1. Introduction
This document describes PockeTTY® from DejaVu Software, Inc., a terminal emulator for Windows CE devices. With PockeTTY, you can make a secure connection to a remote server through SSH or SSL, establish a simple Telnet session, or communicate directly over a serial connection with any capable device.
PockeTTY contains cryptographic algorithms that have certain legal restrictions. See Legal Information About Cryptography for important information.
1.1. Shareware Information
Like all DejaVu Software products, PockeTTY is distributed as "shareware". This means that you can try out PockeTTY for free, right on your device, before you decide to buy a registration code.
An unregistered version of PockeTTY provides all of the features of the registered version, except that connection times are limited to five minutes. After five minutes any open sessions will be automatically disconnected and the program will close. To continue using PockeTTY, just re-open the program and establish a new connection.
1.2. Acknowledgements
We'd like to thank John Heron for suggesting the name "PockeTTY".
2. Session Management
When you first start up PockeTTY, you will see a welcome screen like this:
For a description of the menu options, see Appendix B.
Each connection between PockeTTY and another server or device is managed in a "session". You will use the Session menu to open a new connection, disconnect an open connection, and switch between sessions.
Some types of connections provide a terminal interface which allows you to type commands and see their results. Other types of connections operate at the networking layer, and therefore do not provide a terminal interface. Regardless of the interface, all connections have an associated session, which is listed in the Session menu.
2.1. Lingering Sessions
When a session is disconnected it "lingers" since if, for example, your connection was closed by the remote server, you might want to see any messages the server may have sent before it closed the connection. All lingering sessions are removed when you choose to make a new connection, so you don't need to worry about old sessions "piling up".
2.2. Making a New Connection
To make a new connection, choose Connect from the Session menu. You will see a window like this:
To make a new connection, choose one of the options above the line. You will need to set parameters specific to the connection type you chose. The next time you choose that option the basic connection parameters that you used last time will appear, but settings not on the initial screen (such as terminal settings or port forwards) will not be remembered.
Once you have made a connection you can save your session settings. Any session settings saved in your My Documents folder will be shown as options below the line. Choosing one of these will bypass the parameters window and attempt to connect immediately. Saved sessions can also be opened using Open Session under the File menu.
2.3. Disconnecting a Session
Usually there is a way to close a connection ("disconnect") from within the connection itself. For example, when logged into a remote server via SSH, issuing a "logout" command will usually cause the server to close the connection from its end. This is often the best way to disconnect a session, since it gives the server a chance to close the connection cleanly.
However, some types of connections do not provide a terminal interface. Other connections may need to be forcibly disconnected sometimes. To disconnect any session, simply choose Disconnect from the Session menu. The connection will close, but the session will linger until a new connection is made.
2.4. Switching Between Sessions
While PockeTTY allows you to have multiple sessions open at once, it only shows one session at a time. All of your open sessions, whether connected or lingering, are listed in the Session menu. Lingering sessions are indicated by parentheses around the session name. You can switch to another session by choosing a session from the list, or by using the Next Session option to cycle through your sessions.
2.5. Saving Session Settings
Often you'll want to connect to the same server or device over and over, and you'll want to use the same settings each time. You can make this process easier by saving your session settings and re-using them each time you want to connect. Once you're connected, choose Save Session under the File menu. This will save all of your settings for the current session, both the connection settings and the terminal settings (if any), under a name you choose. Then the next time you make a new connection, you'll be able to choose these settings from the list of connection options.
Sessions are saved on your device in the My Documents folder with an extension of .PTY. You may move them to subfolders of My Documents if you wish, PockeTTY will still find them. If you open one of your saved sessions from the File Explorer, PockeTTY will attempt to establish a new connection with those settings. PockeTTY also stores files in My Documents whose names begin with "DEFAULT", for its own use.
2.6. Deleting Session Settings
If you have session settings saved that you no longer use, you can delete them to free up space. While on the connection list, just select the saved settings and tap the Delete button. You can also remove saved settings through the File Explorer by deleting the appropriate file from My Documents.
3. Connection Types
PockeTTY can connect to a remote server using SSH (1 or 2), SSL, or Telnet. It can also communicate directly to any serial device connected to your Windows CE device. This section describes the differences between these types of connections.
3.1. Secure Connections
SSH and SSL-based connections are considered to be "secure" because all communication between your device and the remote server is encrypted before it's sent. That way if anyone intercepts the communication they won't be able to interpret the contents.
3.1.1. Host Keys and Fingerprints
As part of the SSH protocol, each server you connect to presents PockeTTY with a "host key", which uniquely (and securely) identifies that machine. The first time you connect to a server PockeTTY will ask if you want to save the machine's host key in your device's registry for later reference. This is so that next time you connect PockeTTY can check that the host key matches, ensuring that you're connecting to the correct machine.
