Webbased shell access

software development

#1

Hey all,

Question: Do you know of any way to implement a web-based shell session similar to putty/ssh but without running a client side application?

I know windows has similar services that basically enable a web-based remote desktop session but that’s windows and I’m looking for something *nix based for either dreamhost or my personal Ubuntu server I just built last night (YAY!!!)…

Any ideas?

http://www.jconnors.net - City Streets


#2

Her is one, there are others around (just check hotscripts, or google for 'em).

Note, however that this one, and most all of them I’ve found, are not interactive - you just pass commands, which execute, and the output is passed back, so this may not be what you are looking for. :wink:

–rlparker


#3

Thanks - you’re right… I am looking for an interactive environment… hmmm I guess the search will continue for now.

http://www.jconnors.net - City Streets


#4

Wikipedia is your friend:
http://en.wikipedia.org/wiki/Comparison_of_SSH_clients

Are you looking for something like a java applet or do you envision a form based web UI? Or maybe an AJAX-based SSH UI?

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#5

At this point I would appreciate either. I’m not exactly sure how to implement these so I have to look at either. I think that I would rather have java running just because it’s a bit more secure but also interactive. A couple of those looked promising.

Do you have a suggestions/preference?

http://www.jconnors.net - City Streets


#6

I use putty and sftp from my windows machine to connect to dreamhost (as well as other hosts).

So just to make sure I know what you want to do… You want to open a command line session to DreamHost from what machine? Your home machine or from another unix machine?

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#7

Sorry, I wasn’t being clear.

I have ssh and putty to connect and transfer files to dreamhost from my machine. What I wanted to implement is a web-based ssh shell client so that I don’t need to be tied to another machine with putty or other software in order to interact with dreamhost.

http://www.jconnors.net - City Streets


#8

I assume this is like what you’re looking for, correct?
If so, then you’d need J2SSH, which is an opensource application that can be found here. The issue with it, is that I’m not entirely positive you can install it on your DH server or not… so it may/may not work at all.
Anyways, I’m quite positive for a java-based ssh app, it will require some sort of back-end API like J2SSH provides.


#9

nalgene,

You’ve overrun my experience, but in looking up some stuff that might work for you I came across this page comparing Anyterm with its “competitors”.
http://anyterm.org/compared.html.

I came across it while reading about an intriguing feature that another hosting provider had. (gasp!)

I’ve gotta head off to a meeting at work, but I’ll continue looking into this a bit later today.

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#10

Don’t see it happening. The point of secure shell is for it to be secure - opening up (what is in essence) a locally connected console port is somewhat less secure.

PuTTY is 450k executable that easily fits and runs from my (now undersized and obsolete) 512Mb SanDisk keychain drive. Invest $19 in a keyring drive and keep PuTTY on it so’s ya can run it anywhere. It’s way more secure and will save you the rigamarole of trying to figure out how to weasel a web client into doing it.


#11

I use MindTerm with my dreamhost account and it does exactly what you want, java applet that makes ssh connection.

I found these links helpful:
Signing applet (didn’t bother with cab file): http://mindterm.appgate.com/pipermail/mindterm-users/2003q3/000801.html
Signing applet in detail: http://mindprod.com/jgloss/signedapplets.html
creating/installing ssh keys: http://www.phileplanet.com/archives/2006/08/how-to-setup-ssh-on-windows-xp/
http://wiki.dreamhost.com/index.php/SSH

The only shortcoming I have is trying to use it through corporate firewalls which doesn’t work but that’s not a problem specific to this client.


#12

you might also want to try out www.serfish.com if you are interested in web based access to your ssh servers. the consoleFISH provides you with totally free access to all your servers. have fun!


#13

I’m sorry, but I think this is a decidedly bad suggestion! Even “assuming no malice”, ignoring the fact that it was posted in response to a long dead thread, and giving the poster the benefit of the doubt (maybe this is just a truly clueless newbie who is genuinely trying share something he thinks is a “good thing”), it is absolutely dangerous to use a “service” such as this to access your shell.

