This is a collection of answers to Frequently Asked Questions about Pragma Systems Inc. Pragma Fortress for Windows. Please check here before sending email or calling Pragma Systems in regards to problems with the Fortress product.
Some of these questions are carried over from the Pragma Telnet Server product, but are relevant to Pragma Fortress.
Thank you,
Pragma Systems, Inc.
A. Limitations of the Pragma Fortress evaluation
B. How Pragma Fortress works and interacts with Windows
D. Installation Problems with Pragma Fortress
1.Keyboard and Mouse
2.Logging In
3.Windows Association
Does Pragma Fortress use the NT User Database or have it's own?
Could you tell me the limitations, if any, to run Pragma Fortress on Windows?
Pragma Fortress doesn't seem to have the same path as Windows.
Can I run Pragma Fortress on a Windows Workstation OS instead of Windows Server OS?
4.Command Line Operations
5.Display
I wish to be able to scroll my screen back using a buffer and view my previous commands.
Why don’t I see the 24th line in the output when I am running a DOS program within a session?
My terminal only supports 24 lines, this causes the last line not to display correctly.
6.Hardware
I wish to have each user's home directory mapped to a network drive, however, when a user is set to use a networked drive, that drive is not available to other users.
We would like to find out the availability/possibility of your product supporting either HPTERM or XTERM emulation.
How do I share NetWare drives between Fortress SSH sessions?
My NetWare drives are not accessible in a Fortress SSH session?
7.InetD Service
8.Running other applications from Fortress shell
How can I execute a graphical program on the Pragma Fortress without hanging the process?
I have some programs that run okay in a local DOS Window, however when I run them in a Fortress SSH session, the window is not updating.
Known applications that need our wrapper technology because of the above issue:
The ftp session forwarded through the Fortress SSH session hangs.
9.NTVDM
10. Printing
11. Other Issues
A. Limitations of the Pragma Fortress evaluation
The free evaluation copy of Pragma Fortress will timeout 14 days from when it is installed. The greeting message and copyright messages cannot be changed. Other than that, there is no difference.
B. How Pragma Fortress works and interacts with Windows
Pragma Fortress is a standard UNIX secure shell ported to Windows NT. Secure Shell (SSH) is a de-facto industry standard for remote access of systems over a secure connection using strong cryptography. A serious problem with current popular tools like telnet and FTP is that they transfer password and data in clear text on the net thus compromising security. As a result, most secure UNIX and LINUX systems are managed over ssh sessions which encrypts password and all data exchanges. With Pragma's Fortress product, Windows systems can now be managed over secure ssh sessions just like high end UNIX or LINUX systems are. Use of Fortress virtually eliminates the risk of remote management as all session data are encrypted using strong ciphers with keys exchanged dynamically using RSA public key algorithms.
SSH does not support graphical programs that use Windows, it will run any program that will run in your Windows DOS Window. It runs on top of Windows and allows access to those machines from any ssh client and protects the system by using the internal Windows security mechanisms.
With Pragma Fortress, you receive our fully functional InetD product.
InetD is another program we brought over from the UNIX world. It
allows us to run programs only when they are really needed. InetD
runs as a Windows aervice and watches TCP/IP ports that it is
configured for. Using InetD allows us to use less memory and
processor time while awaiting a TCP/IP connection. When a ssh client
attempts a connection to your system, it uses a
Pragma Fortress will run on any system able to run Windows NT. Therefore, all you need is the minimum requirements set by Microsoft. As for how many users can connect to a machine at the same time and performance not be degraded, we say that you need about 8MB per user above the minimum needed for Windows NT. Here's a guideline to follow for connecting 200 ssh sessions:
NOTE: The above recommendation is for ssh sessions running cmd.exe ONLY. Additional resources will be needed as the number of sessions increase, or for sessions that will be running additional processes. Ten megabytes of RAM should be added for each ssh session.
D. Installation Problems with Pragma Fortress
If you are installing Pragma FortressSSH on Windows NT 4.0, please do the following:
You need to download the Active Directory Client Extension Pack. Download Active Directory Extension Pack by clicking here. To read more about Active Directory Extension, click here.
If you are running a version of Windows NT 4.0 that does not include Microsoft Internet Explorer 4.0 or higher, then you will run into a SHLWAPI.dll error. Please install Internet Explorer 4.0 or higher to solve this problem
If you experience problems with the install, these are a few things to look into.
1.) If the install stops running at any point. Exit any program that might be running and try again.