3.1.2. Accepting or Rejecting Host Keys
One way that people can steal your information is by doing what's known as a "man in the middle" attack. Someone can set up a server that pretends to be whatever server you're trying to connect to. This server "in the middle" will pass everything you send through to the real server, and pass all of the real server's responses back to you, but it can see everything that goes through.
If you connect to a server that's undergoing a man in the middle attack, PockeTTY will receive the host key of the machine in the middle, rather than the real machine's host key. You need to be sure that the server is safe before you tell PockeTTY to accept and save a host key. Unfortunately there's almost no way to be absolutely sure that a host key that PockeTTY receives is the real one. You need to make the decision to accept a host key based on how much you trust the security of the server.
Occasionally PockeTTY will discover that the host key for a server you're connecting to has changed. Usually host keys change for a legitimate reason, like the operating system of the server has been upgraded, the physical machine has been replaced, or multiple machines are responding to the same server name. But sometimes they change because the server is undergoing a man in the middle attack. PockeTTY will notify you when a host key has changed, and ask if you want to accept the new host key. Again you must decide based on your trust of the security of the server.
3.1.3. Host Key Management
The host keys that you accept are stored by PockeTTY in the registry for later use. You can view this list using Host Key Manager under the Edit menu. You'll see a screen like this:
The host keys are organized by the type of SSH or SSL protocol. When you choose one you see a list of the keys of that type, which includes the name of the host the key came from and the key's fingerprint.
You can delete a key by highlighting it an tapping the Delete button. You can export a key to a file using the Export button. To import a key into the registry from a file, tap the Import key. All of these functions are also available from a tap-and-hold pop-up menu.
3.1.4. Legal Information About Cryptography
Since PockeTTY was developed in the United States, it is subject to the U.S. laws regarding exporting of encryption software. DejaVu Software, Inc. takes every reasonable measure to ensure that we are in compliance with the regulations as set forth by the BIS.
PockeTTY is classified as a retail 5D002.c.1 commodity, and is exported under license exception ENC. This means that current U.S. laws permit DejaVu Software, Inc. to export PockeTTY to any user outside of the countries listed in Country Group E:1 in Supplement 1 to part 740 of the Export Administration Regulations.
However, certain countries have laws governing the ownership and use of cryptographic software. Check with your local law enforcement agency before downloading and using this software.
3.2. SSH 1
The SSH 1 protocol is an encrypted protocol primarily for logging in to Unix servers or network routers. It is particularly useful for remote systems administration. This protocol has been superseded by the SSH 2 protocol. Even though SSH 2 is more secure than SSH 1, some hosts may not support SSH 2, and connections may take longer to establish using SSH 2. This is the main configuration dialog for an SSH 1 connection:
Here you enter your hostname and username (you'll be prompted for your password later). You may also specify the port number to which PockeTTY should connect. Servers usually listen for SSH connections on port 22, so you shouldn't have to change the default. You can configure your terminal settings by pressing the Terminal button. The other settings on this dialog are described below.
3.2.1. Ciphers
An SSH 1 connection can use one of several different encryption methods (called "ciphers"). When you configure an SSH 1 connection you choose to use either a DES, 3DES, or Blowfish cipher. The cipher you choose must be supported by the server to which you're connecting.
3.2.2. CRC Checking
Every packet of data sent over an SSH 1 connection has a "checksum" value associated with it. As an extra security measure, PockeTTY can verify the checksum for each packet. This is called CRC checking, and you have the option of turning it off to increase the speed of the connection.
3.2.3. Port Forwarding
With SSH you can send insecure traffic over SSH's secure connection, through "port forwarding" or "tunneling". Establishing a forward makes a connection between a port you choose on your local device and a port on a remote server. Any data that a program on your device sends to your local port get forwarded to the remote port, and are handled by whatever is listening to that port on the remote server. Any data sent back are forwarded to your device's port.
The data are forwarded back and forth over your SSH connection, which means they're encrypted. As soon as you establish the SSH connection, traffic can flow over the forwarded port. Note that the servser to which you log in using SSH need not be the same as the server whose port is being forwarded. If they're different servers, the login server will connect (through an insecure, cleartext connection) to the forwarding server to pass the traffic along.
For example, suppose you want to use Inbox on your PocketPC through a secure connection. You'll need to set up a few port forwards to accomplish this (PockeTTY allows you to set up multiple forwards in a single connection). Here are the forwards you might need to configure:
| Port Forwards | Setting Up a Forward |
|---|---|
 |
 |
- Inbox sends outgoing mail through an SMTP connection, so you need to forward port 25 (the standard SMTP port) on your local device to port 25 of your mailserver, which might be called smtp.dejavusoftware.com.
