File Release Notes and Changelog
Release Name: 0.85
Notes:
Compiling GSI-SSHTerminal
-------------------------
In all cases you must set your $JAVA_HOME correctly to the installation
directory of your Java installation. Your Java installation must be Java
SDK 1.5 or greater.
The GSI-SSHTerminal is compiled through the use of the "make" script, in the
sshtools directory run:
Linux
./make.sh
Windows
make.bat
this will create the GSI-SSHTerminal application in
"release/GSI-SSHTerm-<version>" and this can be run using the following:
Linux
cd release/GSI-SSHTerm-<version>/bin
./sshterm.sh
Windows:
cd release/GSI-SSHTerm-<version>/bin
sshterm.bat
To additionally compile the applet version and associated web pages use the
command (the webpages are highly customised for the NGS webserver and will need
editing before the webpaes are useful):
Linux:
./make.sh all
Windows XP:
make.bat all
To compile in other Windows environments change the os="Windows XP" entry
at about line 191 of build.xml, to the OS name returned by the os.name Java
property on your machine.
This requires you to setup the file password.properties in the base directory
of the sshtools source, it should contain the following lines:
keystore=/home/xxx/.keystore
keystore.alias=theSigningCertificateKeyAlias
keystore.pass=aLongPrivateKeyPassphrase
Note that it is suggested that the certificate and private key (in a java
keystore) that is pointed to by the password.properties file is issued by a
certification authority that the user is likely to already trust and has a
subject name that describes you or your organisation. Please be careful about
the security of the Java keystore and the password.properties file. This
certificate should explicitly have "Object Signing" set in the X509v3
extensions.
This will compile the applet version and webpages to release/applet.
Configuration
=============
Kerberos support (compile time):
--------------------------------
In the build.properties file there are two options for option.flags:
option.flags=
Compile without Kerberos support
option.flags=-kerberos
Compile with Kerberos support
Defaults:
---------
At compile-time the file res/common/default.properties is included in in the
distribution and this is read first (if it exists), then the user' preferences
file (~/.sshterm/GSI-SSHTerm.properties), which can over-ride those in the
res/common/default.properties file.
These files are standard Java properties files. The following options are
useful (with the example of the compiled in default where no settings in
either file exists!):
Default MyProxy server (ignored when Kerberos support compiled in):
sshterm.myproxy.defaults.hostname=myproxy.grid-support.ac.uk
MyProxy port (not configurable in GUI):
sshterm.myproxy.defaults.port=7512
Kerberos-enabled MyProxy server hostname:
sshterm.krb5myproxy.hostname=myproxy-sso.grid-support.ac.uk
Kerberos-enabled MyProxy server port (not configurable in GUI):
sshterm.krb5myproxy.port=7513
Kerberos KDC:
sshterm.krb5myproxy.kdc=<value of $USERDNSDOMAIN>
Kerberos Realm:
sshterm.krb5myproxy.realm=<value of $USERDNSDOMAIN>
Proxy saving: this setting sets whether proxies created from Grid
credentials are saved into the defualt proxy location for future use:
sshterm.proxy.save=false
Default connection ports: there are two configuration options here:
sshterm.simple.connection.port=2222
Sets the port that is used in the quick connection
dialog box, and the first ever port value in the
advanced connection dialog box.
apps.connection.lastPort=2222 (user's preferences)
This is the last port number entered by the user in the
advanced dialog box. It is overwritten by the terminal
(application only) each time it is shut down. It is
NOT used in the simple connectiondialog box.
Similarly there are last username and last host (apps.connection.lastHost) in
the user's preferences, which is filled in with the last host entered by the
user in both connection dialog boxes.
Although the ~/.sshterm/GSI-SSHTerm.properties is written on exit by the
application version of the terminal, the values of the (sshterm.myproxy.*,
sshterm.krb5myproxy.*, sshterm.proxy.save.* and sshterm.simple.connection.port)
are always preserved.
Note sshterm.krb5myproxy.kdc and sshterm.krb5myproxy.realm have algorithmic
defaults which are calculated in both
src/com/sshtools/j2ssh/authentication/UserGridCredential.java and
src/com/sshtools/common/ui/SshToolsConnectionKerberosTab.java.
Changes:
Change log
==========
Changes by David Spence or Matt Viljoen unless otherwise stated
0.1
-Integrated SSHTerm version 0.2.2 with Jean-Claude's GSI authentication module
0.2
-Upgraded Cog-Kit to 1.2. SSHTools now compilable with JDK1.5
0.3
-Now works with pkcs12 certificates
0.5
-Added other SSHTools programs (SSHVnc, SecureTunneling, ShiFT)
0.6
-Added X Tunneling and Proxy delegation settings along with bug fixes
0.61
-Improvements to GUI especially error handling in MyProxyPrompt.java
-Fixed X Tunneling bug and improvements to GridInitPrompt.java
-More GUI improvements and bug fix for java 1.6 in windows
-Now deletes temporary files (updates jlirc)
0.62
-Check for i386 before loading shared library
-Change of font in windows
0.70 (21/4/06)
-Useful error message when authentication fails due to clock skew
-Access to certificates from Firefox (Linux & Windows), Mozilla (Linux & Windows) and Internet Explorer (Windows)
-Fixed key re-exchange bug (dies after transfering just under 1Gb)
0.71 (05/05/06)
- (04/05/06) Fixed channel opening code to prevent the opening of VNC sessions crashing java+browser.
