GeneriK
asked on
Connecting to a console - over HTTP
Folks,
I'm interested in setting up my Debian box for remote access.
To connect to it from work, I will have to run through a firewall that only allows HTTP connections on port 8080 to pass. I do not want to set up tunnelling as this will compromise the network.
An ideal solution would be to host a page on my Apache instance, running a Java object (or something similar) that can open up a connection to a virtual tty on the box. In essence, I'd like to login to a we-based console hosted on http://myserver.net.
Has anybody seen such a beast on their travels? I was thinking about a web object that can telnet to a host (in this case, localhost). I have seen this type of thing before with FTP objects running in ASP environment. I thought there might be a module like this for Webmin, but I can't find one.
A finished solution would be sweet as my coding abilities are limited.
Cheers
I'm interested in setting up my Debian box for remote access.
To connect to it from work, I will have to run through a firewall that only allows HTTP connections on port 8080 to pass. I do not want to set up tunnelling as this will compromise the network.
An ideal solution would be to host a page on my Apache instance, running a Java object (or something similar) that can open up a connection to a virtual tty on the box. In essence, I'd like to login to a we-based console hosted on http://myserver.net.
Has anybody seen such a beast on their travels? I was thinking about a web object that can telnet to a host (in this case, localhost). I have seen this type of thing before with FTP objects running in ASP environment. I thought there might be a module like this for Webmin, but I can't find one.
A finished solution would be sweet as my coding abilities are limited.
Cheers
Mihai Barbos
Have alook at http://www.nocrew.org/software/httptunnel.html. Maybe it's what you want :)
ASKER
Read the question dude: "I do not want to set up tunnelling as this will compromise the network."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Glenn - Thks I missed that when I looked through the module list.
I can use it to try to get my Oracle setup working! - it's still not by the way :^(
Let me get home and test before I issue points. Thanks
I can use it to try to get my Oracle setup working! - it's still not by the way :^(
Let me get home and test before I issue points. Thanks
Both SSH module and VNC module should not work since these applications are client-side applications. Even if you use an applet running on the remote side, these will fail.
To be able to use SSH over HTTPS, you have to create some sort of tunnelling, you can't escape from this fact. Don't forget that your terminal is not connected to the network directly, you are going through an HTTP proxy.
There are some neat solutions for HTTPS tunnels, here's one utilizing SSH. This setup is reasonably safe because the remote end (i.e., your PC at home) cannot access your corporate network but you can access the stuff at home. This is not a VPN, it is just an SSH tunnelling.
Squid wasn't designed to work like this so your performance might suffer.
First you set up your ssh deamon to listen to port 443.
On your client terminal, o to .ssh directory, edit your config file:
Host remotehost.distantland.org
ProxyCommand ssh-https-tunnel %h %p
User tralalala
Port 443
And here's the tunnelling script, don't forget to modify your proxy settings.
---8<------------------
#!/usr/bin/perl -T -w
# Copyright (C) 2001,2002 Mark Suter <suter@humbug.org.au>
#
# This program tunnels a secure shell connection via a https proxy as
# the ProxyCommand program. The destination secure shell server needs
# to be running on port 443 unless the proxy is very lenient.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# $Id: ssh-https-tunnel,v 2.7 2002/04/18 03:50:26 suter Exp $
use strict;
use IO::Socket;
use IO::Select;
use MIME::Base64;
##########################
## Start User Configuration ##
##########################
# Proxy details
my $host = "Your proxy's IP";
my $port = Your proxy's port;
# Proxy authentication (only if needed!)
my $user = "your proxy username";
my $pass = "your proxy passwor";
