Skip to main content

Configuration File

The server reads configuration from: 
%PROGRAMDATA%\UndyingTerminal\ut.cfg
Typical path: C:\ProgramData\UndyingTerminal\ut.cfg

Configuration Format

INI-style format with key=value pairs: 
# Undying Terminal Server Configuration

# Network Settings
port=2022
bind_ip=0.0.0.0

# Logging
verbose=false

# Security (Optional)
shared_key_hex=<your-32-byte-hex-key>

Configuration Options

Network Settings

port

Type: Integer
Default: 2022
Description: TCP port for server to listen on 
port=2022
Choose a non-standard port (>1024) to avoid conflicts and reduce automated scans.
Examples: 
port=2022     # Default
port=8022     # Alternative (less likely to conflict)
port=22222    # High port number

bind_ip

Type: IP Address
Default: 0.0.0.0
Description: IP address to bind server listener 
bind_ip=0.0.0.0
ValueBehavior
0.0.0.0Listen on all interfaces (default)
127.0.0.1Listen only on localhost (local-only access)
192.168.1.10Listen on specific interface
::Listen on all IPv6 interfaces
Security Considerations:
  • Use 127.0.0.1 for local development
  • Use 0.0.0.0 for remote access (combine with firewall rules)
  • Use specific IP for multi-NIC servers

Logging

verbose

Type: Boolean (true / false)
Default: false
Description: Enable verbose logging 
verbose=false
When true, server logs:
  • Client connections/disconnections
  • Packet types sent/received
  • Named pipe events
  • Tunnel creation/destruction
Output: Written to stdout/stderr
Verbose logging helps diagnose connection issues but increases log volume. Enable temporarily for debugging.

Security

shared_key_hex

Type: 64-character hex string (32 bytes)
Default: None (encryption disabled)
Description: Shared secret for XSalsa20 encryption 
shared_key_hex=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Encryption Details:
  • Algorithm: XSalsa20 (via libsodium)
  • Key size: 32 bytes (256-bit)
  • Nonce: 24 bytes (auto-incremented per packet)
  • Applied to all client ↔ server communication
Generate a Key: 
# Generate random 32-byte hex key
$bytes = New-Object byte[] 32
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($bytes)
$hexKey = -join ($bytes | ForEach-Object { $_.ToString("x2") })
Write-Output "shared_key_hex=$hexKey"
  • Enable encryption for internet-facing servers
  • Encryption provides confidentiality only (no authentication/MAC)
  • Passkey is still sent in plaintext during initial handshake
  • Consider using VPN for highly sensitive environments

Example Configurations

Development (Local Only)

# Development configuration
# Local-only access, verbose logging, no encryption

port=2022
bind_ip=127.0.0.1
verbose=true

Production (Internet-Facing)

# Production configuration
# All interfaces, minimal logging, encryption enabled

port=2022
bind_ip=0.0.0.0
verbose=false
shared_key_hex=<generated-key-here>

Multi-Server (Development)

When running multiple servers on one machine: 
port=2022
bind_ip=0.0.0.0
verbose=false
Then use environment variables: 
# Server 1 (default config, default pipe)
./undying-terminal-server.exe

# Server 2 (different port, different pipe)
$env:UT_PIPE_NAME = "\\\\.\\pipe\\undying-terminal-2023"
./undying-terminal-server.exe --port 2023

Environment Variables

Override configuration at runtime:

UT_PIPE_NAME

Type: String (Windows named pipe path)
Default: \\\\.\\pipe\\undying-terminal
Description: Override named pipe path 
# Use custom pipe name
$env:UT_PIPE_NAME = "\\\\.\\pipe\\ut-custom"
./undying-terminal-server.exe
Use Cases:
  • Running multiple servers on one machine
  • Avoiding pipe name conflicts
  • Development/testing isolation
Terminals must use the same UT_PIPE_NAME to connect to the correct server.

UT_DEBUG_HANDSHAKE

Type: Boolean (1 = enabled)
Default: Not set (disabled)
Description: Enable packet-level debug output 
$env:UT_DEBUG_HANDSHAKE = 1
./undying-terminal-server.exe
Output: Prints every packet type sent/received Example: 
[DEBUG] Sent: CONNECT_REQUEST
[DEBUG] Recv: CONNECT_RESPONSE (status=NEW_CLIENT)
[DEBUG] Sent: INITIAL_PAYLOAD
[DEBUG] Recv: INITIAL_RESPONSE

Command-Line Flags

Override config file settings:

--port <PORT>

./undying-terminal-server.exe --port 8022

--add-firewall

Automatically add Windows Firewall rule: 
# Run once to add firewall rule
./undying-terminal-server.exe --add-firewall
Creates rule:
  • Name: “Undying Terminal Server”
  • Direction: Inbound
  • Protocol: TCP
  • Port: Current port (from config or —port)
  • Action: Allow

