Linode.com Forum

[Internat]

A while ago in irc caker posted a link that was to (if i recal correct) a web based ssh client for connecting to our hosts.. Im wondering if this is still floating arround and working or?

[caker]

It's not around any longer. It was just something I was toying with (ajaxterm, btw).

I may bring it back, now that warewolf suggested a method to avoid one problem with it (it flooded apache's access_log with almost every keystroke)...

-Chris

[Xan]

Is this the kind of thing you're talking about?

[zhaoke]

what's the warewolf's suggested solution? thanks.

caker wrote: It's not around any longer. It was just something I was toying with (ajaxterm, btw).

I may bring it back, now that warewolf suggested a method to avoid one problem with it (it flooded apache's access_log with almost every keystroke)...

-Chris

[tronic]

MindTerm (which Xan suggested) rocks. (It's great!)

I've been using it for close to 8-10 years now. Mostly, I use it to access my box when I'm travelling and have only access to a web browser at an internet cafe or hotel.

vt100 emulation appears to be even more improved in version 3 -- I just tried the latest code. It also supports sftp, sshd-X11 forwarding, and a bunch of other neat stuff, too.

Version 3.1.2 is available for download now; more info on configurable options and its features:

http://www.appgate.com/products/80_MindTerm/50_Running_MindTerm/

All you need is a single .jar file, a single HTML file, a web server, and a web browser. You can also run it as a Java application without a web browser, too, if you've got a local JRE. Handy for lugging around on a thumbdrive, perhaps? Avoids the need to install a ssh application on an untrusted PC.

The free MindTerm distributed is unsigned. That means you can't connect to a ssh server other than the web server that served it. This is good because it avoids abuse by others whom wanted to use my ssh server to hack other sites. Downside is that file transfers are also disabled (also due to the Java security model) if applet is unsigned.

You've got choices, though: you can always self-sign the applet. The developers even provide a link on how to accomplish this! Alternatively, starting with Java 1.6, you can also create a simple file on the local PC that gives it permission to do file operations to/from that web server without needing to sign the applet.

If you want to sign the applet, general instructions can be found here:

http://mindprod.com/jgloss/signedapplets.html

[rhashimoto]

tronic wrote:
If you want to sign the applet, general instructions can be found here:

http://mindprod.com/jgloss/signedapplets.html

Here are the notes I wrote to myself when I did it:

In order to get full permissions, this applet requires certification with a digital signature. The jar file can be signed using the jarsigner tool in the Java SDK.

Although a key and signing request can be generated using keytool from the Java SDK, it is more convenient to use OpenSSL for key management. That way we can use the same CA to sign everything. This requires using Java SDK 1.4 or higher as the 1.3 tools did not support the PKCS12 format.

Code: # export pkcs12 key
#  a password must be provided for the store
openssl pkcs12 -export -in /usr/ssl/demoCA/cacert.pem -inkey /usr/ssl/demoCA/private/cakey.pem -out ca.p12 -name "ca"

# sign the jar file
jarsigner -keystore ca.p12 -storetype PKCS12 mindterm.jar ca


The signed jar overwrites the input file, which is moved to mindterm.jar.orig.

Roy