| |
| |
| .--~~~~~~~~~~~~~------. |
| /--===============------\ |
| | |```````````````| | |
| | | | | |
| | | >_< | | |
| | | | | |
| | |_______________| | |
| | ::::| |
| '=======================' |
| //-"-"-"-"-"-"-"-"-"-"-\\ |
| //_"_"_"_"_"_"_"_"_"_"_"_\\ |
| [-------------------------] |
| \_________________________/ |
| |
| |
| |
| hterm and Secure Shell |
| Frequently Asked Questions |
| |
| Version 0.8.2 |
| August 27, 2012 |
| |
| |
| Hello World. This is the hterm/Secure Shell FAQ. If you have a question that |
| is not answered here, please ask it on the chromium-hterm mailing list located |
| at <http://goo.gl/RYHiK>. |
| |
| |
| > What is "Secure Shell"? |
| |
| Secure Shell is a Chrome Application that combines the "ssh" command (see |
| http://openssh.org/ for details) ported to NativeClient with the "hterm" |
| terminal emulator to provide a secure shell client for the Chrome browser. |
| |
| Secure Shell provides similar functionality to PuTTY on Microsoft Windows(c) |
| systems, and the ssh command-line application on Mac OS X and Linux systems. |
| |
| |
| > What is "hterm"? |
| |
| "HTML Terminal", or hterm, is an xterm-compatible terminal emulator written |
| entirely in JavaScript. |
| |
| It is intended to be fast enough and correct enough to compete with native |
| terminals such as xterm, gnome-terminal, konsole and Terminal.app. |
| |
| hterm is only a terminal emulator. It does not provide SSH access (or any |
| other text-based command) on its own. |
| |
| |
| > How do Secure Shell and hterm relate to the "crosh" (Ctrl-Alt-T) command in |
| Chrome OS? |
| |
| See chromeos-crosh.txt in this directory for the details. |
| |
| TL;DR - Don't use crosh for ssh any more, use the Secure Shell app instead. |
| The crosh shell will use the newer terminal emulator from Secure Shell when |
| possible. |
| |
| |
| > How do hterm and Secure Shell differ from existing web terminals? |
| |
| hterm stands out from many existing web terminals in that it was built from |
| the start to match the performance and correctness of "native" terminals such |
| as xterm and Terminal.app. |
| |
| It can handle large bursts of text quickly, support very large scrollback |
| buffers, and it closely matches xterm's behavior. The keyboard even mostly |
| works. (ha! See the note about how to get Ctrl-W below.) |
| |
| The Secure Shell app is different because it does not require a proxy or |
| relay server to function. Secure Shell can make a direct connection to |
| a standard sshd server on any port of the destination machine. Other |
| web terminals require a proxy server in the middle. In some cases you |
| are even required to hand the proxy your credentials in plain text. |
| |
| |
| > Is my connection proxied in any way? |
| |
| No. By default all connections are made directly to the sshd server on the |
| destination machine. |
| |
| |
| > But, what if I *want* to ssh over HTTP? |
| |
| Secure Shell also knows how to connect to an HTTP-to-ssh relay that was |
| built inside Google. Unfortunately that relay isn't open source, and Google |
| doesn't maintain a public pool of relays. |
| |
| However, you're free to build one that works the same way. There should be |
| enough documentation in nassh_google_relay.js to reverse engineer a |
| compatible relay. |
| |
| If you're interested in writing an alternative relay library, please mention |
| it on the mailing list. |
| |
| |
| > Is my connection really secure? |
| |
| The Secure Shell app uses ssh to manage the encrypted communication channels. |
| This makes it about as secure as any other connection based on the ssh |
| command. |
| |
| It does have the added advantage of running ssh as a sandboxed |
| Native Client plugin, which in theory makes it more secure than an |
| unsandboxed ssh connection. |
| |
| Additionally, the Secure Shell application follows a strict Content Security |
| Policy that does not allow access to the JavaScript 'eval' function. This |
| helps lower the risk that a terminal exploit could run arbitrary JavaScript. |
| |
| |
| > What should I do if I notice a bug? |
| |
