Solved

Connecting to a console - over HTTP

Posted on 2003-10-27
11
779 Views
Last Modified: 2012-08-13
Folks,

I'm interested in setting up my Debian box for remote access.

To connect to it from work, I will have to run through a firewall that only allows HTTP connections on port 8080 to pass. I do not want to set up tunnelling as this will compromise the network.

An ideal solution would be to host a page on my Apache instance, running a Java object (or something similar) that can open up a connection to a virtual tty on the box. In essence, I'd like to login to a we-based console hosted on http://myserver.net.

Has anybody seen such a beast on their travels? I was thinking about a web object that can telnet to a host (in this case, localhost). I have seen this type of thing before with FTP objects running in ASP environment. I thought there might be a module like this for Webmin, but I can't find one.

A finished solution would be sweet as my coding abilities are limited.

Cheers
0
Comment
Question by:GeneriK
11 Comments
 
LVL 6

Expert Comment

by:mbarbos
Comment Utility
Have alook at http://www.nocrew.org/software/httptunnel.html. Maybe it's what you want :)
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Read the question dude: "I do not want to set up tunnelling as this will compromise the network."
0
 
LVL 20

Accepted Solution

by:
Gns earned 130 total points
Comment Utility
On my ol' Mdk8.2 running some "ancient" webmin, I've got a "VNC Client" module and bot a "SSH Login" and a "SSH/Telnet" module... Perhaps what you're looking for?

At http://www.webmin.com/standard.html one can see that the SSH/Telnet login is still a standard module...

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
Glenn - Thks I missed that when I looked through the module list.

I can use it to try to get my Oracle setup working! - it's still not by the way :^(

Let me get home and test before I issue points. Thanks
0
 
LVL 1

Expert Comment

by:m1fcj
Comment Utility
Both SSH module and VNC module should not work since these applications are client-side applications. Even if you use an applet running on the remote side, these will fail.

To be able to use SSH over HTTPS, you have to create some sort of tunnelling, you can't escape from this fact. Don't forget that your terminal is not connected to the network directly, you are going through an HTTP proxy.

There are some neat solutions for HTTPS tunnels, here's one utilizing SSH. This setup is reasonably safe because the remote end (i.e., your PC at home) cannot access your corporate network but you can access the stuff at home. This is not a VPN, it is just an SSH tunnelling.

Squid wasn't designed to work like this so your performance might suffer.

First you set up your ssh deamon to listen to port 443.

On your client terminal, o to .ssh directory, edit your config file:

Host remotehost.distantland.org
ProxyCommand ssh-https-tunnel %h %p
User tralalala
Port 443

And here's the tunnelling script, don't forget to modify your proxy settings.

---8<------------------
#!/usr/bin/perl -T -w
# Copyright (C) 2001,2002 Mark Suter <suter@humbug.org.au>
#
# This program tunnels a secure shell connection via a https proxy as
# the ProxyCommand program.  The destination secure shell server needs
# to be running on port 443 unless the proxy is very lenient.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# $Id: ssh-https-tunnel,v 2.7 2002/04/18 03:50:26 suter Exp $

use strict;
use IO::Socket;
use IO::Select;
use MIME::Base64;

################################
##  Start User Configuration  ##
################################

# Proxy details
my $host = "Your proxy's IP";
my $port = Your proxy's port;

# Proxy authentication (only if needed!)
my $user = "your proxy username";
my $pass = "your proxy passwor";

# Add an entry to ~/.ssh/config so "ssh remote.example.org" uses
# this program to proxy the connection.
#
#    host remote.example.org
#        Port 443
#        ProxyCommand /path/to/ssh-https-tunnel %h %p
#
# Many proxies will timeout connections very quickly when there is
# no activity.  If you ssh client supports it, add the following to the
# ~/.ssh/config file.
#
#     ProtocolKeepAlives 5
#
# Another popular method is to X-Forward something like "xclock -update 5"
# to keep the connection "active."

