ssh via html

Eric P. Scott eps+ques0703 at
Thu Mar 22 19:46:29 UTC 2007

>I want to login on my freebsd remotely by ssh.

>I would like a html website that makes a shell and do everything over ssl.

You're asking for different things, but you should be asking for
different things--because there probably isn't a single solution
that will work in all cases.

Web-based Option: SSH terminal applet

I like AppGate's MindTerm (, but there
are others.  Caveats: (1) the web browser has to support Java;
(2) you will need to run a secure [https] server on the same
machine you want to SSH into [due to Java applet security
restrictions]; (3) you are still vulnerable to keystroke loggers
or other spyware on the client side.

Web-based Option: AJAX terminal client

The best known is Phil Endecott's AnyTerm (, but
Antony Lesuisse's Ajaxterm (
is becoming increasingly popular.  Caveats: (1) requires a
"modern" browser supporting XmlHTTP; (2) you will need to run a
secure [https] web server; (3) same as above; (4) likely to be

Option: Portable Software

Type "portable applications" (or "portable apps") into your
favorite search engine, and you'll find a whole bunch of
interesting things (including Firefox Portable and portaPuTTY).
You can stick these on a USB flash device.  Caveats: (1) requires
Microsoft Windows on the client side (versions other than 2000 or
XP may be problematic); (2) writable flash drives are susceptable
to malware that may be present on the client computer; (3) same
as above.

Option: Live CD

Booting a disc like FreeSBIE ( or KNOPPIX
( isolates you from
whatever evil bits may be lurking on a computer's hard drive, and
gives you a predictable, reasonably trustable environment.
Caveats: (1) requires rebooting; (2) assumes it can configure
networking via DHCP, and there are no "corporate firewalls"
blocking egress; (3) still vulnerable to hardware keystroke
loggers, etc.

Option: None of the above

Use your own portable computer or smartphone.  Caveat: may
require subscription to a wireless carrier's data plan and/or
additional network adapter hardware

Always assume everything you do is being watched by someone else
who does not have your best interests in mind.  Use one-time
passwords (or some other replay-resistant authentication) to
enhance security.  Learn how to differentiate legitimate servers
from impostors; beware of "man-in-the-middle" attacks.  Spoofed
DNS and "transparent proxies" are more common than you think.

Web-based solutions generally require paying someone for
something, even if it's just a server certificate.


More information about the freebsd-questions mailing list