Known programs that might interfere with the installation of Pragma Fortress:
2. ) The sshkeygen program will not run during the installation on a Windows 2000/XP Server machine, running Terminal Services in Application mode. The program must be manually run after the install, or Terminal Services should be disabled, or changed to Remote Administration mode, temporarily.
3. ) If installing from the setup created by a self-extracting file, and a missing file error occurs, remove all temporary files, and run the self-extracting again. If it continues to miss the file, download a new self-extracting file.
4.) If installation occurs due to the InetD Service failing to start, check the Event Log for an InetD error describing the failure.
I am using an application that requires me to use the Alt key on the keyboard, how is this done?
Answer:
Answer 1) You can use our Console SecureShell Client which allows you to use the Alt key just as you normally would, by mapping the ALT key to the same value as the server. See the ssh.txt file for help on mapping the ALT key for the client. The default value is CTRL-A.
Answer 2) You can re-mapped the Alt key to to any key desired for each user, using the Pragma Manager. The default value is CTRL-A.
Why doesn’t Control-G work?
Answer: Check to make sure that Allow Control-G is checked for the user session.
Is it possible to get mouse support in a ssh session?
Answer: Yes. Using Pragma's Console SecureShell Client and the WindowsTerm terminal emulation.
Does Pragma Fortress support function keys?
Answer: Yes, if you use our SecureShell Client all of the keyboard keys work. However, if you use another client, make sure that it supports VT420 or allows you to define what it sends for the keyboard.
How can I get mouse access over a ssh session?
Answer: The client must be configured for the WindowsTerm emulation. To do this, follow these instructions:
1. On the client machine, you need to set your term environment variable to WindowsTerm, then run our ssh client. You can change the environment variable from Control Panel.
Or you can locally set the variable from a DOS prompt. Type the following at the command prompt:
User has account on system but is unable to login.
Answer: Make sure that all users you wish to ssh into the system have "Log on Locally" access permissions.
Only the Administrator is allowed to login.
Answer: You must set the access rights in your User Administrator for those users to have "Log on Locally" access to the computer. If they have "Log on Locally" access right set, you need to make sure that the user has correct access to the directory that Pragma Fortress is installed and to any program that should be run in a session.
It seems to take long time to login.
Answer: One answer is to add the hostnames to your hosts file supplied with Windows. This file can be found in the %SystemRoot%\system32\drivers\etc directory.
Another possibility is network performance. Use Windows diagnostic tools to check the network performance between the Fortress machine and the authenticating machine.
Also, entering a specific domain at the domain prompt will decrease login time.
How do I execute a batch file when a user logs on?
Answer: You can assign a logon batch file for users using one of the following methods. Select only one choice. Errors could occur if the batch file is assigned in multiple locations.
Option 1) Setup the batch file using Windows User Management program.
Option 2) Enter your batch file in the Startup Program edit box under the Full Console Settings or Stream Settings tab, depending on the console mode. The location of this box depends on the version of Fortress. Check your index for these box locations. If cmd.exe or command.com is the User Shell then choose whether the command shell should continue to run after executing the Startup Program. Older versions require a /K or /C after the program name in the User Shell edit box. A /K will return to the command prompt after running the batch file, whereas a /C will close the session after completion.
My client is rejected by the server.
Answer: Check the Windows Application Event Log on the server for detailed information on the cause of the rejection.
I get logged off as soon as I log on.
Answer: This is normally caused by a failure to run the command shell. Check the Application Event Log for an error launching the user shell program. If there is none, then check security access to all necessary items to run the user shell, including directories and mapped drives.
Does Pragma Fortress use the Windows User Database or have it's own?
Answer: Pragma Fortress uses the Windows User Database and API for user authentication.
Could you tell me the limitations, if any, to run Pragma Fortress on Windows?
Answer: Limitations are those imposed on the User's access rights and what you can do in a console window. Also, you are limited by the Windows file system to having only one set of drive letters for the entire system. This causes an error when 2 users try to map the same drive letter.
Pragma Fortress doesn't seem to have the same path as Windows.
Answer: The path for any Fortress session is the same as the System path. If the Fortress user has logged on interactively to the server machine and has a profile with additional path values, that will be used during the Fortress session.
Can I run Pragma Fortress on a Windows Workstation OS instead of a Server OS?
Answer: Yes, we are not limited to running on Windows Server. However, you are limited to the number of socket connections used on Windows Workstation, this is a Microsoft limitation. Although this is not enforced by Microsoft.
Can I add/edit users from a command line ?