- Inbox receives incoming mail through IMAP, so forward your device's port 143 (the IMAP port) to port 143 of your IMAP server, called say imap.dejavusoftware.com.
- Inbox can also receive mail through POP, so you should also forward port 110 (the POP port) to port 110 on your POP server, say pop.dejavusoftware.com.
- Now you're ready to log in. You'll need to log into a server that can connect to each of these remote servers, say dejavusoftware.com. Then as soon as Inbox sends outgoing mail to your PocketPC's port 25, PockeTTY will send it (over your secure SSH connection) to dejavusoftware.com, which will connect to smtp.dejavusoftware.com, and send the mail (cleartext) to its port 25. Communication with the IMAP or POP servers works similarly. A diagram of the communication process is below.
To set up port forwards tap the Port Forward button. For each one you specify the local port number and the remote host and port number. You can also choose to allow access to your forwarded port(s) from other computers on the network. That is, whenever another machine sends data through your device's port 25 (in the example above), it will go through to the SMTP server's port 25, and vice versa. By default only your device can access its local forwarded port.
3.2.4. Random Fill
PockeTTY can add random "noise" to your SSH connection by "filling up" the data stream with extra packets, about two a second, that look like keystrokes. This noise is ignored by the server and does not affect the integrity of your data at all. Its purpose is to make it harder for someone who intercepts your session to understand what's going on, because it is difficult to separate the noise from the real data. You should be aware though that sending these extra packets will slow down your connection.
3.2.5. Debugging
If you're having a problem with your SSH 1 connection, or you're just the curious type, you can choose to see debugging messages.
3.3. SSH 2
The SSH 2 protocol is the successor to the SSH 1 protocol. Its encryption is more secure than SSH 1, but is usually also slower. The SSH 2 protocol is still in a draft form and may continue to change. The basic configuration dialog for an SSH 2 connection is shown below, along with the advanced settings dialog.
| Basic | Advanced |
|---|---|
 |
 |
On the basic dialog you enter your hostname and username. You may also specify the port number to which PockeTTY should connect. Servers usually listen for SSH connections on port 22, so you shouldn't have to change the default. You can configure your terminal settings by pressing the Terminal button. The other settings on the basic and advanced dialogs are described below.
3.3.1. Ciphers
An SSH 2 connection can negotiate what kind of encryption method (called a "cipher") it will use. You decide which of the ciphers you wish to try, and in what order. To do this, tap the Select Cipher button under the Advanced options.
All available ciphers are initially in the Enabled list, and are tried in the order they appear. To move a cipher up or down in the list, tap it and press the up or down arrow on the right. To disable a cipher so that it is not tried at all, tap it and press the left arrow to move it to the Disabled list. To enable a previously disabled cipher, tap it and press the right arrow.
3.3.2. MACs
MACs are a way that an SSH 2 connection can further check the validity of each packet, similar to CRC checking for SSH 1. PockeTTY supports MD5 and SHA1, and also allows you to turn off authentication by choosing "none". (This latter option is not recommended, but may be useful when the security risk is low and the need for speed is high.)
You bring up the MAC picker by tapping the Select MAC button under the SSH 2 Advanced options. Just as with the cipher picker, you specify an order in which to try the enabled MACs.
3.3.3. Port Forwarding
Port forwarding for SSH 2 works the same as in SSH 1.
3.3.4. Use Compression
When this option is checked PockeTTY will use standard the zlib algorithm to compress the communication stream in (in both directions). This will reduce your bandwidth usage, and may improve performance.
3.3.5. Random Fill
Random fill for SSH 2 works the same as in SSH 1.
3.3.6. User Certificates
You can make an SSH 2 connection using a password, or you can choose to send a certificate to the server. Note that your account on the server must have been configured to permit login using a certificate. PockeTTY currently supports only private DSS certificates in PEM format, either 3DES encrypted or unencrypted. If you log in using an encrypted certificate, you will be prompted for your passphrase. If the certificate is not encrypted, you can log in without entering any passphrase (or password) at all.
To use this feature, you must have a certificate already created. PockeTTY will not generate a certificate for you. Once the certificate is on your device (preferably ending in .pky), select it using the "Cert" picker on the SSH 2 configuration dialog box.
For encrypted certificates you will be prompted for a passphrase. If you cancel out of this, or if there is some problem using the certificate, PockeTTY will revert to password authentication.
3.3.7. Host Key Verification
At the beginning of an SSH 2 connection there is an exchange of keys between your device and the server. You can choose which type of key PockeTTY should verify by tapping the Select Host Key button under the Advanced options.