| First, please continue reading this FAQ to make sure your issue isn't |
| mentioned. Then check the bug list at <http://goo.gl/hpqWk>. |
| |
| If you don't see the issue there, you can search the archives of the |
| chromium-hterm mailing list here: <http://goo.gl/RYHiK>. |
| |
| If all else fails then join the chromium-hterm mailing list and post |
| about what you've found. |
| |
| If your bug involves some mis-interpreted escape sequence and you want |
| to file a really useful bug report, then add in a recording of the |
| session. For bonus points, track down the troublesome sequence and |
| include the offset into the log file. For more information about how to |
| do this, see the "Debugging escape sequences" section in the hack.txt file |
| in this directory. |
| |
| |
| > Is there a mailing list to discuss hterm or Secure Shell? |
| |
| Yes, the public chromium-hterm mailing list is here: <http://goo.gl/RYHiK>. |
| |
| |
| > Can I connect using a public key pair or certificate? |
| |
| You can import identity files from the connection dialog. Select the |
| "Import..." link to bring up a file picker. |
| |
| You must import two files for each identity. One should be the private key |
| and should not have a file extension. The other should be the public key, |
| and must end in ".pub". For example, "id_rsa" and "id_rsa.pub". |
| |
| If you have a key stored in a single ".pem" file, you must split it into two |
| files before importing. |
| |
| This will import your public/private key files into the HTML5 filesystem |
| associated with Secure Shell. There should be no way for another extension, |
| app, or web page to access this sandboxed filesystem. |
| |
| +-------------------------------------------------------------------------+ |
| | Keep in mind that HTML5 filesystems are relatively new. As always, | |
| | it's possible that there are still exploits to be found or disclosed. | |
| | | |
| | Additionaly, Chrome stores HTML5 filesystems as normal files (with mode | |
| | 600, "-rw-------") under your profile directory. Non-Chrome | |
| | applications on your system may be able to access these files. | |
| | | |
| | For your own good, protect your important private keys with a strong | |
| | passphrase. | |
| +-------------------------------------------------------------------------+ |
| |
| You can also import a traditional ssh 'config' file using this dialog. |
| Nearly anything that ssh might care about from your ~/.ssh directory can go |
| here. |
| |
| See <http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config> for more |
| information about the ssh configuration syntax. Keep in mind that any |
| directives that would require access outside of the NaCl sandbox will not |
| function properly. This includes (but is not limited to) X11 forwarding, |
| syslog functionality, and anything that requires a domain socket. |
| |
| |
| > Can Secure Shell use my ~/.ssh/config file? |
| |
| Probably. It depends on what it does. See the answer to the previous |
| question for more details. |
| |
| |
| > How do I remove a key? |
| |
| From the connection dialog, select an identity from the dropdown and press |
| the DELETE key. This will remove both the private and public key files from |
| the HTML5 filesystem. |
| |
| |
| > How do I remove ALL keys? |
| |
| Open the JavaScript console and type... |
| |
| term_.command.removeDirectory('/.ssh/') |
| |
| This will remove any non-key files you may have uploaded as well. It will |
| *not* affect your preferences. |
| |
| |
| > Does Secure Shell support a keychain of some sort? |
| |
| Sorry, not yet. This is a bit of a technical challenge given the nature |
| of the NaCl sandbox. We have a few options that we're exploring. Feel |
| free to post your ideas to the mailing list. |
| |
| (And yes, we're already considering integrating with the Chrome NSS |
| certificate store.) |
| |
| |
| > Can I use Secure Shell for port forwarding? |
| |
| Yes. Enter your port forwarding options in the "SSH Arguments" field of |
| the connect dialog. The port forward will be active for the duration of |
| the Secure Shell session. |
| |
