I recently read an article about AjaxTerm in the German Linux Magazin. It is a AJAX-based SSH client which runs in your browser. So with the respective setup you are able to access your box’ shell from anywhere just with a browser. You do not even have any problems with firewalls and proxies anymore!
This is a small guide which explains how to setup AjaxTerm on a Debian System with Plesk:
1. Go to the AjaxTerm Website and download the latest release (currently 0.10).
# wget http://antony.lesuisse.org/qweb/files/Ajaxterm-0.10.tar.gz
2. Extract the archive, become root, move the folder to /usr/local/ and create a symlink for easier access.
# tar xvzf Ajaxterm-0.10.tar.gz
# su
# mv Ajaxterm/ /usr/local
# ln -s /usr/local/Ajaxterm-0.10 /usr/local/ajaxterm
# cd /usr/local/ajaxterm
3. Copy the Debian init script for AjaxTerm to /etc/init.d/ and add it to all default run levels
# cp configure.initd.debian /etc/init.d/ajaxterm
# update-rc.d ajaxterm defaults
4. Edit the init script and change the variable DAEMON to /usr/local/ajaxterm/ajaxterm.py and PORT to 8022. Check that the executable name is ajaxterm.py (with the file extension!).
5. Make the init script executable and start AjaxTerm
# chmod a+x /etc/init.d/ajaxterm
# /etc/init.d/ajaxterm start
Starting ajaxterm on port 8022
AjaxTerm at http://localhost:8022/ pid: 7580
AjaxTerm is now successfully running (it started ssh session on localhost with user nobody) but is only listening on localhost:8022. Therefore we will use the Apache proxy module to access AjaxTerm using a subdomain. (As we did in the Plesk on Port 443 Howto)
6. Create a new subdomain with PHP support in Plesk, e.g. ajaxterm.example.com.
7. Go to the conf directory of the new domain.
# cd /var/www/vhosts/example.com/subdomains/ajaxterm/conf
8. Create a new vhost.conf with the following lines.
ProxyRequests Off
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass /ajaxterm/ http://localhost:8022/
ProxyPassReverse /ajaxterm/ http://localhost:8022/
9. Activate the proxy Apache module, reconfigure Plesk so that it finds the new vhost.conf and reload the apache configuration.
# a2enmod proxy
# /usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=example.com
# /etc/init.d/apache reload
You should not get any errors!
10. Access AjaxTerm: https://ajaxterm.example.com/ajaxterm/ (Don’t forget the trailing slash!)
11. Because we do not want to be able to use AjaxTerm over unsecured HTTP, we create a simple index.php in httpdoc/ and httpsdoc/ of the subdomain folder, which will redirect to the above link. Furthermore you should delete the index.html file in httpdocs/ and httpsdocs/.
< ? header("Location: https://" . $_SERVER['SERVER_NAME'] . "/ajaxterm/"); ?>
Now you should be able to access AjaxTerm by visiting https://ajaxterm.example.com with your browser.
If you are really paranoid you should secure the access furthermore by setting up an authentication, e.g. basic http authentication.
Hi,
I am one of the paranoid and wanted to secure the access furthermore by setting up an authentication, e.g. basic http authentication.
I found the solution after searching a lot with google, just add the following in your vhost.conf file and reload the configuration:
ProxyRequests Off
AuthUserFile /srv/ajaxterm/.htpasswd
AuthName EnterPassword
AuthType Basic
require valid-user
Order Deny,allow
Allow from all
Source http://wiki.kartbuilding.net/index.php/Ajaxterm#Config_Ajaxterm_and_Apache
Regards,
Iwan
Hi,
An other important sercurity issue is, that if a user uses ajaxterm with http and not with https. To prevent the user from using it with http you can change the ajaxterm.html located in your installation directory, in christians how to it would be “/usr/local/ajaxterm”
1. Open the ajaxterm.html with nano or comparitable:
# nano /usr/local/ajaxterm/ajaxterm.html
Now change the JavaScript function from:
window.onload=function() {
t=ajaxterm.Terminal(“term”,80,24);
};
To this:
window.onload=function() {
if(location.protocol==’https:’) {
t=ajaxterm.Terminal(“term”,80,24);
} else {
location.href=’https://’+location.hostname+location.pathname;
}
};
Then save the change and restart the server. Every user that connects to ajaxterm with http will be redirected to use https, after these changes.
I hope some of you find this helpfull.
Regards,
Iwan
Hi Iwan,
thanks for the tips. Another point is, that in the both files you already mentionend, you can change the numbers (80, 24) to resize the shell “window”. I changed it to 120 and 40.
I solved the security issues, and those from other similar http services, with the Http tunnel module of Webmin.
This doesn’t require any configuration but making Webmin to listen to public interfaces, if any.
Once Webmin is installed, you only have to go to:
https://your.public.address.com:10000/tunnel/link.cgi/http://localhost:8022
Hello,
Do you how to suppport libncurses/Dialog with ajaxterm i have strange chars when starting curses apps like make menuconfig and dialog scripts.
Cheers,
Greg
His name for this society was ‘communism’. ,
do u think it will work on mac os x too?
there r no init-scripts, but thats no problem, i can execute it directly. when i execute ./ajaxterm.py everything is ok, but as soon i go to localhost:8022 with my browser i get errors:
http://pastebin.com/m3715b2c7