# Add an entry to ~/.ssh/config so "ssh remote.example.org" uses
# this program to proxy the connection.
#
# host remote.example.org
# Port 443
# ProxyCommand /path/to/ssh-https-tunnel %h %p
#
# Many proxies will timeout connections very quickly when there is
# no activity. If you ssh client supports it, add the following to the
# ~/.ssh/config file.
#
# ProtocolKeepAlives 5
#
# Another popular method is to X-Forward something like "xclock -update 5"
# to keep the connection "active."
##########################
## End User Configuration ##
##########################
## Tunnel the connection and return a handle for it
sub tunnel_connect($$$$$$) {
my ($host, $port, $user, $pass, $remote_host, $remote_port) = @_;
my $socket = IO::Socket::INET->new(Peer
or die "$0: Can't connect to $host:$port: $!\n";
$socket->print("CONNECT $remote_host:$remote_port HTTP/1.0\015\012",
$user ? "Proxy-Authorization: Basic " . encode_base64("$user:$pass
"\015\012") or die "$0: Can't write: $!\n";
local $/ = "\012";
my $response = $socket->getline() or die "$0: Can't read: $!\n";
$response =~ /^HTTP\/... 2/i or die "$0: CONNECT failed: $response";
do { $response = $socket->getline() or die "$0: Can't read: $!\n"; }
until $response =~ /^\s+$/;
return $socket;
}
## Move data from one handle to another
sub proxy_data($$) {
my ($source, $destination) = @_;
my ($buffer, $length, $offset, $bytes) = ("", 0, 0, 0);
$length = sysread($source, $buffer, 4096, $offset) or return 0;
while ($length) {
$bytes = syswrite($destination, $buffer, $length, $offset) or return 0;
$offset += $bytes;
$length -= $bytes;
}
return 1;
}
## Check we have two arguments
defined $ARGV[0] and defined $ARGV[1] or die "Usage $0 <host> <port>\n";
## Setup the tunnel
my $proxy = tunnel_connect($host, $port, $user, $pass, $ARGV[0], $ARGV[1]);
## Shift data around in each direction
my $sel = IO::Select->new( [ \*STDIN, $proxy ], [ $proxy, \*STDOUT ] );
SELECT: while (my @ready = $sel->can_read()) {
foreach my $handle (@ready) {
proxy_data($$handle[0], $$handle[1]) or last SELECT;
}
}
---8<------------------
To be able to use SSH over HTTPS, you have to create some sort of tunnelling, you can't escape from this fact. Don't forget that your terminal is not connected to the network directly, you are going through an HTTP proxy.
There are some neat solutions for HTTPS tunnels, here's one utilizing SSH. This setup is reasonably safe because the remote end (i.e., your PC at home) cannot access your corporate network but you can access the stuff at home. This is not a VPN, it is just an SSH tunnelling.
Squid wasn't designed to work like this so your performance might suffer.
First you set up your ssh deamon to listen to port 443.
On your client terminal, o to .ssh directory, edit your config file:
Host remotehost.distantland.org
ProxyCommand ssh-https-tunnel %h %p
User tralalala
Port 443
And here's the tunnelling script, don't forget to modify your proxy settings.
---8<------------------
#!/usr/bin/perl -T -w
# Copyright (C) 2001,2002 Mark Suter <suter@humbug.org.au>
#
# This program tunnels a secure shell connection via a https proxy as
# the ProxyCommand program. The destination secure shell server needs
# to be running on port 443 unless the proxy is very lenient.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# $Id: ssh-https-tunnel,v 2.7 2002/04/18 03:50:26 suter Exp $
use strict;
use IO::Socket;
use IO::Select;
use MIME::Base64;
##########################
## Start User Configuration ##
##########################
# Proxy details
my $host = "Your proxy's IP";
my $port = Your proxy's port;
# Proxy authentication (only if needed!)
my $user = "your proxy username";
my $pass = "your proxy passwor";