With this picker, similar to the cipher picker, you can use either RSA or DSS, or choose to fall back to one if the other fails.
3.3.8. Security Level
The exchange and verification of keys is a very computationally-intensive process. Since some handheld devices can be slow, PockeTTY provides a way of reducing the connection time at the expense of a small reduction in security. The security level slider under the Advanced options defaults to the "Better security" end, where PockeTTY can generate large keys that may take a long time to compute. Moving the slider towards the "Faster connection" end reduces the size of the keys generated, thus reducing the amount of work PockeTTY has to do.
[Security note: at its most secure setting, PockeTTY generates 1024-bit random numbers. Encryption experts suggest that the number of bits a client should need to protect the session setup exchange is equal to twice the number of bits required for the encryption key. For example, if using AES256 you need 2 * 256 bits, which is only half of what PockeTTY generates at the "Better Security" setting. In version 2.02 and earlier, this slider generated 512 bits at the "Faster connection" end and 1024 at the "Better Security" end. Starting with version 2.04, the left end of the slider goes down to 256 bits (which should only be used for ciphers other than AES256). And don't worry: PockeTTY will honor the size settings from a 2.02 session save file!]
3.3.9. Debugging
If you're having a problem with your SSH 2 connection, or you're just the curious type, you can choose to see debugging messages.
3.3.10. S/Key
One item that hasn't been covered is S/Key support. S/Key is a basic form of two-factor authentication which some SSH2 servers require. Servers that require S/Key will prompt users with some fairly cryptic information, and will expect the user to type back in the correct response.
While there is no configuration for S/Key, PockeTTY is able to act as an S/Key passphrase generator. If PockeTTY detects that the server is asking for an MD5 S/Key passphrase ("otp md5") then PockeTTY will prompt you for your secret passphrase, and will send the correct S/Key response to the server. This avoids the necessity of typing the S/Key challenge into another program and then typing the response back in to PockeTTY.
3.3.11. SCP
SCP ("Secure CoPy") is an implementation of the Berkeley RCP ("Remote CoPy") protocol over SSH.
This version of PockeTTY has very basic SCP support. When an SSH2 session is connected, two menu items in the "File" menu become active: "Send via SCP" and "Receive via SCP". Note that only files can be sent via PockeTTY's implementation of SCP, not entire directories.
To upload a file from your PDA to the remote system, select "Send via SCP". You will be prompted to pick a file from your device, and some very limited prompts will appear in the terminal window saying that the file is being transferred. When the transfer is complete another notice will appear in your terminal window. There is no other feedback. (We hope to improve this in a future version.)
To download a file from the server to your PDA, select "Receive via SCP". You will have to enter the entire path on the remote server, with slashes and capitals in whatever format the server requires. Note that this is completely unrelated to whatever directory you happen to be in on the server. All downloaded files will be placed either in the same directory with PockeTTY or in the root filesystem depending on what kind of device you're using. (Again, we hope to improve this in a future version.)
As a side note: SCP has no formal definition ("the source code is its definition", according to developers), and has never been an official part of the SSH protocol drafts. SFTP is a different protocol to do the same thing, and is formally defined as part of modern SSH2 draft specifications. Most SSH servers support SCP, but only new SSH servers support SFTP. This version of PockeTTY does not support SFTP, but we are considering it as a future enhancement once it is more widely supported.
3.4. SSL
SSL gives you an encrypted connection to a port on a remote server, and nothing more. The connection is managed in a session so you can send data to the port and see data coming from it, but you won't necessarily be in any sort of shell like you would with SSH (depending on what's listening on the other end). The current version of PockeTTY does not support certificate chain verification for SSL. This means that the channel will be encrypted, but you have no assurance that you are talking to the right server.
This is the configuration dialog for an SSL connection:
When making a new SSL connection, you only need to specify the name of the host and the port number you want to connect to. The default port number is 443, which is the port for https. You can configure your terminal settings by pressing the Terminal button.
3.5. PortForward SSL
PortForward SSL is a way to connect to SSL services from applications that are not SSL-aware (such as the Inbox application on any PocketPC 2002 or previous device). You do this by encrypting the port over which the application communicates. See the discussion of regular port forwards for examples.
This is the configuration dialog for a PortForward SSL connection:
On this dialog you specify the local port number and the remote host and port number. If you're having a problem with your PortForward SSL connection, or you're just the curious type, you can choose to see debugging messages.
3.6. STARTTLS Proxy
STARTTLS is an addition to many other protocols, such as IMAP, POP and SMTP. Some servers require STARTTLS instead of SSL to achieve the same effect. PockeTTY's STARTTLS Proxy is designed to allow applications that speak IMAP, POP and SMTP (such as the Inbox) to act through PockeTTY to add STARTTLS functionality (since the Inbox does not support STARTTLS).
