Web-based SSH

Web-based SSH makes it possible to access Secure Shell servers through standard web browsers. Respective clients are based on JavaScript/AJAX and can be used to anonymously access SSH servers from behind any firewall or proxy.

Contents

• 1 Technology
• 2 Advantages
• 3 Important Issues
• 4 Open source examples
• 5 External links

[edit] Technology

Web-based SSH clients basically consist of the following parts:

• Client Side: Typically JavaScript and dynamic HTML pages are used to capture key interactions, transmit messages to/from the server and display the results of interaction in the executing web browser.
• Server Side/Web Application: On the web application server, incoming requests are processed. The information on key interactions is forwarded to a secure shell client communicating with the accessed SSH server. The responding server screen is translated into HTML/JavaScript code and transmitted to the client.

Each keyboard interaction triggers a request which is usually issued by use of AJAX. The response to this request is the information on the server screen as it appears after performing the described key press.

[edit] Advantages

The main advantages of web-based SSH can be summarized as follows:

• Accessibility: Web-based SSH as described in this article requires no local installation of client software. It is thus possible to access SSH servers through any web browser from any public internet terminal. As communication is based on HTTP or HTTPS, it is also possible to access SSH servers from behind any firewall or proxy restricting internet access to port 80 or 443.
• Anonymous access: As SSH access is tunnelled through the server-side web application, it is the web application server which actually communicates with the SSH server. Therefore, the SSH server gets only the IP address of the web application server whereas the IP address of the actual client is hidden.

[edit] Important Issues

The following issues have to be considered and are important when using a web-based SSH client:

• Security: It is important to make sure that HTTPS is used for communicating with the web application server. Otherwise all data being sent would be readable by use of simple packet sniffers, which could reveal sensitive information.
• Trust: The data being sent to the web application server is decrypted there. This is necessary in order to forward the issued commands to the actual SSH server. Even though the operators of web based SSH solutions usually don’t log sensitive data, the data is theoretically available to them in plain form. It is unlikely that this will cause a security issue when the web application server and the SSH server are run on the same server.
• Tunneling: Unlike traditional application based SSH clients, web-based SSH clients are unable to tunnel ("forward") TCP traffic. For example, running an X Window session over a web-based SSH session is not possible.

[edit] Open source examples

Anyterm is written in C++(on the server side) and JavaScript (on the client). The currentserver-side implementation is a stand-alone daemon which is typicallyused with Apache'smod_proxy. Anyterm is licensed under the terms of GPL.

Ajaxterm does not require the installation of an Apache module. It is written in Python (on the server side) and JavaScript (on the client). Ajaxterm operates as a daemon withmod_proxy. It is in the public domain.

WebShell extends Ajaxterm by an on-screen graphical keyboard which is intended for touchscreen mobile devices.

[edit] External links

Software for installation on own servers:

• Ajaxterm
• Anyterm
• WebShell
• Shell in a Box

SSH servers available on the Internet:

• consoleFISH at serFISH.com: Free for short sessions
• WebSSH: Free but +- 0.5% of the time unavailable
• SSHTerm.com: Free, opens connections in tabs