Casio Naurtech CETerm Ver.5.5 User Manual User Manual
Page 45
N
AURTECH
E
MULATORS
&
W
EB
B
ROWSER FOR
W
INDOWS
CE
/
W
INDOWS
M
OBILE
CETerm | CE3270 | CE5250 | CEVT220
Page 45
Omit Session data from Log:
When checked, all ‗session data‘ is omitted; this
is defined as data in terminal sessions and in forwarded channels (TCP, X11,
and authentication agent). This will usually substantially reduce the size of the
resulting log file. This option is Off by default.
NOTE: Not all SSH servers work properly. Various existing servers have bugs in
them, which can make it impossible for a client like CETerm to talk to them
unless it knows about the bug and works around it. Since most servers announce
their software version number at the beginning of the SSH connection, CETerm
will attempt to detect which bugs it can expect to see in the server and
automatically enable workarounds.
The following configuration options are provided to navigate around these known
bugs in the various SSH server implementations.
Bug
– SSH-1 Ignore: Within the SSH-1 protocol, the client or server can send an
―ignore message‖ at any time. Either side is required to ignore the message
whenever it receives it. Within CETerm, this capability is used to hide the
password packet in SSH-1, so that a listener cannot tell the length of the user's
password. CETerm also uses ―ignores messages‖ for application level
keepalives. Certain SSH-
1 servers lock up in using ―ignore messages‖.
If this option is not enabled, CETerm will assume that the SSH-1server does not
have this bug.
If this option is enabled, CETerm session connection will succeed, but keepalives
will not work and the session might be more vulnerable to eavesdroppers than it
could be.
If the option is auto-sensed, CETerm will detect the b
ug and stop using ―ignore
messages‖. The default option is Auto-Sense.
Bug
– SSH-1 Password Hiding: When talking to an SSH-1 server which cannot
deal with ignore messages, CETerm will attempt to disguise the length of the
user's password by sending additional padding within the password packet. This
is technically a violation of the SSH-1 specification, and so CETerm will only do it
when it cannot use standards-compliant ignore messages as camouflage. In this
sense, for a server to refuse to accept a padded password packet is not really a
bug, but it does make life inconvenient if the server can also not handle ignore
messages.
If this ‗bug‘ is auto-sensed, CETerm will have no choice but to send the user's
password with no form of camouflage, so that an eavesdropping user will be
easily able to find out the exact length of the password. If this is enabled when
talking to a correct server, the session will succeed, but will be more vulnerable
to eavesdroppers than it could be.
This option only applies to SSH-1 servers. The default option is Auto-Sense.
Bug
– SSH-1 RSA Auth: Some SSH-1 servers cannot deal with RSA
authentication messages at all. If Pageant is running and contains any SSH-1