--service

Run as Windows service: 
# Install service
sc.exe create UndyingTerminalServer `
  binPath= "C:\Program Files\UndyingTerminal\undying-terminal-server.exe --service"

# Start service
sc.exe start UndyingTerminalServer
When running as service:
  • Uses SYSTEM account
  • Starts automatically on boot
  • Logs to Windows Event Log
  • Handles graceful shutdown

Configuration Precedence

Settings are applied in this order (later overrides earlier):
  1. Defaults (hardcoded in binary)
  2. Config file (%PROGRAMDATA%\UndyingTerminal\ut.cfg)
  3. Environment variables (UT_PIPE_NAME, etc.)
  4. Command-line flags (--port, etc.)
Example: 
# Config file: port=2022
# Command line: --port 8022
# Result: Server listens on 8022 (CLI wins)

Firewall Configuration

Windows Defender Firewall

# Run server with --add-firewall once
./undying-terminal-server.exe --add-firewall
This creates an inbound rule automatically.

Third-Party Firewalls

Configure your firewall to allow:
  • Inbound TCP on configured port (default 2022)
  • Application: undying-terminal-server.exe

Network Configuration

Port Forwarding (Router)

To access the server from external networks:
1

Find Internal IP

ipconfig | findstr IPv4
Example: 192.168.1.100
2

Configure Router

In your router’s admin panel:
  • External Port: 2022
  • Internal IP: 192.168.1.100
  • Internal Port: 2022
  • Protocol: TCP
3

Test External Access

# From external network
./undying-terminal.exe --ssh <PUBLIC_IP> -l user
Security: When exposing to the internet, always enable encryption via shared_key_hex.

Performance Tuning

High-Concurrency Environments

For >100 concurrent sessions: 
# Use dedicated network interface
bind_ip=192.168.1.100

# Disable verbose logging
verbose=false

# Enable encryption (adds ~1-2ms latency)
shared_key_hex=<key>
OS Tuning (Windows): 
# Increase TCP connection limit (if needed)
netsh int tcp set global autotuninglevel=normal

Low-Bandwidth Networks

# Standard settings work well
# Keepalive traffic is minimal (~200 bytes/5s per session)

port=2022
bind_ip=0.0.0.0
verbose=false
Client-Side: Reduce keepalive frequency (requires recompile)

Monitoring and Logs

Check Server Status

# Verify server is listening
netstat -ano | findstr :2022

# Check process
tasklist | findstr undying-terminal-server

View Logs

When verbose=true: 
# Run server with output redirection
./undying-terminal-server.exe > server.log 2>&1

# Tail log file
Get-Content server.log -Wait -Tail 20

Metrics to Monitor

MetricCommandNormal Range
Active Connectionsnetstat -ano | findstr :2022 | measure0-1000s
Memory Usagetasklist /fi "imagename eq undying-terminal-server.exe"~50MB + (5MB × sessions)
CPU UsageTask Manager<5% idle, <20% under load

Backup and Recovery

Backup Configuration

# Backup config file
Copy-Item "$env:PROGRAMDATA\UndyingTerminal\ut.cfg" `
          "C:\Backups\ut.cfg.$(Get-Date -Format 'yyyy-MM-dd')"

Restore Configuration

# Restore from backup
Copy-Item "C:\Backups\ut.cfg.2024-01-15" `
          "$env:PROGRAMDATA\UndyingTerminal\ut.cfg"

# Restart server
Restart-Service UndyingTerminalServer

Troubleshooting Configuration

Error: Server uses default settingsSolution: Create config directory
New-Item -ItemType Directory -Force -Path "$env:PROGRAMDATA\UndyingTerminal"
Error: Server fails to start or uses defaultCheck:
  • Valid port number (1-65535, typically >1024)
  • Valid IP address for bind_ip
  • 64-character hex string for shared_key_hex
  • true/false for boolean values
Error: Client can’t connect (invalid handshake)Cause: Client and server have different encryption keysSolution: Ensure both use same shared_key_hex value
Error: bind: address already in useCheck what’s using the port:
netstat -ano | findstr :2022
Solutions:
  • Change port in config
  • Stop conflicting service
  • Use --port flag to override

Security Best Practices

Encryption

  • Enable shared_key_hex for production
  • Generate strong random keys (32 bytes)
  • Store keys securely
  • Rotate keys periodically

Network Isolation

  • Use bind_ip=127.0.0.1 for local-only
  • Use firewall rules to restrict access
  • Use VPN for sensitive environments
  • Avoid exposing to public internet

Access Control

  • Use strong random passkeys
  • Limit who knows passkeys
  • Monitor active sessions
  • Audit connections regularly

Operational Security

  • Run as Windows service (not user account)
  • Disable verbose logging in production
  • Monitor server logs
  • Keep software updated

Next Steps

Client Options

Configure client behavior

Environment Variables

Runtime configuration options

Windows Service Guide

Run server as a service

Troubleshooting

Solve configuration issues