Date: Thu, 22 Mar 2007 12:45:17 -0700 (PDT) From: eps+ques0703@ana.com (Eric P. Scott) To: freebsd-questions@freebsd.org Cc: Koen de Wijs <koendewijs@gmx.net> Subject: Re: ssh via html Message-ID: <200703221945.l2MJjHQ4021345@anna.ana.com> In-Reply-To: <46028475.6060803@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>I want to login on my freebsd remotely by ssh. >I would like a html website that makes a shell and do everything over ssl. You're asking for different things, but you should be asking for different things--because there probably isn't a single solution that will work in all cases. Web-based Option: SSH terminal applet I like AppGate's MindTerm (www.appgate.com/mindterm), but there are others. Caveats: (1) the web browser has to support Java; (2) you will need to run a secure [https] server on the same machine you want to SSH into [due to Java applet security restrictions]; (3) you are still vulnerable to keystroke loggers or other spyware on the client side. Web-based Option: AJAX terminal client The best known is Phil Endecott's AnyTerm (anyterm.org), but Antony Lesuisse's Ajaxterm (antony.lesuisse.org/qweb/trac/wiki/AjaxTerm) is becoming increasingly popular. Caveats: (1) requires a "modern" browser supporting XmlHTTP; (2) you will need to run a secure [https] web server; (3) same as above; (4) likely to be slow. Option: Portable Software Type "portable applications" (or "portable apps") into your favorite search engine, and you'll find a whole bunch of interesting things (including Firefox Portable and portaPuTTY). You can stick these on a USB flash device. Caveats: (1) requires Microsoft Windows on the client side (versions other than 2000 or XP may be problematic); (2) writable flash drives are susceptable to malware that may be present on the client computer; (3) same as above. Option: Live CD Booting a disc like FreeSBIE (www.freesbie.org) or KNOPPIX (www.knopper.net/knoppix/index-en.html) isolates you from whatever evil bits may be lurking on a computer's hard drive, and gives you a predictable, reasonably trustable environment. Caveats: (1) requires rebooting; (2) assumes it can configure networking via DHCP, and there are no "corporate firewalls" blocking egress; (3) still vulnerable to hardware keystroke loggers, etc. Option: None of the above Use your own portable computer or smartphone. Caveat: may require subscription to a wireless carrier's data plan and/or additional network adapter hardware Always assume everything you do is being watched by someone else who does not have your best interests in mind. Use one-time passwords (or some other replay-resistant authentication) to enhance security. Learn how to differentiate legitimate servers from impostors; beware of "man-in-the-middle" attacks. Spoofed DNS and "transparent proxies" are more common than you think. Web-based solutions generally require paying someone for something, even if it's just a server certificate. -=EPS=-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703221945.l2MJjHQ4021345>