This is the configuration dialog for a STARTTLS connection:
On this dialog you specify the local port number and the remote host and port number. You also choose whether you want to proxy IMAP, POP, or SMTP. If you're having a problem with your STARTTLS connection, or you're just the curious type, you can choose to see debugging messages.
3.7. Telnet
PockeTTY's Telnet is a very simple connection method which does absolutely no encryption of the data being transferred. This means all data, including passwords, are sent "cleartext", so for login sessions you should use a secure connection whenever possible. However, telnet is useful as a debugging tool because it makes very few assumptions about what you're connecting to. For example, you can use telnet to connect to port 80 of a web server, or to port 119 of a newsserver.
When making a new telnet connection, you only need to specify the name of the host and the port number you want to connect to. Many hosts allow you to log in via telnet on port 23 so this is the default, although it's not a good idea to do so unless you're managing the network yourself. You can configure your terminal settings by pressing the Terminal button.
3.8. Serial
PockeTTY can connect to any serial device that is connected to your Windows CE device, and allow you to interact with it at a low level. If you need to maintain a piece of network hardware for example, this feature makes it easy. You can configure your terminal settings by pressing the Terminal button.
3.8.1. Devices
When you choose to connect to a serial device, you are shown a list of all available devices. This will include devices that are built into your Windows CE device, like an infrared port or a Bluetooth port.
3.8.2. Options
The standard serial connection options are available, including:
- Speed: 110 through 256000
- Byte size: 4, 5, 6, 7, or 8
- Stop bits: 1, 1.5, or 2
- Parity: odd, even, mark, space, or none
- Flow control: hardware, software, or none
How you set these options will depend on the type of device to which you're connecting.
4. Terminal Emulation
Most connection types allow you to interact with a remote server through a "terminal emulator". This means PockeTTY displays your session and accepts input as a VT100 terminal would. However, some valid VT100 keys cannot be typed easily (if at all) on some devices. PockeTTY provides a Keys menu that lets you easily send an "Escape", "Break", or "PF" key to your session.
PockeTTY provides a number of settings you can change to customize your terminal. There are two types of settings, those that only affect a single session, and those that affect all sessions.
4.1. Per-session Terminal Settings
For connections that provide a terminal you may specify terminal settings by tapping the Terminal button, which will display the following dialog:
The settings you choose here will only affect the session you're currently configuring. Any new sessions will use the default settings.
4.1.1. Rows and Columns
The most important terminal setting is the number of rows and columns to emulate for the terminal. This is not related to the number of rows and columns that will fit on your device, except that if you choose a size that is bigger than your screen can handle, PockeTTY will provide scrollbars so that you can see the entire terminal. Keep in mind that some server-side programs expect your terminal to have a certain number of rows or columns. [Default: Controlled by global settings]
4.1.2. Scrollback
Closely related to the number of rows and columns is the amount of scrollback to save. "Scrollback" refers to lines that have scrolled off the top of the terminal. PockeTTY can save these lines so that you can refer to them later. If you choose to save scrollback lines, PockeTTY will provide a vertical scrollbar so that you can see the saved lines. You specify the number of lines you want to save. [Default: Controlled by global settings]
4.1.3. Line Wrap
While typing in a terminal session, if you reach the end of the line there are two possibilities. The cursor can either wrap around to the next line, or it can remain in the rightmost column. In most applications you want the cursor to wrap, but sometimes the other behavior is more appropriate. Either way, if you continue typing your keystrokes are still sent to the server. [Default: Selected]
4.1.4. Linefeed Mode
PockeTTY's terminal emulator can interpret a press of the Return key in two different ways. In "linefeed mode" it is interpreted as a "carriage return" only, while in "newline mode" it is interpreted as a carriage return followed by a linefeed. [Default: Selected]
4.1.5. Local Echo
When you send a keystroke, most server-side applications will echo the keystroke back to the terminal for display (when it's appropriate to do so). However, there are some instances when the application will not, even though you'd like it to. Choosing local echo will echo the key to the screen before it is sent to the server. [Default: Not selected]
4.1.6. Swap Backspace and Delete
Some server-side applications map the backspace and delete keys the same way that they are sent from your device. Others map them in the exact opposite way. By selecting this option you can switch the mapping of these keys. [Default: Not selected]
4.1.7. Visual Bell
The PockeTTY receives a request to ring the terminal emulator's "bell", it can do one of two things. It can either produce a beep sound, or it can flash the screen (known as a "visual bell"). This allows you to leave your device's sound settings as they are and still be notified by the terminal. [Default: Selected]
4.1.8. Keypad Mode
The keys on the numeric keypad can be interpreted in two ways, either as numbers, or as application-specific control characters (for example, '8' is up, '2' is down, etc). [Default: Numeric]
4.1.9. Terminal Type String
When PockeTTY connects to a remote server it may be asked to identify the type of terminal it's emulating. The string entered here will be sent to the server when this challenge is received. Note that changing this value does not change the type of terminal that PockeTTY is emulating, but only what it tells the server it's emulating. (The current version of PockeTTY only supports VT100 emulation.) [Default: "vt100"]
4.1.10. Cursor Type
You can choose a block or underscore cursor, blinking or solid. [Default: Controlled by global settings]
4.2. Global Terminal Settings
Some settings affect all sessions that PockeTTY maintains, either directly or by providing default values to per-session settings:
Global settings can be set by selecting Global Preferences under the Edit menu.
