vincentkong.com

Almost a year ago I wrote about SSHing with a web browser using MindTerm.  This was good, if the network allows traffic via  the SSH port, and nowadays this is usually not the case.

Ajaxterm is a web based terminal that provides SSH connectivity with a AJAX supported web browser.

Installing Ajaxterm in Ubuntu

$ sudo apt-get install ajaxterm

Modify the configure file /etc/default/ajaxterm if a different port for ajaxterm is desired.  The default port is 8022.

Setting up Ajaxterm with Apache

By default Ajaxterm only listen at 127.0.0.1:8022.  For remote access, configure it with Apache using mod_proxy.

$ a2enmod proxy_http

Add the following to the Apache config /etc/apache2/httpd.conf

ProxyRequests off
ProxyPass / http://localhost:8022/
ProxyPassReverse / http://localhost:8022/

When completed point the browser to the domain associated with Ajaxterm.

Ajaxterm

Xming provides an implementation of the X Windows System (X11 server) for Microsoft Windows.  Its useful when needing to use a GUI application on a remote server that doesn’t provide remote desktop access.

Installing Xming

Installing Xming on Windows is easy; download the binary file and follow the installation wizard.

To configure Xming run XLaunch from the Start Menu, otherwise run Xming to start up the application.

When started an icon would appear on the taskbar.

Configure X11 Forwarding in PuTTY

Before establishing and SSH connection go to Connection -> SSH -> X11 in the configuration window and check the “Enable X11 forwarding” box.

PuTTY X11 Forwarding

After SSH connection has been established any GUI application can be run by executing it from the command prompt e.g. the Thunar file manager for Xubuntu

Running Thunar in Windows with Xming

More detail information can be found here.

A while back, I was using someone’s computer and I wanted to SSH into my server. The machine didn’t have any SSH client and I didn’t have my U3 Smart Drive with me.

MindTerm is a client that implements the SSH protocols written in Java which can run as an Applet. The basic syntax for embedding the MindTerm Applet in a web page is as follows:

<APPLET CODE="com.mindbright.application.MindTerm.class"
      ARCHIVE="mindterm.jar" WIDTH="400" HEIGHT="400">
    <PARAM NAME="cabinets" VALUE="mindterm.cab">
    <PARAM NAME="sepframe" value="true">
    <PARAM NAME="debug" value="true">
</APPLET>

Due to the Java security model, the Applet requires to be sign, otherwise it won’t run properly and throw an AccessControlException, as shown in the Java console.

For information on how to sign an Applet refer to Signing Java Applets Using RSA Certificate. After the Applet has been successfully signed a pop up will appear asking to accept the digital signature, and when accepted the Applet will have permission to run properly; this can be verify with the Java console again.

Now you can SSH from any computer that has a web browser and internet access.

For more information refer to Running MindTerm as an Applet

If you have a server, but only want to allow users to copy files via sFTP without providing shell access. This can be done with rssh, a restricted shell for use with OpenSSH that allows only scp and/or sftp.

To install rssh

$ apt-get install rssh

By default rssh doesn’t allow anything, to allow only sftp modify the rssh.conf file.

$ nano /etc/rssh.conf

Uncomment the line for allowsftp and other transfer protocols you want to enable.

#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync

To restrict a user to only allow sftp access, modify the /etc/passwd file

$ nano /etc/passwd

For example

ftp:x:100:100::/home/ftp:/usr/bin/rssh

Sometimes, you are connected to an internet which is unknown/insecure such as public WiFi hotspots or you are just surfing the internet at work.  In these type of scenarios you might want to secure your connection so no one can sniff at what or where you’re surfing. One way to create a secure connection is to create an SSH tunnel, and have your web browser use it as a SOCKS proxy.

The first requirement is to have a remote host running an SSH server. e.g. a box at home running OpenSSH. Then, you need to have an SSH client installed on your local machine, for Windows you can use PuTTY.

Establish an SSH tunnel using PuTTY:

Create a new PuTTY session

Run PuTTY and create a new session to connect to the remote host. Fill in the hostname, the port (usually 22), make sure SSH is checked.

Configure the Secure Tunnel

Click on “Tunnels” on the left panel to set up dynamic fowarding for a local port. Under “Add new forwarded port” type in the port number (e.g. 4080) for the source port, leave the destination blank, and check Auto and Dynamic. Then click the “Add” button. You should see D4080 listed in the “Forwarded Ports” box.

Establish an SSH tunnel on Linux:

Use the following command:

$ ssh -D 4080 username@remote_host_server

The tunnel is created when you login to the SSH server.

Configuring Your Web Browser:

To use the SSH tunnel as a SOCKS proxy you need to change the connection settings in the browser.

In the Firefox Connection Settings:

• Check “Manual Proxy Configuration:”
• Fill in 127.0.0.1 for the “SOCKS Host:” and 4080 for “Port:”
• Check “SOCKS v5″

Once everything is done you are now surfing the web securely.