| |
| > What is the "Terminal Profile" field for? |
| |
| This is the last field in the connect dialog. It allows you to select |
| which set of terminal preferences to use for the connection. |
| |
| If you name a terminal profile that doesn't yet exist, it will be created |
| and all preferences will be set to their default value. Any preference |
| changes will affect the active terminal profile only. |
| |
| For example, enter "light" as the name of a terminal profile for a new |
| connection. Once you've connected, change the color scheme to |
| black-on-white (as described in the FAQ entried below). That change will |
| be associated with the "light" profile, and you'll be able to re-use it for |
| other saved connections. |
| |
| |
| > How do I set terminal preferences? |
| |
| The Secure Shell application does not currently have a preferences page. |
| It's in the works, and will be available before Secure Shell leaves |
| "beta" status. For now, you need to open the JavaScript console to |
| change the user preferences. Sorry about that. |
| |
| In general, you open the JavaScript console and type something like... |
| |
| term_.prefs_.set('pref-name', 'pref-value') |
| |
| Preferences are saved in your local storage, so they're remembered the |
| next time you launch Secure Shell. |
| |
| If you want to check the current value of a preference, type this... |
| |
| term_.prefs_.get('pref-name') |
| |
| To reset a single preference to its default state, type this... |
| |
| term_.prefs_.reset('pref-name') |
| |
| To reset all preferences to their default state, type this... |
| |
| localStorage.clear() |
| |
| Most preference changes take effect immediately, in all open instances of |
| Secure Shell. The exception is the 'environment' setting, which won't |
| take effect until the next time you reconnect. |
| |
| Some common preferences are listed in questions that follow. For the full |
| list, you'll have to read through the "setProfile" function in terminal.js. |
| It's here: <http://goo.gl/FDEXb>, around line 130. |
| |
| |
| > How do I change the audible bell sound? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('audible-bell-sound', 'http://example.com/bell.ogg') |
| |
| Change the example url to point to the sound file you want to use. |
| Unfortunately, local file: urls are not supported at this time. If you |
| want to get fancy you could construct a data: url, but the details of |
| that are beyond the scope of this FAQ. |
| |
| |
| > How do I disable the audible bell? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('audible-bell-sound', '') |
| |
| |
| > How do I change the color scheme? |
| |
| You can change the foreground, background or cursor color preferences from |
| the JavaScript console like this... |
| |
| term_.prefs_.set('background-color', 'wheat') |
| term_.prefs_.set('foreground-color', '#533300') |
| term_.prefs_.set('cursor-color', 'rgba(100, 100, 10, 0.5)') |
| |
| You can use any valid CSS color value for any of these colors. You need |
| to use a semi-transparent color (the fourth parameter in the rgba value) |
| for the cursor if you want to be able to see the character behind it. |
| |
| |
| > How do I change the font face? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('font-family', 'Lucida Console') |
| |
| Replace 'Lucida Console' with your favorite monospace font. |
| |
| Keep in mind that some fonts, especially on Mac OS X systems, have bold |
| characters that are larger than the non-bold version. hterm will print a |
| warning to the JS console if it detects that you've selected a font like |
| this. It will also disable "real" bold characters, using only bright |
| colors to indicate bold. |
| |
| |
| > How do I change the default font size? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('font-size', 15) |
| |
| Replace 15 with your desired font size in pixels. 15 is the default, so |
| you'll have to pick a different number to have any effect at all. |
| |
| |
| > Can I quickly make temporarily changes to the font size? |
| |
| Yes. The Ctrl-Plus, Ctrl-Minus and Ctrl-Zero keys can increase, decrease, |