Answer: Yes, you can accomplish this by using the NET.EXE command line application. The Help for the command is:
NET USER [username [password | ] [options]] [/DOMAIN]
username {password | } /ADD [options] [/DOMAIN]
username [/DELETE] [/DOMAIN]
Can I see users that are logged on from command line?
Answer: Yes, we ship a command line version of the Pragma Session Manager, called TELMC.EXE.
I need to be able to change my password from command line.
Answer: We have included a utility in our Pragma Fortress ClientSuite package that will enable you to change your password from the command line.
I wish to be able to scroll my screen back using a buffer and view my previous commands.
Answer: Our new screen mode, Advanced Console, allows a user to run console commands and have a scroll back history. This is a only available from Pragma Systems. Stream Mode is still available for any application that handles all emulation for the client, or a session that does not require any console features.
Why don’t I get a color display?
Answer: The reason you are not seeing colors is probably because your client does not support colors. Try one of our ssh clients, Console SSH Client or FortressCL, for a client that supports color.
Why don’t I see the 24th line in the output when I am running a DOS program within a ssh session?
Answer: If the client you are using communicates the terminal window size larger than 80*24, Pragma Fortress will support that window size. if no window size is communicated by the client, then default window size is 80*24 lines. PC programs are typically written to output 80*25 lines. So we can show one fewer line and the 24th line is hidden. If you scroll down with arrow key you can seen the 24th and 25th line. The line we show or hide will be configurable. Our Pragma Fortress Client supports window size of 80*25 or higher. It is better to use our client or any other client that communicates the window size.
My terminal only supports 24 lines, this causes the last line to not display correctly.
Answer: Because DOS programs support a minimum of 25 lines, we have re-mapped the last 25th line to the 24th line. This enables the last line to be seen, which in most cases is very important. We do not recommend using a client that does not support at least 25 lines.
Answer: For versions earlier than 5.0, use the Console Settings tab, turn on the User Monochrome option and set the Default Background color to any value other than Black. Version 5.0 includes a check box to use Reverse Video.
I wish to have each user's home directory mapped to a network drive, however, when a user is set to use a networked drive, that drive is not available to other users?
Answer: Yes, this is due to the fact that Windows is not a multi-user operating system and is limited to the drive letters A - Z. We are hoping that future versions of Windows will have support for such usage. We are looking for a solution to this problem.
We would like to find out the availability/possibility of your product supporting either HPTERM or XTERM emulation.
Answer: We currently support VT100 to VT420, WYSE 50, IBM 3151, ANSI and our own proprietary WindowsTerm. We find that these fit all clients, however, if you have a special terminal you wish us to add, please contact us and we can try to work something out.
How do I share NetWare drives between sessions?
Answer: In order to use NetWare drives without them disconnecting after you exit from a session, you must install "Gateway (and Client) Services for NetWare". You can do this from "Control Panel" - "Network" - "Services" tab and select the "Add" button. A list of services will appear and you should select and install the "Gateway (and Client) Services for NetWare". You will then be able to share NetWare drives as if they were Microsoft NT drives. Refer to your Windows documentation for more information.
My NetWare drives are not accessible in a session?
Answer: This is a known problem with the NetWare security provider and our server. One solution is to logon to the session as the same user who mapped the NetWare drive.
Another solution is to have the NetWare drives mapped from within the ssh session, which can be done easily with a login script.
Another solution is to install the Novell Client for NT on the FortressSSH machine, drives mapped outside of ssh sessions are available to all privileged users. This has been tested with Version 4.3 of the Novell Client, which can be downloaded from www.novell.com.
How can I use InetD to enable my console application to be TCP/IP network enabled?
Answer: This is a very simple task. All you must do is use our socket instead of STDIN and STDOUT. So, you can use the following code snippet to get the socket handle and allow your program to read and write to the socket just as if it were in a regular console.
char *pSock;
int hOutput = 0, hInput = 0;
if ( (pSock = getenv("PRAGMASYS_INETD_SOCK")) != NULL )
{
/* code for in session */
hOutput = hInput = atoi( pSock );
// From here you can use Windows NT ReadFile and WriteFile
// for input and output
}
else
{
/* code for not in session */
}
How do I START and STOP the InetD Service?
Answer 1: From the "Pragma Manager" on the InetD Settings page.
Answer 2: From the "Control Panel – Services" Program
1. Select the item "InetD" from the list, it should now be highlighted
2. Select the "Start" button to start the InetD Service
3. Select the "Stop" button to stop the InetD Service
Answer 3:From a Command Prompt
1. Type "NET START INETD" to start the InetD Service
2. Type "NET STOP INETD" to stop the InetD Service
How can I execute a graphical program on Pragma Fortress without hanging the process?