Hell, even if you choose to ignore the “fish” in the title, and want to believe that your data is safe, a little look at the TOS ought to raise a big ugly warning in your mind:

Uh huh … right … sure … anything you say. If you ignore the inherent security risk in such a scheme and decide you can trust these folks, you might not have a problem. Then again, you might. If you are concerned about it at all (and particularly if you were to experience a “problem”), you might want to look at the whois info to try to contact these guys, so let’s just do that now …

[quote]Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: SERFISH.COM
Created on: [color=#CC0000]26-Feb-08[/color]
Expires on: 26-Feb-09
Last Updated on: 26-Feb-08

Administrative Contact:
[color=#CC0000]Private, Registration[/color] SERFISH.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax – (480) 624-2599

Technical Contact:
Private, Registration SERFISH.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax – (480) 624-2599

Domain servers in listed order:
NS33.DOMAINCONTROL.COM
NS34.DOMAINCONTROL.COM[/quote]
Now that’s comforting. Brand new, a single year’s registration, and “private” at that … and you are supposed to use them to access your shell? Do yourself, and others on your shared server, a big favor and “just say no” to this one folks! :wink:

–rlparker


#14

I won’t - he’s scum.

He’s spamming the same crap all over the place. Comment spam, etc… he bumped a 2 year old thread at Digitalpoint (should be deleted soon) with the same ad.

I don’t think this will have a happy ending for anyone that gives them access to their info.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#15

I think you are right about that! What’s scary is that many are likely to do it! :frowning:

–rlparker


#16

just have a look at the contact section of the proposed service. there all contact information is provided in clear and legal compliant form (not to mention that there is much more information than usually given in a WHOIS record) -

of course it is all a question of trust and web based ssh access over remote sites must NEVER be a prelacement for access on port 22/own ssl servers, but if you have no such access (intranets etc) these services (also take gotossh, my.anterm.org into consideration) might represent a acceptable bckup solution.


#17

Must never be a what?

si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


#18

I saw that, and it may well be accurate, and then again it may not. I don’t know, and I have no reasonably convenient way to know. Of course that is also true of whois information, but having “private” whois information seems completely unnecessary for a company that is trying to do business transparently. None of that is my main point, however, which is that the service you are offering, even if “well intended” and “legitimate” in purpose, is inherently insecure (as you pointed out yourself in your Terms and Conditions) and is therefore dangerous to use. People should not use it because it is unsafe. :wink:

I think it is more than just a question of trust, but let’s talk about the trust aspect for a minute. Not only do users of your service need to “trust” the service not to abuse (resell, release, exploit, etc.) their information, but they have to also trust your security practices sufficiently to believe that you are capable of protecting that information, and I maintain that it is unreasonable for them to do so.

From a security standpoint, it defeats the whole point of using ssh in the first place to pass your credentials over the web in the clear to be forwarded through a third party to your system. Period. Your service is, by definition, a “man in the middle”, and your system sees the credentials “in the clear”. I’m sorry, but while it may seem convenient to use such a service to those who do not understand the risk, it is foolish for anyone to consider such a service an “acceptable b(a)ckup solution”. Just because a thing can be done does not mean that the thing should be done, and this is one of the things one should not do. It’s like using telnet or ftp via a third-party proxy that you don’t control - also a foolish thing to do. A far better solution for such “exigent” and occasional use would be for a user to install their own software on their own server, reachable only via apahce authentication and/or SSL. While still not completely safe, it would be orders of magnitude safer than using a service such as yours.

What is particularly distressing about such services is that they appeal primarily to those who do not have the technical background to identify and understand the risk, so that they can make an informed decision about whether or not to assume that risk.

gotossh.org and my.anyterm.org present similar security concerns, which they discuss candidly on their websites in their discussion of security. Frankly, their documentation does a far better job of warning users of the security implications than your site does. At least installing anyterm software on one’s own server affords one the option of configuring their system to only accept traffic from certian IPs, and to use SSL (though this method is not commonly available to many shared hosting account customers who do not have root).

Add to all this your posting your linkspam to forums in long dead threads, and you are left with what very much appears to be just another “phishing” attempt. I don’t know if that is what you are doing or not. If that is not what you are doing, you might consider your whole approach to the service you are attempting to provide and your methods of promoting it, so that you are not perceived that way. While that won’t change the riskiness of using your service, it might at least discourage people from thinking the worst of you. :wink:

Irrespective of any of the preceding discussion, it remains dangerous to connect to a shared server’s shell in this manner, and I most strongly implore users here to refrain from doing this via your, or another similar, service.

–rlparker


#19

The fact that you’re not even honest enough to admit it’s your domain here, pretty much shows that you can’t be trusted to put honest info anywhere, whether it’s in the WHOIS info, or on a contact page.

You spammed it here the same way you spam it everywhere, including the digital point thread.

Honest people don’t register a new domain, hide the WHOIS info, then flood the internet with spam for it.

You’re pushing this site the same way people push other phishing/scam sites, as if you’re trying to get as much data through that server as possible before being shut down.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH