Web-based SSH
Encyclopedia
Web-based SSH
makes it possible to access Secure Shell
(SSH) servers through standard web browser
s. Respective clients are based on JavaScript
/Ajax
and can be used to anonymously access SSH servers from behind any firewall
or proxy
.
Each keyboard interaction triggers a request which is usually issued by use of Ajax
. The response to this request is the information on the server screen as it appears after performing the described key press.
can be summarized as follows:
(on the server side) and JavaScript (on the client). The current server-side implementation is a stand-alone daemon which is typically used with Apache
's mod_proxy. Anyterm is licensed under the terms of GPL.
Ajaxterm does not require the installation of an Apache module. It is written in Python
(on the server side) and JavaScript (on the client). Ajaxterm operates as a daemon with mod_proxy. It is in the public domain
.
WebShell extends Ajaxterm by an on-screen graphical keyboard which is intended for touchscreen mobile devices.
Hosted solutions:
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
makes it possible to access Secure Shell
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
(SSH) servers through standard web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
s. Respective clients are based on JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
/Ajax
Ajax (programming)
Ajax is a group of interrelated web development methods used on the client-side to create asynchronous web applications...
and can be used to anonymously access SSH servers from behind any firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
or proxy
Proxy server
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
.
Technology
Web-based SSH clients basically consist of the following parts:- Client-side: Typically JavaScriptJavaScriptJavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
and dynamic HTMLHTMLHyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
pages are used to capture key interactions, transmit messages to/from the server and display the results of interaction in the executing web browserWeb browserA web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
. - Server-side/Web application: On the web application serverApplication serverAn application server is a software framework that provides an environment in which applications can run, no matter what the applications are or what they do...
, incoming requests are processed. The information on key interactions is forwarded to a secure shell client communicating with the accessed SSHSecure ShellSecure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
server. The responding server screen is translated into HTMLHTMLHyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
/JavaScriptJavaScriptJavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
code and transmitted to the client.
Each keyboard interaction triggers a request which is usually issued by use of Ajax
Ajax (programming)
Ajax is a group of interrelated web development methods used on the client-side to create asynchronous web applications...
. The response to this request is the information on the server screen as it appears after performing the described key press.
Advantages
The main advantages of web-based SSHSecure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
can be summarized as follows:
- Accessibility: Web-based SSH as described in this article requires no local installation of client software. It is thus possible to access SSH servers through any web browser from any public Internet terminalInteractive kioskAn Interactive kiosk is a computer terminal featuring specialized hardware and software designed within a public exhibit that provides access to information and applications for communication, commerce, entertainment, and education....
. As communication is based on HTTP or HTTPSHttpsHypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
, it is also possible to access SSH servers from behind any firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
or proxyProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
restricting Internet access to port 80 or 443. - Anonymous access: As SSH access is tunneled through the server-side web application, it is the web application serverApplication serverAn application server is a software framework that provides an environment in which applications can run, no matter what the applications are or what they do...
which actually communicates with the SSH server. Therefore, the SSH server gets only the IP addressIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of the web application server whereas the IP address of the actual client is hidden.
Important Issues
The following issues have to be considered and are important when using a web-based SSH client:- Security: It is important to make sure that HTTPSHttpsHypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
is used for communicating with the web application serverApplication serverAn application server is a software framework that provides an environment in which applications can run, no matter what the applications are or what they do...
. Otherwise all data being sent would be readable by use of simple packet snifferPacket snifferA packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
s, which could reveal sensitive information. - Trust: The data being sent to the web application server is decrypted there. This is necessary in order to forward the issued commands to the actual SSHSecure ShellSecure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
server. Even though the operators of web-based SSH solutions usually don't log sensitive data, the data is theoretically available to them in plain form. It is unlikely that this will cause a security issue when the web application server and the SSH server are run on the same server. - Tunneling: Unlike traditional application based SSH clients, web-based SSH clients are unable to tunnel ("forward") traffic. For example, running an X Window session over a web-based SSH session is not possible.
Open source examples
Anyterm is written in C++C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
(on the server side) and JavaScript (on the client). The current server-side implementation is a stand-alone daemon which is typically used with Apache
Apache HTTP Server
The Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
's mod_proxy. Anyterm is licensed under the terms of GPL.
Ajaxterm does not require the installation of an Apache module. It is written in Python
Python (programming language)
Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
(on the server side) and JavaScript (on the client). Ajaxterm operates as a daemon with mod_proxy. It is in the public domain
Public domain
Works are in the public domain if the intellectual property rights have expired, if the intellectual property rights are forfeited, or if they are not covered by intellectual property rights at all...
.
WebShell extends Ajaxterm by an on-screen graphical keyboard which is intended for touchscreen mobile devices.
External links
Software for installation on own servers:Hosted solutions:
- consoleFISH at serFISH.com: Free for short sessions