificate.Key KeyThis will designate the path of the client's private key.CApath KeyThis will designate the path of the directory containing the CA's certificate.CAfile KeyThis will designate the path of the CA's certificate.Verify KeyWhen not performing server verification select 0.
When performing server verification, assign the greatest value of depth of server verification. Default is 0.
With the above configuration file, some of the items which can be configured may also be configured from the command line.
/NOSSL OptionDon't use SSL./SSL2 OptionUse SSL protocol version 2./SSL3 OptionUse SSL protocol version 3./cert OptionAfter the "=" sign, assign the path of the client's certificate./key OptionAfter the "=" sign, assign the path of the client's private key./CAfile OptionAfter the "=" sign, assign the path of the CA's certificate to be used./CApath OptionAfter the "=" sign, assign the path of the directory containing the CA's certificate to be used.
In testing the operation of this software, Tim Hudson's SSLtelnet on Linux was used as telnetd.
For purposes of this explanation, telnetd's private key is "demo_sv.key", telnetd's certificate is "demo_sv.pem",and the CA's certificate is "demo_ca.pem". Also, we will assume SSLeay is installed in /usr/local/ssl, SSLtelnetd command is /usr/local/ssl/bin/telnetd, and the certificate was created using ssleay's command.
1.Configuration of the CA's certificate.Firstly, move the CA's certificate "demo_ca.pem" to usr/local/ssl/certs" . Then, using the following command, hash the "demo_ca.pem" file.2.inetd.conf Configuration
ln -s demo_ca.pem `ssleay x509 -noout -hash < demo_ca.pem`.0Move "demo_sv.pem" and "demo_sv.key" to /usr/local/ssl/certs and /usr/local/ssl/private respectively.3.Restarting inetd
In order for the next command to operate from inetd, edit /etc/inetd.conf.
/usr/local/ssl/bin/telnetd -z secure -z certrequired -z
key=/usr/local/ssl/private/demo_sv.key -z cert=/usr/local/ssl/certs/demo_sv.pem
(in reality it's one line).Send HUP signal to inetd, and restart inetd.The explanation given here of SSLtelnet configuration is strictly only one example.
For further detail, refer to the SSLtelnet documentation.