0.72 (24/05/06)
- (23/05/06) Fixed small bug with the browser certificate code to better support Windows 2000
0.73 (08/06/06)
- (08/06/06) More descriptive error messages when server drops connection, especially during authentication
0.74 (06/07/06)
- (13/06/06) Better loading of shared libraries for Mozilla in Windows
- (06/07/06) Merged in Kerberos-MyProxy code to main tree
- (06/07/06) Fixed tab key in SshVNC
0.75 (09/08/06)
- (09/08/06) Now automatically installs the new UK e-Science CA certificates as well as old ones.
0.76 (01/09/06)
- (01/09/06) Some more descriptive error messages.
- (01/09/06) Fixed a bug concerning the default myproxy server.
0.77 (12/10/06)
- (11/10/06) Changed build script to not require (undocumented) $JAVA_HOME/bin to be in $PATH.
- (11/10/06) Changed to automatically install at run-time all certificates found in res/certificates at build-time.
- (11/10/06) Support for compiling/building under Windows.
- (11/10/06) doc/README file added to explain compiling and compile-time options.
- (11/10/06) Fixed error with bin/sshterm.bat
- (11/10/06) New configuration options read from ~/.sshterm/GSI-SSHTerm.properties (but not written) to set Kerberos Realm and KDC; (Kerberos and normal) MyProxy server hostname and port; and port for use in "Simple Connection Dialog Box".
- (11/10/06) More sensible arrangement of some default settings
0.78 (21/12/06)
- (01/12/06) Seperated out browser support to the libbrowser library. This now does not display expired certificates.
- (18/12/06) Upgraded CoG libraries to version 1.4
- (18/12/06) The type of Grid certificate proxy can now be chosen, legacy proxies are no longer created
- (18/12/06) The lifetime of the proxy created can now be chosen
- (19/12/06) Fixed bug which stopped connection if DISPLAY was incorrectly set (esp. affecting Mac OS X)
0.79 (16/01/07)
- (16/01/07) Update copy of cryptix libraries used to avoid bug in DN parsing
0.80 (08/02/07)
- (18/01/07) Better error reporting with MyProxy errors
- (18/01/07) Updated version of bouncy castle libraries
- (18/01/07) Added default.properties file for easily setting defaults for a deployment
- (18/01/07) Added support for configuring saving of proxies
- (25/01/07) Bug-fix from Terry Fleury for scroll bars in Mac OS X
- (25/01/07) Updated libbrowser supports more Firefox installations
- (30/01/07) Added support to view Grid proxy info and destroy Grid proxies on disk
- (30/01/07) Improved the security of code to save grid proxies
- (30/01/07) Exposed options for saving proxies in connections dialog
- (02/02/07) Bug-fix for disappearing text in Mac OS X from Terry Fleury
- (05/02/07) Now casts the final "null" of a varargs call to the appropriate (Ojbect) or (Class) type (patch from Terry Fleury).
- (05/02/07) Better deletion of temporary files.
- (05/02/07) Saving of user settings in Applet.
- (05/02/07) Check if user wants to delete proxies that have been written to disk
- (05/02/07) Patch from Terry Fleury to enable proxies embeded in web page to be read by the applet
- (07/02/07) More information in About box, including patch from Terry Fleury to put date.
0.81 (15/02/07)
- (15/02/07) Unsigned the puretls-sign.jar
0.82 (05/04/07)
- (12/03/07) Stopped the default.properties being written to the user's properties file
- (12/03/07) Now remembers MyProxy username between sessions
- (12/03/07) Hostname in title bar
- (13/03/07) Changed proxy info type "[not a proxy]" to "end entity certificate"
- (13/03/07) Correctly linked to the main window lots of dialog boxes
- (04/04/07) Correctly report expired certificates
- (04/04/07) Links appear correcly as directories in GSI-SFTP
- (04/04/07) Some shortcut keys sorted. Now new terminal is Alt-G, tunneling is Alt-Z, VNC is Alt-A and SFTP is Alt-B.
- (04/04/07) Alt+key no longer causes accented characters (just short cuts)
- (05/04/07) Any highlighting of text causes a copy
- (05/04/07) Any change to the terminal display causes un-highlighting of the text (except if dragging)
0.83 (16/04/07)
- (11/04/07) More improvements to link handling in SFTP
- (11/04/07) Bug fixes in SFTP (directory copies no longer use cd)
- (11/04/07) Bug fixes in SFTP (File progress dialog works as expected with lots of files)
- (11/04/07) Improvements in error reporting
- (11/04/07) Font improvements in Windows.
- (13/04/07) Bug fixes in SFTP (remove more dependance on local and remote cwd)
- (13/04/07) Bug fixes in SFTP (No longer freezes when nothing to do)
- (13/04/07) Improvements in file transfer dialog box.
0.84 (25/04/07)
- (18/04/07) Fixed more spurious errors in SFTP
- (18/04/07) Display dialog to user when remote side disconnects
- (18/04/07) Fixed some problems with key re-exchange.
- (18/04/07) If there is one browser profile found, or one certificate within that browser profile then these are chosen automatically.
- (23/04/07) Fixed several problems with key re-exchange when using SFTP by processing events (i.e. Mouse-clicks) on a seperate Thread to the AWT-Event threads, this stops deadlocks with the Transport protocol threads when dialog boxes are displayed by this thread.
- (25/04/07) Changed default logging to INFO (to console for applet) now res/log4j.properties read for applet/webstart, res/sshterm.properties for application
0.85 (01/05/07)
- (30/05/07) Better error messages for PKCS 12 errors.
- (31/05/07) Better error messages on unexpected closure of connection.
- (31/05/07) SFTP windows now closed on Socket/IO execption.
- (31/05/07) SFTP: Fixed upload directory errors.
- (01/06/07) Terminal emulation now ignores char 90 (DCS) as a special character... there seems to a bit of an error in some version of man that was causing the terminal to lock (Suse 9.3)