Note that some settings differ on Smartphone platforms. See Appendix C for more information.
4.2.1. Rows and Columns
Here you can specify the default number of rows and columns for the terminal emulator. This allows you to, for example, always use the entire screen size as your default terminal size. [Default: 24 rows, 80 columns; Max: 1000 rows, 1000 columns]
This setting does not exist on Smartphone platforms. See Appendix C for more information.
4.2.2. Scrollback
This setting controls the default number of lines of scrollback to maintain in terminal sessions. [Default: 24 lines]
This setting does not exist on Smartphone platforms. See Appendix C for more information.
4.2.3. Cursor Type
This setting controls the default cursor type for the terminal emulator. [Default: Blinking block]
4.2.4. Text Pacing
Sometimes when transferring an ASCII file your device can send data faster than the remote server or device can receive it. With this setting you can control the rate at which data are sent, by specifying how long PockeTTY should wait between characters. [Default: 10 mS]
4.2.5. Special Control Key Handling
Most devices are capable of sending the correct control key sequences through PockeTTY to the host. However, some devices require special handling of control keys, which makes things run a little slower. If you find that some control keys are not working properly, try selecting this option. [Default: Not selected]
4.2.5.1. Soft Control Keys
Some devices have hardware keyboard which lack a control key. Enabling "Special Control Key Handling" will also make a "Soft Control Key" option available. If you enable Soft Control Key, the character "~" will act as a control key. To type control-c, you'd type
~ c
(When this is enabled, you need to type ~ twice in order to type a plain ~ character.)
4.2.6. Keep Device Awake if Connected
Setting this option will keep your device awake for as long as there's an open connection (until your battery runs out). [Default: Not selected]
4.2.7. Fonts
PockeTTY provides a built-in font that it uses for its terminal emulation. However, you may choose to use any fixed-width font that is installed on your device. [Default: Built-in]
This setting differs on Smartphone platforms. See Appendix C for more information.
4.2.8. Colors
You can change the default colors used for each of the eight standard colors. For example, to display black characters on a white background by default, change the white colored box to black and the black colored box to white. [Default: Standard color map]
This setting does not exist on Smartphone platforms. See Appendix C for more information.
4.2.9. Paths
The storage location for root CA's is configured under this tab in the global preferences. You can add your own root CA's by putting PEM certificates in this location. The filename used for the certificate is unimportant. Note that we do not currently support PKCS#7 certificates. [Default: Set by the standard installer]
4.2.10. Keep Cursor Onscreen
If you have your terminal session emulating more rows or columns than your screen can display, you may need to use the scrollbars to see what you're typing. When this option is selected PockeTTY will detect when the cursor goes offscreen and automatically scroll the display to keep the cursor on the screen. This option can be changed under the Edit menu, to make it easier to toggle during a session. [Default: Not selected]
This setting does not exist on Smartphone platforms. See Appendix C for more information.
4.2.11. Fit To Screen
On all devices except HPC 2000 and HPC Pro, this feature will scale the current font such that the entire terminal area fits on the screen. The best results are usually achieved using the built-in 9 point or Courier New 9 point font.
Scrollback area, if any, is not displayed during fit to screen. Since the entire terminal fits onscreen, no scrollbars are ever visible in this mode.
Due to constraints of font size, it is possible that some area to the right or bottom of the terminal will not be used when scaled. In some circumstances the empty area below the terminal may be large enough to accomodate another row of text, and it may seem like PockeTTY should be using that space. In these situations, if PockeTTY made every line one pixel taller (or every column one pixel wider) there wouldn't be enough room to fit the terminal as-is; this is not a bug. It's also unfortunately unintuitive. You may want to create a new session with a terminal that's slightly larger to use the otherwise dead space.
4.3. Additional Capabilities
PockeTTY provides some additional capabilities that apply to many connection types.
