?
Solved

Connecting to a console - over HTTP

Posted on 2003-10-27
11
Medium Priority
?
788 Views
Last Modified: 2012-08-13
Folks,

I'm interested in setting up my Debian box for remote access.

To connect to it from work, I will have to run through a firewall that only allows HTTP connections on port 8080 to pass. I do not want to set up tunnelling as this will compromise the network.

An ideal solution would be to host a page on my Apache instance, running a Java object (or something similar) that can open up a connection to a virtual tty on the box. In essence, I'd like to login to a we-based console hosted on http://myserver.net.

Has anybody seen such a beast on their travels? I was thinking about a web object that can telnet to a host (in this case, localhost). I have seen this type of thing before with FTP objects running in ASP environment. I thought there might be a module like this for Webmin, but I can't find one.

A finished solution would be sweet as my coding abilities are limited.

Cheers
0
Comment
Question by:GeneriK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 6

Expert Comment

by:mbarbos
ID: 9627706
Have alook at http://www.nocrew.org/software/httptunnel.html. Maybe it's what you want :)
0
 
LVL 1

Author Comment

by:GeneriK
ID: 9627749
Read the question dude: "I do not want to set up tunnelling as this will compromise the network."
0
 
LVL 20

Accepted Solution

by:
Gns earned 520 total points
ID: 9627843
On my ol' Mdk8.2 running some "ancient" webmin, I've got a "VNC Client" module and bot a "SSH Login" and a "SSH/Telnet" module... Perhaps what you're looking for?

At http://www.webmin.com/standard.html one can see that the SSH/Telnet login is still a standard module...

-- Glenn
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 1

Author Comment

by:GeneriK
ID: 9627921
Glenn - Thks I missed that when I looked through the module list.

I can use it to try to get my Oracle setup working! - it's still not by the way :^(

Let me get home and test before I issue points. Thanks
0
 
LVL 1

Expert Comment

by:m1fcj
ID: 9633560
Both SSH module and VNC module should not work since these applications are client-side applications. Even if you use an applet running on the remote side, these will fail.

To be able to use SSH over HTTPS, you have to create some sort of tunnelling, you can't escape from this fact. Don't forget that your terminal is not connected to the network directly, you are going through an HTTP proxy.

There are some neat solutions for HTTPS tunnels, here's one utilizing SSH. This setup is reasonably safe because the remote end (i.e., your PC at home) cannot access your corporate network but you can access the stuff at home. This is not a VPN, it is just an SSH tunnelling.

Squid wasn't designed to work like this so your performance might suffer.

First you set up your ssh deamon to listen to port 443.

On your client terminal, o to .ssh directory, edit your config file:

Host remotehost.distantland.org
ProxyCommand ssh-https-tunnel %h %p
User tralalala
Port 443

And here's the tunnelling script, don't forget to modify your proxy settings.

---8<------------------
#!/usr/bin/perl -T -w
# Copyright (C) 2001,2002 Mark Suter <suter@humbug.org.au>
#
# This program tunnels a secure shell connection via a https proxy as
# the ProxyCommand program.  The destination secure shell server needs
# to be running on port 443 unless the proxy is very lenient.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# $Id: ssh-https-tunnel,v 2.7 2002/04/18 03:50:26 suter Exp $

use strict;
use IO::Socket;
use IO::Select;
use MIME::Base64;

################################
##  Start User Configuration  ##
################################

# Proxy details
my $host = "Your proxy's IP";
my $port = Your proxy's port;

# Proxy authentication (only if needed!)
my $user = "your proxy username";
my $pass = "your proxy passwor";

# Add an entry to ~/.ssh/config so "ssh remote.example.org" uses
# this program to proxy the connection.
#
#    host remote.example.org
#        Port 443
#        ProxyCommand /path/to/ssh-https-tunnel %h %p
#
# Many proxies will timeout connections very quickly when there is
# no activity.  If you ssh client supports it, add the following to the
# ~/.ssh/config file.
#
#     ProtocolKeepAlives 5
#
# Another popular method is to X-Forward something like "xclock -update 5"
# to keep the connection "active."

