Saturday, July 03, 2010

Browser Based SSH via Webshell

Lets say you need to SSH into your server, but you're not at your regular workstation. I've always recommended people carry a USB thumb drive with a toolkit of programs, such as Putty. But what if the machine you have doesn't have a USB port. No problem, you can download Putty. But what if the machine you have is a kiosk terminal that doesn't allow you to download...

Yeah, I'll admit it sound's pretty far fetched, but I have found an ultra cool package that could provide exactly such an emergency functionality: Webshell 0.9.6 It runs as a local python service and allows login via an AJAX enabled browser.

Behind the scenes, the browser client communicates with the python service, and the python service acts as an SSH client to access the local SSH service. On the surface, this could be a problem, as the browser to python connection would normally be unencrypted. This issue can be mitigated by install OpenSSL support for python. Unfortunately, the pOpenSSL package wasn't in my Fedora repo, so I had to grab it from Pbone.

I made a couple tweaks to my install. I changed the port from the default 8022:
sed -i "s/8022/???/g"
And since we always change the SSH port of outside servers:
sed -i "s/in +' loc/in +' -p ???? loc/"
And added some headspace to the top of the page:
sed -i "s/margin:0;/margin:25px 0px 0px 0px;/" \
And changed the font from 10 to 12:
sed -i "s/font:10/font:12/g" www/webshell.css

Once you change the font size, you'll need to change the default background or remove the JPG for solid black.

The documentation is a little unclear on the fact that the program, by default, only listens on, so you have to launch the script with -i to accept outside connections. Of course, you'll have to build your own SysV start script.

A side note, there are websites that run this program as a free service to let you web into their server, then hop over to yours. You probably don't want to use those free services. Sure, its SSL from you to them, and SSH from them to your server, but what's the protocol that encrypts the link between the SSL and SSH? can you say none?

No comments:

Post a Comment