Connecting to a console - over HTTP

Folks,

I'm interested in setting up my Debian box for remote access.

To connect to it from work, I will have to run through a firewall that only allows HTTP connections on port 8080 to pass. I do not want to set up tunnelling as this will compromise the network.

An ideal solution would be to host a page on my Apache instance, running a Java object (or something similar) that can open up a connection to a virtual tty on the box. In essence, I'd like to login to a we-based console hosted on http://myserver.net.

Has anybody seen such a beast on their travels? I was thinking about a web object that can telnet to a host (in this case, localhost). I have seen this type of thing before with FTP objects running in ASP environment. I thought there might be a module like this for Webmin, but I can't find one.

A finished solution would be sweet as my coding abilities are limited.

Cheers
LVL 1
GeneriKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mbarbosCommented:
Have alook at http://www.nocrew.org/software/httptunnel.html. Maybe it's what you want :)
0
GeneriKAuthor Commented:
Read the question dude: "I do not want to set up tunnelling as this will compromise the network."
0
GnsCommented:
On my ol' Mdk8.2 running some "ancient" webmin, I've got a "VNC Client" module and bot a "SSH Login" and a "SSH/Telnet" module... Perhaps what you're looking for?

At http://www.webmin.com/standard.html one can see that the SSH/Telnet login is still a standard module...

-- Glenn
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

GeneriKAuthor Commented:
Glenn - Thks I missed that when I looked through the module list.

I can use it to try to get my Oracle setup working! - it's still not by the way :^(

Let me get home and test before I issue points. Thanks
0
m1fcjCommented:
Both SSH module and VNC module should not work since these applications are client-side applications. Even if you use an applet running on the remote side, these will fail.

To be able to use SSH over HTTPS, you have to create some sort of tunnelling, you can't escape from this fact. Don't forget that your terminal is not connected to the network directly, you are going through an HTTP proxy.

There are some neat solutions for HTTPS tunnels, here's one utilizing SSH. This setup is reasonably safe because the remote end (i.e., your PC at home) cannot access your corporate network but you can access the stuff at home. This is not a VPN, it is just an SSH tunnelling.

Squid wasn't designed to work like this so your performance might suffer.

First you set up your ssh deamon to listen to port 443.

On your client terminal, o to .ssh directory, edit your config file:

Host remotehost.distantland.org
ProxyCommand ssh-https-tunnel %h %p
User tralalala
Port 443

And here's the tunnelling script, don't forget to modify your proxy settings.

---8<------------------
#!/usr/bin/perl -T -w
# Copyright (C) 2001,2002 Mark Suter <suter@humbug.org.au>
#
# This program tunnels a secure shell connection via a https proxy as
# the ProxyCommand program.  The destination secure shell server needs
# to be running on port 443 unless the proxy is very lenient.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# $Id: ssh-https-tunnel,v 2.7 2002/04/18 03:50:26 suter Exp $

use strict;
use IO::Socket;
use IO::Select;
use MIME::Base64;

################################
##  Start User Configuration  ##
################################

# Proxy details
my $host = "Your proxy's IP";
my $port = Your proxy's port;

# Proxy authentication (only if needed!)
my $user = "your proxy username";
my $pass = "your proxy passwor";

# Add an entry to ~/.ssh/config so "ssh remote.example.org" uses
# this program to proxy the connection.
#
#    host remote.example.org
#        Port 443
#        ProxyCommand /path/to/ssh-https-tunnel %h %p
#
# Many proxies will timeout connections very quickly when there is
# no activity.  If you ssh client supports it, add the following to the
# ~/.ssh/config file.
#
#     ProtocolKeepAlives 5
#
# Another popular method is to X-Forward something like "xclock -update 5"
# to keep the connection "active."

