- Web-based SSH
Web-based SSH makes it possible to access
Secure Shell servers through standardweb browsers . Respective clients are based onJavaScript /AJAX and can be used to anonymously access SSH servers from behind anyfirewall orproxy .Technology
Web-based SSH clients basically consist of the following parts:
* "Client Side": Typically
JavaScript and dynamicHTML pages are used to capture key interactions, transmit messages to/from the server and display the results of interaction in the executingweb browser .
* "Server Side/Web Application": On the web application server, incoming requests are processed. The information on key interactions is forwarded to a secure shell client communicating with the accessed SSH server. The responding server screen is translated intoHTML /JavaScript code and transmitted to the client.Each keyboard interaction triggers a request which is usually issued by use of
AJAX . The response to this request is the information on the server screen as it appears after performing the described key press.Advantages
The main advantages of web-based SSH can be summarized as follows:
* "Accessibility": Web-based SSH as described in this article requires no local installation of client software. It is thus possible to access SSH servers through any web browser from any public internet terminal. As communication is based on
HTTP orHTTPS , it is also possible to access SSH servers from behind anyfirewall orproxy restricting internet access to port 80 or 443.
* "Anonymous access": As SSH access is tunnelled through the server-side web application, it is the web application server which actually communicates with the SSH server. Therefore, the SSH server gets only theIP address of the web application server whereas theIP address of the actual client is hidden.Important Issues
The following issues have to be considered and are important when using a web-based SSH client:
* "Security": It is important to make sure that
HTTPS is used for communicating with the web application server. Otherwise all data being sent would be readable by use of simplepacket sniffer s, which could reveal sensitive information.
* "Trust": The data being sent to the web application server is decrypted there. This is necessary in order to forward the issued commands to the actual SSH server. Even though the operators of web based SSH solutions usually don’t log sensitive data, you have to be aware of the fact that your data is theoretically available to them in plain form. This of course isn't a problem when the web application server and the SSH server are run on the same server.Anyterm and Ajaxterm
Two open-source web-based SSH clients are available.
Anyterm was the first to appear. It's written in C++ (on the server side) and Javascript (on the client). There are two server-side implementations, an Apache module and a stand-alone daemon which is typically used with Apache's mod_proxy. Anyterm is GPL licensed.
Ajaxterm appeared soon afterwards, and was developed largely because of the complexity of installing Anyterm's Apache module. Ajaxterm is written in Python (on the server side) and Javascript (on the client); it operates as a daemon with mod_proxy. It is in the public domain.
The Anyterm site includes side-by-side demos of the editor nano running in both Anyterm and Ajaxterm.
External links
Software for installation on own servers:
* [http://antony.lesuisse.org/qweb/trac/wiki/AjaxTerm Ajaxterm]
* [http://anyterm.org/index.html Anyterm]
Wikimedia Foundation. 2010.