4.3.1. ASCII
If you want to send a lot of text through a session, an easy way to do it is to use PockeTTY's ASCII sending feature. First, create a text file (for example using Pocket Word) and save it on your device. Then make a connection through PockeTTY, and choose Send Ascii from the File menu. The document you choose will be opened, and the characters in it will be sent as though you were typing them. PockeTTY can pause between each character (controlled by the text pacing global setting), so as not to overwhelm the server.
4.3.2. XModem
You can also send files through PockeTTY via XModem, a simple file transfer method. To send a file, initiate an XModem receiver on the remote server, then choose Send Xmodem from the File menu. To receive a file, initiate an XModem sender on the remote server, then choose Receive Xmodem from the File menu.
Note that XModem sends files in 128-byte "chunks". This means that if the size of your file is not evenly divisible by 128, XModem will "pad" the end with up to 127 extra bytes. This is not a bug, it is built into the XModem protocol.
4.3.3. Input Buffer
Sometimes with a slow connection, the delay between sending a character and seeing it appear on the screen can make typing cumbersome. To speed things up PockeTTY provides an input buffer. This is simply a field where you can enter a single line of text, then press the Send button to send the entire line at once, rather than one character at a time. The buffer window will remain up until you choose to close it. To open it, choose Input Buffer from the Edit menu.
This setting does not exist on Smartphone platforms. See Appendix C for more information.
A. Encryption Technical Details
When PockeTTY makes an SSH or SSL connection to a server, one of the first things that happens is an exchange of "keys". For SSH 1 connections the keys are encrypted using 1024-bit RSA. For SSH 2, PockeTTY can use either 1024-bit RSA or 8192-bit DSS/DSA (FIPS 186). For SSL, the encryptor is variable.
For SSH 2 connections, the security level slider controls the maximum size of the random exponent we use to generate our key in the Diffie-Hellman key exchange. At the "Better security" end we use the entire range of possible values. At the "Faster connection" end we choose a value from the lower half of the range. Using a smaller value exponentially decreases the amount of time it takes to verify the exchange, but also weakens the security (hence the names of the slider values).
PockeTTY can authenticate SSH 2 connections using either a password entered by the user, or a RSA/DSS certificate (SSH 1 and SSL do not support certificate authentication.) These certificates can be of arbitrary bit length, and can be 3DES encrypted or unencrypted.
Once the connection is established, the remainder of the session can be encrypted using a variety of ciphers, each with its own encryption strength. Here is a summary of the strengths of the various ciphers available in the current version:
| Cipher Name | Strength | Used For |
|---|---|---|
| DES | 56 bit | SSL, STARTTLS |
| 3DES | 168 bit | SSL, STARTTLS, SSH 1 and SSH 2 |
| AES (Rijndael) | 128, 192, or 256 bit | SSH 2 |
| Blowfish | 64 bit, 16 round, 256 bit initializer | SSH 1 |
| Blowfish | 64 bit, 16 round, 128 bit initializer | SSH 2 |
SSL/STARTTLS also supports specific combinations of encryptor and MAC:
| SSL Cipher Name | Strength |
|---|---|
| TLS_RSA_WITH_DES_CBC_SHA | 56 bit |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | 168 bit |
B. Menu Options
Following is a list of the menu options in PockeTTY and their corresponding accelerator keys (if any). Note that the Alt key is used instead of Control, since most terminals use the Control key for their own purposes. Note also that most on-screen keyboards don't have an Alt key. These accelerators are intended to be used from hardware keyboards.
