Today it is advicable to use secure communications as public networks, like the Internet are not secure. The secure shell (SSH
) plugin provides an easy to use but secure way to log into a remote host. To use this plugin make sure your remote host has a secure shell server running. It may be used as a replacement for the Plugin Telnet
, which does no encryption!This implementation of SSH provides IDEA, Blowfish and RSA/PKCS#1 encryption and was originally written in 1998 by Cedric Gourio. He used a part of the old Telnet Applet to write his SSH for Java client and so the code was similar to our old applet.
There are other implementations of ssh for Java available, but those packages implement the whole ssh protocol and all features which makes the packages very big. We tried to keep our implementation to a minimum for easier download.
You can configure the plugin using the following properties:
Important Security Note:
|SSH.user||A user id to be used to log into the remote host. This may be used to set a default value for the login field.|
|SSH.password||The password associated with the user id. DO NOT USE THIS BECAUSE IT CAN BE SEEN BY ANY USER ON THE WEB!|
The applet is suspectible to the man-in-the-middle attacks
published by Security Portal
. We cannot avoid this
. We can't even use the RSA based host authorization, since the applet itself is downloaded from the remote host, may not keep local state and might be modified by the man-in-the-middle.
The only way to guard against applet modification would be having it signed with a trust certificate. This is too expensive both money- and timewise for us.
So there is encryption, but it only guards against normal packetsniffing attacks.