################################
##   End User Configuration   ##
################################

## Tunnel the connection and return a handle for it
sub tunnel_connect($$$$$$) {
    my ($host, $port, $user, $pass, $remote_host, $remote_port) = @_;

    my $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port)
        or die "$0: Can't connect to $host:$port: $!\n";

    $socket->print("CONNECT $remote_host:$remote_port HTTP/1.0\015\012",
      $user ? "Proxy-Authorization: Basic " . encode_base64("$user:$pass", "\015\012") : "",
      "\015\012") or die "$0: Can't write: $!\n";

    local $/ = "\012";
    my $response = $socket->getline() or die "$0: Can't read: $!\n";
    $response =~ /^HTTP\/... 2/i or die "$0: CONNECT failed: $response";
    do { $response = $socket->getline() or die "$0: Can't read: $!\n"; }
    until $response =~ /^\s+$/;

    return $socket;
}

## Move data from one handle to another
sub proxy_data($$) {
    my ($source, $destination) = @_;

    my ($buffer, $length, $offset, $bytes) = ("", 0, 0, 0);
    $length = sysread($source, $buffer, 4096, $offset) or return 0;
    while ($length) {
        $bytes = syswrite($destination, $buffer, $length, $offset) or return 0;
        $offset += $bytes;
        $length -= $bytes;
    }
    return 1;
}

## Check we have two arguments
defined $ARGV[0] and defined $ARGV[1] or die "Usage $0 <host> <port>\n";

## Setup the tunnel
my $proxy = tunnel_connect($host, $port, $user, $pass, $ARGV[0], $ARGV[1]);

## Shift data around in each direction
my $sel = IO::Select->new( [ \*STDIN, $proxy ], [ $proxy, \*STDOUT ] );
SELECT: while (my @ready = $sel->can_read()) {
    foreach my $handle (@ready) {
        proxy_data($$handle[0], $$handle[1]) or last SELECT;
    }
}
---8<------------------
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:GeneriK
Comment Utility
OK Glenn - sorry bout the delay. Webmin module perfect except

Cannot get Java to run in Mozilla therefore I can only use a MS box to connect - can you help out with this?

I've downloaded the latest JRE and installed the  symlink in mozilla/plugins as installation instructions directed.

about:plugins doesn't show the Sun JRE installed. Tried the install-on-demand feature but the page has errors and the plugin does not download.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Hm, so it doesn't "see" it... I've got this working with some versions of mozilla (at least:-), and most version of konqueror and Galeon ... The latter might be a good thing to try.
Note that there are several java plugins (ns4, ns600, ns610 ...).
I've got it working with mozilla 1.3, 1.3.1 with at least the ns600 (from jre1.4.1_02), and 1.4 with the ns610 (compiled for glibc 3.2 from the jre1.4.2_02). Getting this right might be important:-).
Also check that the link is made in a place your mozilla really looks, and that the link is correctly pointing to a libjavaplugin_oji.so file.
If you start mozilla from a command line prompt (terminal emulator) you are likely to see some debug messages, that might shed some light on why it doesn't load the plugin.
You could tell exact versions here, and perhaps quote the debug info... and some ls -l listings of the relevant plugin directories.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
"glibc 3.2" should of course have been "gcc 3.2"!

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
I've got some slightly dated Debian (3.0r1 _stable_...urgh) with Mozilla 1.0.0... I'll DL and test right away:-).

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Ok, just tested with that ancient mozilla and j2re-1_4_2_01-linux-i586.bin from sun... works like a charm.
Steps I took:
Downloaded from sun,
(as root)
chmod +x j2re-1_4_2_01-linux-i586.bin
./j2re-1_4_2_01-linux-i586.bin
(run through... unpacks in the local directory... /usr/java in my case)
cd /usr/lib/mozilla/plugin
ln -s /usr/java/j2re1.4.2_01/plugin/i386/ns610/libjavaplugin_oji.so
(without restart, went to Help->plugins ... and it shows up... Restarted Mozilla, opened a java enabled page... just works(tm):-).

-- Glenn
0
 
LVL 1

Author Comment

by:GeneriK
Comment Utility
OK i'll try again tonight and let you know

cheers
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now