| Menu | Option | Accelerator | Description |
|---|---|---|---|
| File | Start/Stop Capture | Start/stop recording output to a file. | |
| Receive Xmodem | Receive a file. | ||
| Send Ascii | Send plain text. | ||
| Send Xmodem | Send a file. | ||
| Send via SCP | Send a file over SSH2's SCP protocol. | ||
| Receive via SCP | Receive a file over SSH2's SCP protocol. | ||
| Open Session | Open a saved session. | ||
| Save Session | Save settings for current session. | ||
| Quit | Alt-Q | Close all sessions and exit. | |
| Edit | Copy | Alt-C | Copy selected text to clipboard. (Note that PocketPCs also support tap-and-hold gestures for this.) |
| Copy and Paste | Copy selected text and immediately paste into session. (Note that PocketPCs also support tap-and-hold gestures for this.) | ||
| Paste | Alt-V | Paste text from clipboard into session. | |
| Host Key Manager | Manage host keys saved on your device. | ||
| Input Buffer | Enter a line of text to be sent all at once. | ||
| Global Preferences | Change global settings. | ||
| Keep Cursor Onscreen | Alt-O | Automatically scroll screen so cursor is always visible. | |
| Hide Menus | Alt-M | Hide the menu bar (HPC2000 or HPC Pro only). Use Alt-M to turn it back on. | |
| Session | Connect | Alt-N | Make a new connection. |
| Next Session | Alt-Space | Switch to next session. | |
| Disconnect | Disconnect current session. | ||
| Fit To Screen | Alt-F | Toggle Fit-To-Screen mode. Not available on HPC 2000 or HPC Pro. | |
| Connection 1, ..., 9 | Alt-1, ..., Alt-9 | Switch to chosen session. | |
| Keys | Escape | Send Escape character. | |
| PF1, ..., PF4 | Ctrl-Alt-1, ..., Ctrl-Alt-4 | Send chosen PF key. | |
| Break | Alt-B | Send serial or Telnet break. | |
| Help | About | Incredibly interesting information about PockeTTY. |
C. Platform Differences
PockeTTY is a complex piece of software, and we at DejaVu Software, Inc. have invested a lot of time trying to make it work on different Windows CE platforms. As such, some features don't make sense on certain devices. This can be a logistics problem, a limitation of the OS, or the lack of a requisite feature. This appendix attempts to catalog the platform differences and give some background on why these differences exist.
C.1. HPC Pro and HPC 2000
C.1.1. Fit To Screen
The Fit To Screen feature is designed to make life easier for PocketPC and Smartphone owners that have limited screen real estate. On HPC platforms, the terminal is almost always completely visible onscreen without having to use scrollbars to see the actual terminal area.
We've disabled Fit To Screen on HPCs, as it would wind up taking over the entire screen of the device. We thought this wouldn't be useful; the proper useful motif on an HPC would be the ability to resize the window directly. Given the limited availability of HPC devices on the market, we haven't invested the time to implement such a thing. If you're interested in either Fit To Screen or resizable windows on an HPC device, send us some email and let us know that there's some interest.
C.2. Smartphones
C.2.1. Fit To Screen
Smartphone devices always have Fit To Screen enabled. There is no way to disable this functionality. This is a deliberate decision on our part, as there's no good way to control the scrollbars of a terminal; Smartphones don't have touch screens. Rather than coming up with a convoluted way to enable scrollbar control we've opted to use Fit To Screen.
C.2.2. Terminal sizes
Since Fit To Screen is always enabled and Smartphones tend to be small-screened devices, the default terminal size is set based on how many rows and columns will fit well onscreen using the built-in 9 point font. This gives what we believe is the best possible legibility on a Smartphone.
When connecting a new session, you may still select a different terminal size in the individual session configuration. Sessions may be saved with different terminal sizes as well. The font will be automatically scaled as normal with Fit To Screen enabled. But any new session that's connected will default to the calculated "optimum" setting that PockeTTY decided upon for your device.
C.2.3. Scrollback
Scrollback is never available on Smartphones because PockeTTY won't display scroll bars. Even if you manage to fake out PockeTTY with your own customized settings (by manually editing a configuration file or hacking the registry entries), PockeTTY will still never display scrollback on Smartphones.
C.2.4 Font sizes
The size picker has been removed from the Font preferences on Smartphones. PockeTTY will always use the 9-point size of whatever font is selected. This was done to simplify the user interface a bit. In our tests the 9-point font is the best candidate for Fit To Screen.
Most Smartphones seem to ship without any monospaced fonts, so the only font available is the built-in font. If you were to install another monospaced font, PockeTTY should show it in the list. Again, the 9-point version of that font would be used if selected.
C.2.5. Colors
The color picker is, frankly, ugly. It also seems to be virtually unused by our customers. Smartphones couldn't tap on the color swatches to change the colors (since they have no touchscreens), and rather than investing time in making them work on Smartphone platforms, we decided to remove them completely from these builds. It's possible that we will remove it entirely in a future version of PockeTTY.
C.2.6. Keep Cursor Onscreen
Since Fit To Screen is always enabled, it made no sense to retain Keep Cursor Onscreen. The cursor is already always onscreen.
C.2.7 Input Buffer
Smartphones don't handle floating windows very well. The OS is designed without them in mind, which makes sense since they don't have touchscreens to facilitate window selection. Our Input Buffer is a floating window.
It may be possible to integrate the Input Buffer into PockeTTY in a future version, possibly in the same way that the Address Bar is integrated into Pocket Internet Explorer. But again, this feature seems to be under-utilized by our customers and we decided to spend more time on other features, and postpone editing the Input Buffer until a future version. Of course, we're only going to work on this if we hear that you are interested in this feature...
PockeTTY® is a registered trademark with the U.S. Patent and Trademark Office.