################################
##   End User Configuration   ##
################################

## Tunnel the connection and return a handle for it
sub tunnel_connect($$$$$$) {
    my ($host, $port, $user, $pass, $remote_host, $remote_port) = @_;

    my $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port)
        or die "$0: Can't connect to $host:$port: $!\n";

    $socket->print("CONNECT $remote_host:$remote_port HTTP/1.0\015\012",
      $user ? "Proxy-Authorization: Basic " . encode_base64("$user:$pass", "\015\012") : "",
      "\015\012") or die "$0: Can't write: $!\n";

    local $/ = "\012";
    my $response = $socket->getline() or die "$0: Can't read: $!\n";
    $response =~ /^HTTP\/... 2/i or die "$0: CONNECT failed: $response";
    do { $response = $socket->getline() or die "$0: Can't read: $!\n"; }
    until $response =~ /^\s+$/;

    return $socket;
}

## Move data from one handle to another
sub proxy_data($$) {
    my ($source, $destination) = @_;

    my ($buffer, $length, $offset, $bytes) = ("", 0, 0, 0);
    $length = sysread($source, $buffer, 4096, $offset) or return 0;
    while ($length) {
        $bytes = syswrite($destination, $buffer, $length, $offset) or return 0;
        $offset += $bytes;
        $length -= $bytes;
    }
    return 1;
}

## Check we have two arguments
defined $ARGV[0] and defined $ARGV[1] or die "Usage $0 <host> <port>\n";

## Setup the tunnel
my $proxy = tunnel_connect($host, $port, $user, $pass, $ARGV[0], $ARGV[1]);

## Shift data around in each direction
my $sel = IO::Select->new( [ \*STDIN, $proxy ], [ $proxy, \*STDOUT ] );
SELECT: while (my @ready = $sel->can_read()) {
    foreach my $handle (@ready) {
        proxy_data($$handle[0], $$handle[1]) or last SELECT;
    }
}
---8<------------------
0
GeneriKAuthor Commented:
OK Glenn - sorry bout the delay. Webmin module perfect except

Cannot get Java to run in Mozilla therefore I can only use a MS box to connect - can you help out with this?

I've downloaded the latest JRE and installed the  symlink in mozilla/plugins as installation instructions directed.

about:plugins doesn't show the Sun JRE installed. Tried the install-on-demand feature but the page has errors and the plugin does not download.
0
GnsCommented:
Hm, so it doesn't "see" it... I've got this working with some versions of mozilla (at least:-), and most version of konqueror and Galeon ... The latter might be a good thing to try.
Note that there are several java plugins (ns4, ns600, ns610 ...).
I've got it working with mozilla 1.3, 1.3.1 with at least the ns600 (from jre1.4.1_02), and 1.4 with the ns610 (compiled for glibc 3.2 from the jre1.4.2_02). Getting this right might be important:-).
Also check that the link is made in a place your mozilla really looks, and that the link is correctly pointing to a libjavaplugin_oji.so file.
If you start mozilla from a command line prompt (terminal emulator) you are likely to see some debug messages, that might shed some light on why it doesn't load the plugin.
You could tell exact versions here, and perhaps quote the debug info... and some ls -l listings of the relevant plugin directories.

-- Glenn
0
GnsCommented:
"glibc 3.2" should of course have been "gcc 3.2"!

-- Glenn
0
GnsCommented:
I've got some slightly dated Debian (3.0r1 _stable_...urgh) with Mozilla 1.0.0... I'll DL and test right away:-).

-- Glenn
0
GnsCommented:
Ok, just tested with that ancient mozilla and j2re-1_4_2_01-linux-i586.bin from sun... works like a charm.
Steps I took:
Downloaded from sun,
(as root)
chmod +x j2re-1_4_2_01-linux-i586.bin
./j2re-1_4_2_01-linux-i586.bin
(run through... unpacks in the local directory... /usr/java in my case)
cd /usr/lib/mozilla/plugin
ln -s /usr/java/j2re1.4.2_01/plugin/i386/ns610/libjavaplugin_oji.so
(without restart, went to Help->plugins ... and it shows up... Restarted Mozilla, opened a java enabled page... just works(tm):-).

-- Glenn
0
GeneriKAuthor Commented:
OK i'll try again tonight and let you know

cheers
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.