################################
##   End User Configuration   ##
################################

## Tunnel the connection and return a handle for it
sub tunnel_connect($$$$$$) {
    my ($host, $port, $user, $pass, $remote_host, $remote_port) = @_;

    my $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port)
        or die "$0: Can't connect to $host:$port: $!\n";

    $socket->print("CONNECT $remote_host:$remote_port HTTP/1.0\015\012",
      $user ? "Proxy-Authorization: Basic " . encode_base64("$user:$pass", "\015\012") : "",
      "\015\012") or die "$0: Can't write: $!\n";

    local $/ = "\012";
    my $response = $socket->getline() or die "$0: Can't read: $!\n";
    $response =~ /^HTTP\/... 2/i or die "$0: CONNECT failed: $response";
    do { $response = $socket->getline() or die "$0: Can't read: $!\n"; }
    until $response =~ /^\s+$/;

    return $socket;
}

## Move data from one handle to another
sub proxy_data($$) {
    my ($source, $destination) = @_;

    my ($buffer, $length, $offset, $bytes) = ("", 0, 0, 0);
    $length = sysread($source, $buffer, 4096, $offset) or return 0;
    while ($length) {
        $bytes = syswrite($destination, $buffer, $length, $offset) or return 0;
        $offset += $bytes;
        $length -= $bytes;
    }
    return 1;
}

## Check we have two arguments
defined $ARGV[0] and defined $ARGV[1] or die "Usage $0 <host> <port>\n";

## Setup the tunnel
my $proxy = tunnel_connect($host, $port, $user, $pass, $ARGV[0], $ARGV[1]);

## Shift data around in each direction
my $sel = IO::Select->new( [ \*STDIN, $proxy ], [ $proxy, \*STDOUT ] );
SELECT: while (my @ready = $sel->can_read()) {
    foreach my $handle (@ready) {
        proxy_data($$handle[0], $$handle[1]) or last SELECT;
    }
}
---8<------------------
0
 
LVL 1

Author Comment

by:GeneriK
ID: 9714341
OK Glenn - sorry bout the delay. Webmin module perfect except

Cannot get Java to run in Mozilla therefore I can only use a MS box to connect - can you help out with this?

I've downloaded the latest JRE and installed the  symlink in mozilla/plugins as installation instructions directed.

about:plugins doesn't show the Sun JRE installed. Tried the install-on-demand feature but the page has errors and the plugin does not download.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9714481
Hm, so it doesn't "see" it... I've got this working with some versions of mozilla (at least:-), and most version of konqueror and Galeon ... The latter might be a good thing to try.
Note that there are several java plugins (ns4, ns600, ns610 ...).
I've got it working with mozilla 1.3, 1.3.1 with at least the ns600 (from jre1.4.1_02), and 1.4 with the ns610 (compiled for glibc 3.2 from the jre1.4.2_02). Getting this right might be important:-).
Also check that the link is made in a place your mozilla really looks, and that the link is correctly pointing to a libjavaplugin_oji.so file.
If you start mozilla from a command line prompt (terminal emulator) you are likely to see some debug messages, that might shed some light on why it doesn't load the plugin.
You could tell exact versions here, and perhaps quote the debug info... and some ls -l listings of the relevant plugin directories.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 9714492
"glibc 3.2" should of course have been "gcc 3.2"!

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 9714521
I've got some slightly dated Debian (3.0r1 _stable_...urgh) with Mozilla 1.0.0... I'll DL and test right away:-).

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 9714601
Ok, just tested with that ancient mozilla and j2re-1_4_2_01-linux-i586.bin from sun... works like a charm.
Steps I took:
Downloaded from sun,
(as root)
chmod +x j2re-1_4_2_01-linux-i586.bin
./j2re-1_4_2_01-linux-i586.bin
(run through... unpacks in the local directory... /usr/java in my case)
cd /usr/lib/mozilla/plugin
ln -s /usr/java/j2re1.4.2_01/plugin/i386/ns610/libjavaplugin_oji.so
(without restart, went to Help->plugins ... and it shows up... Restarted Mozilla, opened a java enabled page... just works(tm):-).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
ID: 9715313
OK i'll try again tonight and let you know

cheers
0

Featured Post

Automating Terraform w Jenkins & AWS CodeCommit

How to configure Jenkins and CodeCommit to allow users to easily create and destroy infrastructure using Terraform code.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question