# Add an entry to ~/.ssh/config so "ssh remote.example.org" uses
# this program to proxy the connection.
#
# host remote.example.org
# Port 443
# ProxyCommand /path/to/ssh-https-tunnel %h %p
#
# Many proxies will timeout connections very quickly when there is
# no activity. If you ssh client supports it, add the following to the
# ~/.ssh/config file.
#
# ProtocolKeepAlives 5
#
# Another popular method is to X-Forward something like "xclock -update 5"
# to keep the connection "active."
##########################
## End User Configuration ##
##########################
## Tunnel the connection and return a handle for it
sub tunnel_connect($$$$$$) {
my ($host, $port, $user, $pass, $remote_host, $remote_port) = @_;
my $socket = IO::Socket::INET->new(Peer
or die "$0: Can't connect to $host:$port: $!\n";
$socket->print("CONNECT $remote_host:$remote_port HTTP/1.0\015\012",
$user ? "Proxy-Authorization: Basic " . encode_base64("$user:$pass
"\015\012") or die "$0: Can't write: $!\n";
local $/ = "\012";
my $response = $socket->getline() or die "$0: Can't read: $!\n";
$response =~ /^HTTP\/... 2/i or die "$0: CONNECT failed: $response";
do { $response = $socket->getline() or die "$0: Can't read: $!\n"; }
until $response =~ /^\s+$/;
return $socket;
}
## Move data from one handle to another
sub proxy_data($$) {
my ($source, $destination) = @_;
my ($buffer, $length, $offset, $bytes) = ("", 0, 0, 0);
$length = sysread($source, $buffer, 4096, $offset) or return 0;
while ($length) {
$bytes = syswrite($destination, $buffer, $length, $offset) or return 0;
$offset += $bytes;
$length -= $bytes;
}
return 1;
}
## Check we have two arguments
defined $ARGV[0] and defined $ARGV[1] or die "Usage $0 <host> <port>\n";
## Setup the tunnel
my $proxy = tunnel_connect($host, $port, $user, $pass, $ARGV[0], $ARGV[1]);
## Shift data around in each direction
my $sel = IO::Select->new( [ \*STDIN, $proxy ], [ $proxy, \*STDOUT ] );
SELECT: while (my @ready = $sel->can_read()) {
foreach my $handle (@ready) {
proxy_data($$handle[0], $$handle[1]) or last SELECT;
}
}
---8<------------------
ASKER
OK Glenn - sorry bout the delay. Webmin module perfect except
Cannot get Java to run in Mozilla therefore I can only use a MS box to connect - can you help out with this?
I've downloaded the latest JRE and installed the symlink in mozilla/plugins as installation instructions directed.
about:plugins doesn't show the Sun JRE installed. Tried the install-on-demand feature but the page has errors and the plugin does not download.
Cannot get Java to run in Mozilla therefore I can only use a MS box to connect - can you help out with this?
I've downloaded the latest JRE and installed the symlink in mozilla/plugins as installation instructions directed.
about:plugins doesn't show the Sun JRE installed. Tried the install-on-demand feature but the page has errors and the plugin does not download.
Hm, so it doesn't "see" it... I've got this working with some versions of mozilla (at least:-), and most version of konqueror and Galeon ... The latter might be a good thing to try.
Note that there are several java plugins (ns4, ns600, ns610 ...).
I've got it working with mozilla 1.3, 1.3.1 with at least the ns600 (from jre1.4.1_02), and 1.4 with the ns610 (compiled for glibc 3.2 from the jre1.4.2_02). Getting this right might be important:-).
Also check that the link is made in a place your mozilla really looks, and that the link is correctly pointing to a libjavaplugin_oji.so file.
If you start mozilla from a command line prompt (terminal emulator) you are likely to see some debug messages, that might shed some light on why it doesn't load the plugin.
You could tell exact versions here, and perhaps quote the debug info... and some ls -l listings of the relevant plugin directories.
-- Glenn
Note that there are several java plugins (ns4, ns600, ns610 ...).
I've got it working with mozilla 1.3, 1.3.1 with at least the ns600 (from jre1.4.1_02), and 1.4 with the ns610 (compiled for glibc 3.2 from the jre1.4.2_02). Getting this right might be important:-).
Also check that the link is made in a place your mozilla really looks, and that the link is correctly pointing to a libjavaplugin_oji.so file.
If you start mozilla from a command line prompt (terminal emulator) you are likely to see some debug messages, that might shed some light on why it doesn't load the plugin.
You could tell exact versions here, and perhaps quote the debug info... and some ls -l listings of the relevant plugin directories.
-- Glenn
"glibc 3.2" should of course have been "gcc 3.2"!
-- Glenn
-- Glenn
I've got some slightly dated Debian (3.0r1 _stable_...urgh) with Mozilla 1.0.0... I'll DL and test right away:-).
-- Glenn
-- Glenn
Ok, just tested with that ancient mozilla and j2re-1_4_2_01-linux-i586.b
Steps I took:
Downloaded from sun,
(as root)
chmod +x j2re-1_4_2_01-linux-i586.b
./j2re-1_4_2_01-linux-i586
(run through... unpacks in the local directory... /usr/java in my case)
cd /usr/lib/mozilla/plugin
ln -s /usr/java/j2re1.4.2_01/plu
(without restart, went to Help->plugins ... and it shows up... Restarted Mozilla, opened a java enabled page... just works(tm):-).
-- Glenn
Steps I took:
Downloaded from sun,
(as root)
chmod +x j2re-1_4_2_01-linux-i586.b
./j2re-1_4_2_01-linux-i586
(run through... unpacks in the local directory... /usr/java in my case)
cd /usr/lib/mozilla/plugin
ln -s /usr/java/j2re1.4.2_01/plu
(without restart, went to Help->plugins ... and it shows up... Restarted Mozilla, opened a java enabled page... just works(tm):-).
-- Glenn
ASKER
OK i'll try again tonight and let you know
cheers
cheers