ssh via html
Eric P. Scott
eps+ques0703 at ana.com
Thu Mar 22 19:46:29 UTC 2007
>I want to login on my freebsd remotely by ssh.
>I would like a html website that makes a shell and do everything over ssl.
You're asking for different things, but you should be asking for
different things--because there probably isn't a single solution
that will work in all cases.
Web-based Option: SSH terminal applet
I like AppGate's MindTerm (www.appgate.com/mindterm), but there
are others. Caveats: (1) the web browser has to support Java;
(2) you will need to run a secure [https] server on the same
machine you want to SSH into [due to Java applet security
restrictions]; (3) you are still vulnerable to keystroke loggers
or other spyware on the client side.
Web-based Option: AJAX terminal client
The best known is Phil Endecott's AnyTerm (anyterm.org), but
Antony Lesuisse's Ajaxterm (antony.lesuisse.org/qweb/trac/wiki/AjaxTerm)
is becoming increasingly popular. Caveats: (1) requires a
"modern" browser supporting XmlHTTP; (2) you will need to run a
secure [https] web server; (3) same as above; (4) likely to be
Option: Portable Software
Type "portable applications" (or "portable apps") into your
favorite search engine, and you'll find a whole bunch of
interesting things (including Firefox Portable and portaPuTTY).
You can stick these on a USB flash device. Caveats: (1) requires
Microsoft Windows on the client side (versions other than 2000 or
XP may be problematic); (2) writable flash drives are susceptable
to malware that may be present on the client computer; (3) same
Option: Live CD
Booting a disc like FreeSBIE (www.freesbie.org) or KNOPPIX
(www.knopper.net/knoppix/index-en.html) isolates you from
whatever evil bits may be lurking on a computer's hard drive, and
gives you a predictable, reasonably trustable environment.
Caveats: (1) requires rebooting; (2) assumes it can configure
networking via DHCP, and there are no "corporate firewalls"
blocking egress; (3) still vulnerable to hardware keystroke
Option: None of the above
Use your own portable computer or smartphone. Caveat: may
require subscription to a wireless carrier's data plan and/or
additional network adapter hardware
Always assume everything you do is being watched by someone else
who does not have your best interests in mind. Use one-time
passwords (or some other replay-resistant authentication) to
enhance security. Learn how to differentiate legitimate servers
from impostors; beware of "man-in-the-middle" attacks. Spoofed
DNS and "transparent proxies" are more common than you think.
Web-based solutions generally require paying someone for
something, even if it's just a server certificate.
More information about the freebsd-questions