From owner-freebsd-questions@FreeBSD.ORG Thu Mar 22 19:46:29 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D62A516A401 for ; Thu, 22 Mar 2007 19:46:29 +0000 (UTC) (envelope-from eps@anna.ana.com) Received: from anna.ana.com (anna.ana.com [208.69.41.33]) by mx1.freebsd.org (Postfix) with ESMTP id A6A2813C44B for ; Thu, 22 Mar 2007 19:46:29 +0000 (UTC) (envelope-from eps@anna.ana.com) Received: from anna.ana.com (localhost [127.0.0.1]) by anna.ana.com (8.13.8/8.13.8) with ESMTP id l2MJjHmK021346; Thu, 22 Mar 2007 12:45:18 -0700 (PDT) Received: (from eps@localhost) by anna.ana.com (8.13.8/8.13.8/Submit) id l2MJjHQ4021345; Thu, 22 Mar 2007 12:45:17 -0700 (PDT) Date: Thu, 22 Mar 2007 12:45:17 -0700 (PDT) Message-Id: <200703221945.l2MJjHQ4021345@anna.ana.com> From: eps+ques0703@ana.com (Eric P. Scott) To: freebsd-questions@freebsd.org In-Reply-To: <46028475.6060803@gmx.net> Cc: Koen de Wijs Subject: Re: ssh via html X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 19:46:29 -0000 >I want to login on my freebsd remotely by ssh. >I would like a html website that makes a shell and do everything over ssl. You're asking for different things, but you should be asking for different things--because there probably isn't a single solution that will work in all cases. Web-based Option: SSH terminal applet I like AppGate's MindTerm (www.appgate.com/mindterm), but there are others. Caveats: (1) the web browser has to support Java; (2) you will need to run a secure [https] server on the same machine you want to SSH into [due to Java applet security restrictions]; (3) you are still vulnerable to keystroke loggers or other spyware on the client side. Web-based Option: AJAX terminal client The best known is Phil Endecott's AnyTerm (anyterm.org), but Antony Lesuisse's Ajaxterm (antony.lesuisse.org/qweb/trac/wiki/AjaxTerm) is becoming increasingly popular. Caveats: (1) requires a "modern" browser supporting XmlHTTP; (2) you will need to run a secure [https] web server; (3) same as above; (4) likely to be slow. Option: Portable Software Type "portable applications" (or "portable apps") into your favorite search engine, and you'll find a whole bunch of interesting things (including Firefox Portable and portaPuTTY). You can stick these on a USB flash device. Caveats: (1) requires Microsoft Windows on the client side (versions other than 2000 or XP may be problematic); (2) writable flash drives are susceptable to malware that may be present on the client computer; (3) same as above. Option: Live CD Booting a disc like FreeSBIE (www.freesbie.org) or KNOPPIX (www.knopper.net/knoppix/index-en.html) isolates you from whatever evil bits may be lurking on a computer's hard drive, and gives you a predictable, reasonably trustable environment. Caveats: (1) requires rebooting; (2) assumes it can configure networking via DHCP, and there are no "corporate firewalls" blocking egress; (3) still vulnerable to hardware keystroke loggers, etc. Option: None of the above Use your own portable computer or smartphone. Caveat: may require subscription to a wireless carrier's data plan and/or additional network adapter hardware Always assume everything you do is being watched by someone else who does not have your best interests in mind. Use one-time passwords (or some other replay-resistant authentication) to enhance security. Learn how to differentiate legitimate servers from impostors; beware of "man-in-the-middle" attacks. Spoofed DNS and "transparent proxies" are more common than you think. Web-based solutions generally require paying someone for something, even if it's just a server certificate. -=EPS=-