| or reset the current font size. This zoomed size is not remembered the |
| next time you start hterm. See the previous question if you want something |
| that will stick. |
| |
| It's useful to know that hterm has to handle font zooming on its own. |
| Without interference from the browser's built-in zoom function. |
| |
| The browser zoom introduces rounding errors in pixel measurements that |
| make it difficult (maybe impossible) for hterm to accurately position the |
| cursor on the screen. (It could do a little better than it does but |
| probably not enough to be worth the effort.) |
| |
| To mitigate this, hterm will display a warning message when your browser |
| zoom is not 100%. In this mode the Ctrl-Plus, Ctrl-Minus and Ctrl-Zero |
| keys are passed directly to the browser. Just press Ctrl-Zero to reset your |
| zoom and dismiss the warning. |
| |
| hterm should start handling Ctrl-Plus, Ctrl-Minus and Ctrl-Zero on its |
| own once your zoom setting is fixed. |
| |
| |
| > Why do I get a warning about my browser zoom? |
| |
| Because hterm requires you to set your browser to 100%, or 1:1 zoom. |
| Try Ctrl-Zero or the Wrench->Zoom menu to reset your browser zoom. The |
| warning should go away after you correct the zoom level. |
| |
| See the previous question for more information. |
| |
| |
| > How do I disable anti-aliasing? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('font-smoothing', 'none') |
| |
| This directly modifies the '-webkit-font-smoothing' CSS property for the |
| terminal. As such, 'none', 'antialiased', and 'subpixel-antialiased' are |
| all valid values. |
| |
| The default setting is 'antialiased'. |
| |
| |
| > How do I make the cursor blink? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('cursor-blink', true) |
| |
| Notice that true is NOT in quotes. This is especially important if you try |
| to turn blinking back off, with... |
| |
| term_.prefs_.set('cursor-blink', false) |
| |
| or you could just revert to the default value of false with... |
| |
| term_.prefs_.reset('cursor-blink') |
| |
| |
| > Why does hterm ignore the cursor blink escape sequence? |
| |
| Most terminals ignore attempts by the host to change the blink-state of the |
| cursor. This lets you choose between a blink/steady cursor via the |
| cursor-blink preference, without having the host change your setting. |
| |
| By default, hterm also ignores this escape sequence. To enable it, set the |
| 'enable-dec12' preference to true. |
| |
| term_.prefs_.set('enable-dec12', true) |
| |
| > How do I change the TERM environment variable? |
| |
| Open the JavaScript console and type... |
| |
| term_.prefs_.set('environment', {TERM: 'hterm'}) |
| |
| Notice that only 'hterm' is quoted, not the entire value. You can replace |
| 'hterm' with whichever value you prefer. |
| |
| The default TERM value is 'xterm-256color'. If you prefer to simulate a |
| 16 color xterm, try setting TERM to 'xterm'. |
| |
| You will have to reconnect for this setting to take effect. |
| |
| |
| > How do I enter accented characters? |
| |
| That depends on your platform and which accented characters you want to |
| enter. |
| |
| In xterm, you could use Alt-plus-a-letter-or-number to select from the |
| upper 128 characters. The palette of 128 characters was "hardcoded" and |
| not dependent on your keyboard locale. You can set hterm to do the same |
| thing by opening the JavaScript console and typing... |
| |
| term_.prefs_.set('alt-sends-what', '8-bit') |
| |
| However, if you are on Mac OS X and you prefer that Alt sends a character |
| based on your keyboard locale, try this instead... |
| |
| term_.prefs_.set('alt-sends-what', 'browser-key') |
| |
| Note that composed characters (those that require multiple keystrokes) are |
| not currently supported by this mode. |
| |
| If you are running Chrome OS on a Chromebook you can select your keyboard |
| locale from the system settings and just use the Right-Alt (the small one, |
| on the right) to enter accented characters. No need to change the |
| 'alt-sends-what' preference at all. |
| |
