C-Kermit 7.0 Case Study #11

[ Previous ] [ Next ] [ Index ] [ C-Kermit Home ] [ Kermit Home ]

Article: 10992 of comp.protocols.kermit.misc
From: fdc@watsun.cc.columbia.edu (Frank da Cruz)
Newsgroups: comp.protocols.kermit.misc
Subject: Case Study #11: C-Kermit Meets SSH
Date: 18 Jan 2000 21:24:36 GMT
Organization: Columbia University

One of the most frequent feature requests for Kermit software in recent years has been for SSH (Secure SHell) connections. Although other security methods including Kerberos, SRP, and SSL/TLS are available in C-Kermit 7.0, we have not been able to add SSH, primarily for licensing and patent reasons.

But with the UNIX version of C-Kermit 7.0 you can make SSH connections anyway. This gives you C-Kermit's file transfer, character-set translation, and scripting capabilities on an SSH connection.

The key is C-Kermit's new PTY command. Pty (pronounced "pity") is the common abbreviation for "pseudoterminal" (or "pseudoteletype"). A pseudoterminal is a virtual (simulated) device that has the characteristics of a real terminal. A Pty is used by UNIX as your controlling terminal when you come in via Telnet, Rlogin, SSH, or other "virtual" means, rather than through a serial port with its "real" terminal driver. The Pty driver mimics what the real terminal driver does on a real terminal.

Ptys are also used by programs like 'expect' that run and interact with other programs. Ptys are used for this rather than simple standard i/o redirection because (a) not all programs use standard i/o; (b) many programs behave differently when their standard i/o is not a terminal; and (c) redirected standard i/o has no associated terminal driver.

Unfortunately the application programming interface (API) for using Ptys is not standardized across Unix versions (let alone between Unix and other operating-system families), so each platform requires custom code. We were able to add Pty control to C-Kermit 7.0 for the following platforms:

It can be added for others too but some degree of work would be required in each case -- maybe a little, maybe a lot.

The Pty interface has many uses. Today we'll talk about SSH since so many people ask about it. Let's begin by making an interactive SSH connection, just as you would with the regular SSH client:

  ssh xyzcorp.com

To make an interactive SSH connection with C-Kermit, simply prefix the command above with "pty" and give it at the C-Kermit> prompt:

  C-Kermit> pty ssh xyzcorp.com

You can escape back to C-Kermit and re-CONNECT in the normal way, but remember that the SSH client is active too; Newline (Return or Enter key) followed by tilde (~) is the SSH escape sequence, which you can read about in "man ssh".

Once you have a terminal connection, can it be used to transfer files? Yes, but first you'll need disable control-character unprefixing because the Pty driver can "do things" to control characters (and also to prevent sending the SSH escape sequence in a packet). Luckily, Kermit protocol is well-suited to such interference. Before initiating a file transfer, just tell the file sender to:

  set prefixing all

That should be all you need (in fact, you don't have to prefix every control character, but the fine tuning is up to you). Assuming you have fast Kermit protocol settings (which C-Kermit 7.0 uses by default), performance is limited by network and/or the underlying pty driver -- some are fast, some aren't.

Scripting SSH connections is easy too. As you might recall, a Kermit script uses SET HOST instead of TELNET and it uses INPUT and OUTPUT commands in place of CONNECT and your eyes and fingers. The PTY command is like the TELNET command; it makes the connection and then goes into CONNECT (online interactive terminal) mode. To open an SSH connection without entering CONNECT mode, use:

  set host /pty ssh xyzcorp.com

and then write the rest of your script in the normal manner, except with caution regarding the ssh client's escape sequence. Note the new /PTY switch on the SET HOST command; type "set host ?" at the C-Kermit> prompt to see other new switches, and "help set host" to learn more about them.

For complete details on C-Kermit 7.0's Pty interface, read Section 2.7 of the C-Kermit 7.0 Update Notes. For more about why SSH is not included directly in C-Kermit, see the C-Kermit FAQ.

If you're a programmer and want to add Pty support for a platform not listed above, let me know.

Finally, here's an exercise for the interested reader: rewrite this article under the new title, C-Kermit Meets Tn3270.

- Frank

UPDATE (July 2001): C-Kermit 8.0 adds an SSH command, which is equivalent to "pty ssh -e none". All known UNIX ssh programs support the "-e none" (= "no escape character") switch, which, according to "man ssh", makes the connection totally transparent, and therefore "set prefixing all" should be unnecessary (although "set prefixing cautious" might be).

[ Top ] [ Previous ] [ Next ] [ Index ] [ C-Kermit Home ] [ Kermit Home ]


C-Kermit 7.0 / Columbia University / kermit@kermitproject.org / 18 Jan 2000 - 12 Jul 2001