Secure Shell Printing in AnzioWin

Introduction

AnzioWin and Anzio Lite support the SSH, Secure Shell, protocol. With this approach, as with a normal telnet session, remote passthrough printing works fine, and will even be encrypted. However, this type of printing is still terminal session based and hence interrupts your terminal session while printing.

 Within AnzioWin, we can take advantage of several feature extensions of SSH, including their backchannel authentication procedure to insure encrypted and completely separate printing from the terminal session.

Backchannel encrypted printing

One of the weaknesses evident in securing your network is the lack of options for encrypted printing. This is particularly an issue with HIPAA. Starting with version 15 of AnzioWin, when you are connected using SSH, you have the option of opening a backchannel for printing. Print jobs from the host can travel over the authenticated, encrypted SSH link, in a channel that is separate from your terminal session, to go to your printer.At this point, there is no user interface for configuring backchannel printing. To enable it, use Notepad (or similar) to edit your settings file (such as "anziowin.def"). Look for the line labeled "ssh-print". Change its value from "0" to "1". Note also the line "ssh-print-command". This is the command the gets executed on the backchannel, as described below. You may want to change this. Here is the process that Anzio goes through:

a) On initial startup, if an SSH connection is successfully established with the host, and ssh-print is "1", and ssh-print-command is not empty, then AnzioWin will create a second SSH channel, and on it execute the command specified in ssh-print-command.

b) Any data that Anzio receives on the SSH print channel will go to a special ssh-printing routine, which will send it to the main print processor (that is, WPRN). Its handling there will vary depending on whether Print Wizard is turned on, and (if Print Wizard is turned off) the Print Level setting.

c) The ssh-printing routine in Anzio will also respond to a simple protocol for forcing an end-of-job. To force an end-of-job, and then go back into printing mode, send the backchannel the following:

    [ 4 i E J E C T [ 5 i

(where is the escape character). Although this looks like the passthrough print sequence for VT-style terminals, it will work regardless of the terminal type Anzio is emulating.Note that even if this is not done, the normal flush timer logic in Anzio will occur.

d) The default ssh-print-command is

    rm anzprinter 2> /dev/null;ln -s `tty anzprinter;cat

This removes traces of a previous execution. Then it makes a soft link of the tty name assigned to this channel to the name "anzprinter". Then it executes a "cat" command. This continues to run. Now, to print anything on the backchannel, you can write something to anzprinter in the user's home directory; for instance:

     cat somefilename > /home/ras/anzprinter

Note that this approach would not work if multiple logins were occurring using the same username.

e) Data sent to the backchannel is currently assumed to be in the ISO (ANSI) file set.