| The default value for 'alt-sends-what' is 'escape'. This makes Alt work |
| mostly like a traditional Meta key. |
| |
| If you really, really want Alt to be an alias for the Meta key in every |
| sense, use... |
| |
| term_.prefs_.set('alt-is-meta', true) |
| |
| |
| > How do I make backspace send ^H? |
| |
| By default, hterm sends a delete (DEL, '\x7f') character for the |
| backspace key. Sounds crazy, but it tends to be the right thing for |
| most people. If you'd prefer it send the backspace (BS, '\x08', aka ^H) |
| character, then open the JavaScript console and type... |
| |
| term_.prefs_.set('backspace-sends-backspace', true) |
| |
| |
| > How do I remove a known host fingerprint (aka known_hosts) entry? |
| |
| If you know the index of the offending host entry (it's usually reported |
| by ssh if the connection fails) you can open the JavaScript console and |
| type... |
| |
| term_.command.removeKnownHostByIndex(index) |
| |
| Replace index with the numeric, one-based host index. |
| |
| If you don't know the index, or you'd like to clear all known hosts, |
| type... |
| |
| term_.command.removeAllKnownHosts() |
| |
| |
| > How do I send Ctrl-W, Ctrl-N or Ctrl-T to the terminal? |
| |
| Chrome blocks tab contents from getting access to these (and a few other) |
| keys. You can open Secure Shell in a dedicated window to get around |
| this limitation. Just right-click on the Secure Shell icon and enable |
| "Open as Window". |
| |
| After that, any time you launch Secure Shell it will open in a new window |
| and respond properly to these accelerator keys. |
| |
| Note that the "Open as Window" option is not available on the Mac. However, |
| Mac keyboards typically have distinct Control, Alt, and Command keys, so it's |
| less of an issue on that platform. Secure Shell cannot treat Command as |
| Control or Meta, but there are some third party keyboard utilities that may |
| provide a solution. |
| |
| |
| > How do I copy text from the terminal? |
| |
| By default, Secure Shell automatically copies your active selection to the |
| clipboard. |
| |
| You can disable this by setting the 'copy-on-select' preference to false. |
| If you disable it you'll need to use one of the following key sequences |
| to copy to the clipboard... |
| |
| * Under Mac OS X the normal Command-C sequence works. |
| |
| * On other platforms Ctrl-C will perform a Copy only when text is selected. |
| When there is no current selection Ctrl-C will send a "^C" to the host. |
| |
| Note that after copying text to the clipboard the active selection will be |
| cleared. If you happen to have text selected but want to send "^C", |
| just hit Ctrl-C twice. |
| |
| * Under all platforms you can also use the "Copy" command from the Wrench |
| menu, when running Secure Shell in a browser tab. |
| |
| |
| > How do I paste text to the terminal? |
| |
| By default, Shift-Insert pastes the clipboard on all platforms. If you'd |
| prefer to be able to send Shift-Insert to the host, set the |
| 'shift-insert-paste' preference to false. |
| |
| Also... |
| |
| * Under Mac OS X the normal Command-V sequence can be used to paste from |
| the clipboard. |
| |
| * On other platforms use Ctrl-Shift-V to paste from the clipboard. |
| |
| * Under X11, you can use middle-mouse-click to paste from the X clipboard. |
| |
| * Under all platforms you can also use the "Paste" command from the Wrench |
| menu. |
| |
| |
| > Why does the cursor blink in emacs? |
| |
| This answer only applies if you've set the 'enable-dec12' preference to true. |
| |
| Do you normally use Terminal.app or xterm? Those terminals (and many others) |
| ignore the "ESC [ ? 12 h" and "ESC [ ? 12 l" sequences (DEC Private Mode 12). |
| Emacs uses these sequences (on purpose) to enable and disable cursor blink. |
| |
| If you prefer a steady cursor in emacs, set visible-cursor to nil as |
| described in <http://goo.gl/i9THb>. |
| |
| |
| > Why does the color scheme look funny in emacs/vi/vim? |
| |
| hterm's default value for the TERM environment variable is |
| 'xterm-256color'. This causes emacs, vi, and some other programs to |
| use a different color palette than when TERM='xterm'. |
