Question: Do you know of any way to implement a web-based shell session similar to putty/ssh but without running a client side application?
I know windows has similar services that basically enable a web-based remote desktop session but that’s windows and I’m looking for something *nix based for either dreamhost or my personal Ubuntu server I just built last night (YAY!!!)…
At this point I would appreciate either. I’m not exactly sure how to implement these so I have to look at either. I think that I would rather have java running just because it’s a bit more secure but also interactive. A couple of those looked promising.
I have ssh and putty to connect and transfer files to dreamhost from my machine. What I wanted to implement is a web-based ssh shell client so that I don’t need to be tied to another machine with putty or other software in order to interact with dreamhost.
I assume this is like what you’re looking for, correct?
If so, then you’d need J2SSH, which is an opensource application that can be found here. The issue with it, is that I’m not entirely positive you can install it on your DH server or not… so it may/may not work at all.
Anyways, I’m quite positive for a java-based ssh app, it will require some sort of back-end API like J2SSH provides.
Don’t see it happening. The point of secure shell is for it to be secure - opening up (what is in essence) a locally connected console port is somewhat less secure.
PuTTY is 450k executable that easily fits and runs from my (now undersized and obsolete) 512Mb SanDisk keychain drive. Invest $19 in a keyring drive and keep PuTTY on it so’s ya can run it anywhere. It’s way more secure and will save you the rigamarole of trying to figure out how to weasel a web client into doing it.
I’m sorry, but I think this is a decidedly bad suggestion! Even “assuming no malice”, ignoring the fact that it was posted in response to a long dead thread, and giving the poster the benefit of the doubt (maybe this is just a truly clueless newbie who is genuinely trying share something he thinks is a “good thing”), it is absolutely dangerous to use a “service” such as this to access your shell.
Hell, even if you choose to ignore the “fish” in the title, and want to believe that your data is safe, a little look at the TOS ought to raise a big ugly warning in your mind:
Uh huh … right … sure … anything you say. If you ignore the inherent security risk in such a scheme and decide you can trust these folks, you might not have a problem. Then again, you might. If you are concerned about it at all (and particularly if you were to experience a “problem”), you might want to look at the whois info to try to contact these guys, so let’s just do that now …
Domains by Proxy, Inc. DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
Domain servers in listed order: NS33.DOMAINCONTROL.COM NS34.DOMAINCONTROL.COM[/quote]
Now that’s comforting. Brand new, a single year’s registration, and “private” at that … and you are supposed to use them to access your shell? Do yourself, and others on your shared server, a big favor and “just say no” to this one folks!
just have a look at the contact section of the proposed service. there all contact information is provided in clear and legal compliant form (not to mention that there is much more information than usually given in a WHOIS record) -
of course it is all a question of trust and web based ssh access over remote sites must NEVER be a prelacement for access on port 22/own ssl servers, but if you have no such access (intranets etc) these services (also take gotossh, my.anterm.org into consideration) might represent a acceptable bckup solution.
I saw that, and it may well be accurate, and then again it may not. I don’t know, and I have no reasonably convenient way to know. Of course that is also true of whois information, but having “private” whois information seems completely unnecessary for a company that is trying to do business transparently. None of that is my main point, however, which is that the service you are offering, even if “well intended” and “legitimate” in purpose, is inherently insecure (as you pointed out yourself in your Terms and Conditions) and is therefore dangerous to use. People should not use it because it is unsafe.
I think it is more than just a question of trust, but let’s talk about the trust aspect for a minute. Not only do users of your service need to “trust” the service not to abuse (resell, release, exploit, etc.) their information, but they have to also trust your security practices sufficiently to believe that you are capable of protecting that information, and I maintain that it is unreasonable for them to do so.
From a security standpoint, it defeats the whole point of using ssh in the first place to pass your credentials over the web in the clear to be forwarded through a third party to your system. Period. Your service is, by definition, a “man in the middle”, and your system sees the credentials “in the clear”. I’m sorry, but while it may seem convenient to use such a service to those who do not understand the risk, it is foolish for anyone to consider such a service an “acceptable b(a)ckup solution”. Just because a thing can be done does not mean that the thing should be done, and this is one of the things one should not do. It’s like using telnet or ftp via a third-party proxy that you don’t control - also a foolish thing to do. A far better solution for such “exigent” and occasional use would be for a user to install their own software on their own server, reachable only via apahce authentication and/or SSL. While still not completely safe, it would be orders of magnitude safer than using a service such as yours.
What is particularly distressing about such services is that they appeal primarily to those who do not have the technical background to identify and understand the risk, so that they can make an informed decision about whether or not to assume that risk.
gotossh.org and my.anyterm.org present similar security concerns, which they discuss candidly on their websites in their discussion of security. Frankly, their documentation does a far better job of warning users of the security implications than your site does. At least installing anyterm software on one’s own server affords one the option of configuring their system to only accept traffic from certian IPs, and to use SSL (though this method is not commonly available to many shared hosting account customers who do not have root).
Add to all this your posting your linkspam to forums in long dead threads, and you are left with what very much appears to be just another “phishing” attempt. I don’t know if that is what you are doing or not. If that is not what you are doing, you might consider your whole approach to the service you are attempting to provide and your methods of promoting it, so that you are not perceived that way. While that won’t change the riskiness of using your service, it might at least discourage people from thinking the worst of you.
Irrespective of any of the preceding discussion, it remains dangerous to connect to a shared server’s shell in this manner, and I most strongly implore users here to refrain from doing this via your, or another similar, service.
The fact that you’re not even honest enough to admit it’s your domain here, pretty much shows that you can’t be trusted to put honest info anywhere, whether it’s in the WHOIS info, or on a contact page.
You spammed it here the same way you spam it everywhere, including the digital point thread.
Honest people don’t register a new domain, hide the WHOIS info, then flood the internet with spam for it.
You’re pushing this site the same way people push other phishing/scam sites, as if you’re trying to get as much data through that server as possible before being shut down.