Web-based SSH

Web-based SSH makes it possible to access Secure Shell servers through standard web browsers. Respective clients are based on JavaScript/AJAX and can be used to anonymously access SSH servers from behind any firewall or proxy.

Technology

Web-based SSH clients basically consist of the following parts:

* "Client Side": Typically JavaScript and dynamic HTML pages are used to capture key interactions, transmit messages to/from the server and display the results of interaction in the executing web browser.
* "Server Side/Web Application": On the web application server, incoming requests are processed. The information on key interactions is forwarded to a secure shell client communicating with the accessed SSH server. The responding server screen is translated into HTML/JavaScript code and transmitted to the client.

Each keyboard interaction triggers a request which is usually issued by use of AJAX. The response to this request is the information on the server screen as it appears after performing the described key press.

Advantages

The main advantages of web-based SSH can be summarized as follows:

* "Accessibility": Web-based SSH as described in this article requires no local installation of client software. It is thus possible to access SSH servers through any web browser from any public internet terminal. As communication is based on HTTP or HTTPS, it is also possible to access SSH servers from behind any firewall or proxy restricting internet access to port 80 or 443.
* "Anonymous access": As SSH access is tunnelled through the server-side web application, it is the web application server which actually communicates with the SSH server. Therefore, the SSH server gets only the IP address of the web application server whereas the IP address of the actual client is hidden.

Important Issues

The following issues have to be considered and are important when using a web-based SSH client:

* "Security": It is important to make sure that HTTPS is used for communicating with the web application server. Otherwise all data being sent would be readable by use of simple packet sniffers, which could reveal sensitive information.
* "Trust": The data being sent to the web application server is decrypted there. This is necessary in order to forward the issued commands to the actual SSH server. Even though the operators of web based SSH solutions usually don’t log sensitive data, you have to be aware of the fact that your data is theoretically available to them in plain form. This of course isn't a problem when the web application server and the SSH server are run on the same server.

Anyterm and Ajaxterm

Two open-source web-based SSH clients are available.

Anyterm was the first to appear. It's written in C++ (on the server side) and Javascript (on the client). There are two server-side implementations, an Apache module and a stand-alone daemon which is typically used with Apache's mod_proxy. Anyterm is GPL licensed.

Ajaxterm appeared soon afterwards, and was developed largely because of the complexity of installing Anyterm's Apache module. Ajaxterm is written in Python (on the server side) and Javascript (on the client); it operates as a daemon with mod_proxy. It is in the public domain.

The Anyterm site includes side-by-side demos of the editor nano running in both Anyterm and Ajaxterm.

External links

Software for installation on own servers:
* [http://antony.lesuisse.org/qweb/trac/wiki/AjaxTerm Ajaxterm]
* [http://anyterm.org/index.html Anyterm]