Installation instructions are on the main TTSSH page.
When TTSSH is installed and activated, the New Connection dialog box will show three buttons for the "service type": Telnet, SSH and Other. Select SSH.
Once an SSH connection is established, a dialog box will pop up asking for authentication information. This is where you identify yourself to the server. Enter your username, and select one of the authentication methods:
If the server accepts your authentication, your shell session will start. The Teraterm icon changes to a screen with a key under it to let you know when you have a secure connection. If the server rejects you, then you can try again to authenticate some other way (perhaps by sending a different password). Note that you can only specify your user name the first time, and after that it can't be changed --- this is a limitation of the SSH protocol.
You can use the SSH Authentication command on the Setup menu to choose default settings for the authentication dialog. However, you cannot enter a default password; that would be quite insecure and we don't want people to create security problems accidentally.
To protect you from hostile machines pretending to be your server, TTSSH checks the server's "host key" to see if it is correct. To do this, it maintains an "ssh_known_hosts" file containing the host keys of all machines it knows about.
By default, it uses the file "ssh_known_hosts" in the Teraterm directory. Therefore if you have an ssh_known_hosts file that you want to use, copy it into your Teraterm directory and it will be used automatically.
When TTSSH contacts a server that is not mentioned in the known-hosts file, it will display a warning message. You can choose to ignore the warning and continue, or disconnect. If you continue you must be aware that TTSSH was not able to verify the identity of the server machine. If you continue, you can also specify that the key should be saved in the known-hosts file. This will prevent the warning from being displayed again for this server.
When TTSSH contacts a server that gives it a different key to the one mentioned in the known-hosts file, it will display a similar warning message. However, you should be aware that this situation is more serious from a security point of view; either the server's key has changed for a legitimate reason, or some machine is attempting to impersonate the server. Proceed with extreme caution.
In the TTSSH Setup dialog box, accessible from the Setup menu, you can choose which known-hosts file(s) to use. You can specify one file that will be used as the "read-write" file; this file is consulted to check host keys, and if you request to have a host key added, it is added to this file. You can specify additional multiple read-only files that are consulted to check host keys but are never added to. The names of the read-only files must be separated by ';'s. If you leave the read-write file box blank, then host keys cannot be added --- this might be a good idea in some environments.
You can give the command-line option "/ssh" (or "-ssh") to cause SSH to be enabled automatically. This is particularly useful in shortcuts. For example, "ttssh pink-floyd:22 /ssh" starts an SSH connection to pink-floyd. Don't forget to explicitly specify port 22.
You can give the command-line option "/ssh-v" (or "-ssh-v") to make TTSSH dump a log file to TTSSH.LOG. This can help to find problems.
Connection forwarding is available from the command line and through the "SSH Forwrding" command on the Setup menu.
In "Setup/SSH Forwarding", you can configure which forwardings will be performed. There are really three kinds of forwardings:
If you want to use the command line, the command-line options are similar to the Unix "ssh" forwarding options. Instead of "-L port:remotehost:remoteport" use "/ssh-Llocalport:remotehost:remoteport" (no space). Instead of "-R remoteport:localhost:localport" use "/ssh-Rremoteport:localhost:localport" (no space). You can specify multiple ports for forwarding by giving multiple options. You can also use the option "/ssh-X" to request X11 forwarding from the remote server to your local X server.
Security of forwarded connections: Connections to forwarded ports on the local host (i.e. the Windows machine) are rejected unless the connection comes from an IP number that is listed as an IP number of the local host. Therefore a blind spoofing attack is possible, but I don't see how to remove this possibility without disabling forwarding altogether. Connections to forwarded ports on the remote host are not checked by the client; I assume that the server controls access to them. Therefore, only use port forwarding, in particular server-to-client forwarding, if you know what you are doing.
In version 1.5, I introduced an option to allow anyone to connect to forwarded ports. This is VERY STUPID. If you use it you are quite likely to create a gaping wide security hole. It is only accessible by setting the variable "LocalForwardingIdentityCheck" to 0 in the .INI file.
For machines that you log into frequently, it's often convenient to create a shortcut that you can use to start a session --- e.g.
ttssh pink-floyd:22 /sshas mentioned above. Also, you can setup Teraterm and TTSSH differently for each machine by saving settings into different .INI files (using the Save Settings command on the Setup menu), and then using the /f option to load the right settings file:
ttssh pink-floyd:22 /ssh /f=pink-floyd.iniYou can also tell TTSSH to try logging in with your default authentication settings, as follows:
ttssh pink-floyd:22 /ssh /f=pink-floyd.ini /ssh-autologinThis has basically the same effect as automatically pressing "OK" when the Authentication dialog box appears. Note that, to avoid security problems, TTSSH will never store a default password/passphrase for you, so for autologin to work, you will have to set things up so that you don't need a password. This basically means that you need to use RSA authentication with a keyfile that has no passphrase. This is dangerous and I'm not going to explain how to do it; this is for advanced users only.
You can bypass TTSSH.EXE and enable the SSH extension whenever you run Teraterm. To do this, make sure that the environment variable TERATERM_EXTENSIONS is set to 1. You might as well make this change in your user profile, as it will speed up the startup a little bit. To set the environment variable in Windows NT, use the System control panel. In Windows 95, edit AUTOEXEC.BAT and add the line
set TERATERM_EXTENSIONS=1
The About TTSSH dialog box shows you various bits of information about the status of the connection.