Answer: Although Pragma Fortress does not allow for the client to view graphical programs run on the server. You can start a graphical program from the client, using the GUIStart program included with the Fortress server.
I have some programs that run okay in a local DOS Window, however when I run them in a session, the window is not updating.
Reason: Some programs that are compiled for Windows and run in a console window use the Win32 Console API functions that switch the active screen buffer being used. Not only does Pragma Fortress have no way of knowing that these functions are being used and that the screen buffer has been changed, but because of process boundaries set by Windows, the Fortress process has no access to these screen buffers. These applications will work in Advanced Console or with the wrap.exe program.
Known applications that need our Wrapper technology because of the above issue::
Where can I get Emacs for Windows that works in a session?
Answer: If your looking for a port of Emacs that works with our Fortress Server, go to University of Washington Windows port of Emacs. You will need to get at least version 19.34.2, it has been modified for our Pragma Telnet Server, which uses similar implementation.
Using IBM's DB2 product with Pragma Fortress.
Answer: Two environment variables need to be set for the DB2 Command Line processor to work within a session, DB2RQTIME and DB2CLP.
DB2RQTIME: This is a timeout variable used by DB2, it represents milli-seconds so it will be very large.
DB2CLP: This is an internal value set per session, it is unique to each session. See you DB2 help for more information on setting this variable.
We recommend that you use a shell initializer on the server to set these values at the start of you session.
The ftp session forwarded through the Fortress SSH session hangs.
The ftp client is not in passive mode. Make sure the client supports passive mode, and put the client in passive mode. The ftp client included with the Windows operating systems does not support passive mode. Pragma Fortress ships with a ftp client, Pragma FTP Client, that does support passive mode.
How can you limit the CPU usage of a NTVDM process?
Answer: On NT 4.0 or higher, increasing the Idle Sensitivity will decrease the CPU usage of a 16-bit process. The Idle Sensitivity can be set under the properties of the 16-bit executable Misc tab.
How do I make Pragma Fortress stop any ntvdm.exe process when a session ends?
Answer: When a 16 bit application is run within a session, a ntvdm.exe is started and may not be killed when the user exits out of the session. Pragma Fortress is automatically configured to stop all processes started during a session.
If you have a program that requires that the "Monitor Child Process" feature be Off, you may use the Graceful Termination feature. Go to the User Management, Graceful Termination tab, and setup the exit keys.
Answer: In order for printing to work, users that wish to print must have Change access to the SpoolDir.
Take a look at the documentation on Printing Monitoring. It has a step-by-step setup and troubleshooting tips.
Does Pragma Fortress support file transfer?
Answer: Yes. Files can be transferred in one of 3 ways: SFTP, SCP, or ftp in passive mode. See File Transfers for more information.
How do I set a users home directory?
Answer: Pragma Fortress supports the user settings in Windows, including home directory and logon script. You may also set up a home directory for each user for secure shell sessions only, using the Fortress User Management. For the specified user, set the Home Directory on the Users General Setting tab.
Are you "Year 2000 Compliant"?
Answer: We use Windows time and date functions, and we have no real
date requirements so we are "Year 2000 Compliant".
I can only get a small number of sessions connected, then I start getting errors.
Answer: Resources may limit the number of sessions. If a large number of sessions are active, and users begin to experience process issues or are unable to logon, increase the InetD Desktop Count. If that does not allow more sessions then check the Win32 system setup. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Windows registry value. There is a substring value of SharedSection. For best results this value should be SharedSection=1024,3072,512. After changing the value, reboot the system.
If the problem persist change the SharedSection value to 1024,3072,1024, then reboot. This setting is system dependent, so some systems have better results with 512, while some perform better with 1024.
Windows has a system limitation of 48 MB of memory for non-interactive services, such as ssh sessions. This limit will be reached if InetD cannot create all of the requested desktops or the SharedSection value is set too high.
Do I have to use Pragma Console SecureShell Client?
Answer: You can use any client that support SSH2 level protocol. We have had successful sessions with Linux, HP, and some commercial Windows ssh clients, such as F-Secure and SecureCRT.
I am getting a getpeername failure in the Event Log.
My server process immediately exists without error.
Answer: Another application with a Layered Service Provider might be conflicting with the Pragma Server. Uninstall the other application and re-boot.
Other applications known to cause a conflict:
McAfee VirusScan 7.0
Diamond Port Monitor