Running MindTerm as an Applet

Running MindTerm as an Applet
kewords: java, ssh2, mindterm
Mindterm is today probably the most widely spread client that implements the SSH1 and SSH2 protocols written in pure Java.


This document explores some issues which applies when one tries to run MindTerm as an applet.
The applet should be signedThe security model of Java requires applets to be signed if they are going to perform certain operations. Operations which require signing include accessing the local file-system, opening local tcp-ports and connecting to other machines than the applet was downloaded from. If you bought a commercial copy of MindTerm you should receive a signed version of the applet. But if you are using the free version, or have done modifications, you must sign it yourself. Fortunately there are lots of tutorials on the web on how to do this. For example see the list of tutorials at http://mindprod.com/jgloss/signedapplets.html. MindTerm does not yet use any of the never (1.2 or later) security models.
Files needed on the server The security model MindTerm follows requires different files for netscape and ie. The cab file for ie should include the entire contents of the mindterm.jar file.
WebpageTo actually use MindTerm one needs to place it on a webpage. One this page you place code which actually launches the applet. This code may look like this:




The first three lines of this are used to specify the applet files. The Sun Java Plugin will use the ARCHIVE version and the MS Java (which is obsolete) will use the specified cabinet file. After that one can add an arbitrary number of parameters to MindTerm. This example sets 'sepframe' to true (to launch the applet in a separate frame) and enables debugging. For a complete list of parameters see Settings.txt.
The MindTerm applet will always run in the users browser. This means that all network connections created by MindTerm will originate from the users computer. So a site wishing to provide SSH access via MindTerm must both make the applet available via http and open up the ssh port.
Mindterm SettingsThis document lists the different configuration options one may set to configure MindTerm. Settings can be specified on the command-line, stored in a per host file (~/mindterm/HOST.mtp) or specified in the html code used to launch the applet.








Features in MindTerm
MindTerm is an SSH Java library and an SSH client. The library is available for OEM customers to be included in third party applications to enable secure communication. The SSH client is an implementation on top of the SSH library implementing a secure shell client ready to be used by end users.

MindTerm is small, portable and secure. It contains an very powerful and easy to use SSH client that provides advanced features such as tunneling support, GUI-based file transfers as well as support for HTTP and SOCKS proxies. The MindTerm client also includes an integrated terminal emulator. It has the ability to run both as a standalone application and as an applet.
100% Java based
Swing-based GUI for native platform look and feel and AWT-based GUI for wide platform compatibility
Support for SSH-1 & SSH-2 protocols
Support for TCP traffic tunnelling from other applications
Active tunnel display
Integrated, full-featured terminal emulator:
Full clipboard support (edit, copy, paste)
Send text file support
Save to text file support
Terminal types: xterm, linux, scoansi, att6386,sun, aixterm, vt220, vt100, ansi, vt52, xtermcolor, linux-lat, at386, vt320, vt102, Tandem 6530
Terminal color support
Fonts and font size can be changed
Ability to save passwords in encrypted files with a global password protecting all settings
Ability to connect through HTTP & SOCKS proxies. MindTerm can also act as a Socks proxy
Integrated ftp proxy which allows the user to connect with a normal ftp client to an ftp server
Integrated ftp to sftp proxy which allows the user to connect with a normal ftp client to an sftp enabled SSH-2 server
Support for keep-alive packets
Integrated DNS round robin: tries to contact all IP-addresses specified in DNS until the connection succeeds
MindTerm supports password authentication, “keyboard interactive”, public key authentication, host-based authentication and certificates
Zlib LZ77 (RFC-1950/1951) compression to decrease network traffic
Supported Ciphers: AES (128, 192, 256 bits), Blowfish, Twofish, Cast-128, 3DES and Arcfour (RC4)
Key exchange support: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Supported macs: hmac-md5, hmac-sha1, hmac-sha1-96, hmac-md5-96, hmac-ripemd160