| |
| You may notice these programs use a font color that is difficult to read |
| over a dark background (such as dark blue). |
| |
| You can fix vi with ':set bg=dark'. Emacs can be started in "reverse |
| video" mode with 'emacs -rv'. |
| |
| If you just want your old 16 color palette back, open the JavaScript |
| console and type... |
| |
| term_.prefs_.set('environment', {TERM: 'xterm'}) |
| |
| Then restart Secure Shell. |
| |
| |
| > Can I use my mouse with Secure Shell? |
| |
| Sort of. Both emacs and vi have mouse modes that are compatible with Secure |
| Shell. |
| |
| In emacs, use `M-x xterm-mouse-mode` and `M-x mouse-wheel-mode`. This will |
| allow you to position the cursor with a mouse click, and use the wheel |
| (or two-finger scroll) to scroll the buffer. |
| |
| In vi, use ":set mouse=a" to enable mouse mode. Vi's mouse mode is slightly |
| different from emacs in that it manages your text selection. Some people |
| prefer this, others may go crazy. |
| |
| A quick way to get your native selection back is to set the |
| 'mouse-cell-motion-trick' to true. This will make vi's mouse support |
| essentially the same as emacs. |
| |
| With the cell motion trick enabled, you lose the ability to select more |
| than one screenful of text with the mouse. Instead of using this trick, |
| you may want to script vi so that it sends the current selection to |
| Secure Shell to be copied to the system clipboard. See the next question |
| for some more information on this. |
| |
| |
| > Does hterm support the "OSC 52", aka "clipboard operations" sequence? |
| |
| Clipboard writing is allowed by default, but you can disable it if you're |
| paranoid. Set the 'enable-clipboard-write' preference to false to disable |
| the control sequence. |
| |
| Clipboard read is not implemented. Reading is a security hole you probably |
| didn't want anyway. |
| |
| Clipboard writes are triggered by an escape sequence from the host. Here's |
| an example... |
| |
| $ echo -e "\x1b]52;c;Y29weXBhc3RhIQ==\x07" |
| |
| The sequence "\x1b]52;" identifies this as a clipboard operation. The "c;" |
| option selects the system clipboard. "Y29weXBhc3RhIQ==" is the base64 encoded |
| value to place on the clipboard, in this case it's the string "copypasta!". |
| Finally, "\x07" terminates the sequence. |
| |
| If you execute this command when 'enable-clipboard-write' on you should see |
| the "Selection Copied" message appear in the terminal, and your system |
| clipboard should contain the text, "copypasta!". |
| |
| Note that the specification for OSC 52 mentions destinations other than |
| the "c;" system clipboard. Hterm treats them all as the system clipboard. |
| |
| |
| > Can I synchronize my emacs selection with the system clipboard? |
| |
| Yes, as long as you're not using tmux. See ../etc/osc52.el (also, |
| <http://goo.gl/5vWiS>) for the details. |
| |
| |
| > Is there a way to try early releases of Secure Shell? |
| |
| Yes. First, you need to subscribe to the mailing list mentioned above. |
| Subscribers have access to the "Dev" version in the Chrome Web Store, which |
| is located here: <http://goo.gl/cFZlv>. |
| |
| Please keep in mind that the Dev version has gone through significantly less |
| testing than the Beta. Fortunately, you can install both and switch back |
| to Beta if you have trouble with Dev. |
| |
| |
| > Where is the source code? |
| |
| The hterm source is here: <http://goo.gl/EqrV0>. This includes the |
| front-end code for Secure Shell. |
| |
| The Native Client wrapper around ssh is here: <http://goo.gl/760JC>. |
| |
| |
| > Is there a change log? |
| |
| Yes. Look under the doc/ directory of the hterm source. |
| |
| There are two change logs. One shows changes to the development version |
| of Secure Shell. The other shows stable releases. |
| |
| In general, the dev series of the form 0.X.Y.Z becomes the stable |
| version 0.X.Y. So SecureShell-dev-0.7.2.0, 0.7.2.1 and 0.7.2.2 all lead up |
| to SecureShell-0.7.2. |
| |
| |
| > What if I want to make changes to the source? |
| |
| Read the hack.txt file in this directory. |