Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gate One 0.9 Released, Brings SSH To the Web

timothy posted about 3 years ago | from the vewwy-vewwy-quiet dept.

Cloud 151

Riskable writes "Dan McDougall (full disclosure: That's me) just publicly released the source code to Gate One, which is an HTML5-powered terminal emulator and SSH client. It is unique in that it doesn't require any browser plugins (it uses WebSockets) and supports multiple simultaneous terminals/SSH sessions in a single browser tab. It can resume users' sessions after being disconnected, and supports both client and server-side session recording/playback (view as a log or like a video). Gate One can also be embedded into other web-based applications such as administration interfaces, serial port concentrators, virtual appliances, or whatever."

Sorry! There are no comments related to the filter you selected.

sshd (1)

bolthole (122186) | about 3 years ago | (#37705206)

When is sshd in html5 coming, then?

Re:sshd (1)

Synerg1y (2169962) | about 3 years ago | (#37705294)

are you talking about mixing a web language with a protocol?

Re:sshd (1)

Pieroxy (222434) | about 3 years ago | (#37705474)

That would be implementing a protocol with a language actually. Which makes sense, if the language was a programming language.

Re:sshd (1)

loufoque (1400831) | about 3 years ago | (#37705550)

sshd is not a protocol, it's a daemon.

Re:sshd (1)

Tsingi (870990) | about 3 years ago | (#37705662)

Yeah, I have no clue what sshd in html5 means
As you say, sshd is a system daemon.

Re:sshd (1)

loufoque (1400831) | about 3 years ago | (#37706316)

You can code a ssh daemon in javascript.

Re:sshd (1)

rwa2 (4391) | about 3 years ago | (#37706510)

When is sshd in html5 coming, then?

It's been out for a while...
http://antony.lesuisse.org/software/ajaxterm/ [lesuisse.org]

Unfortunately, it's still blocked by work; grrr :-P

Should be 1.0 (0)

Anonymous Coward | about 3 years ago | (#37705218)

Sounds like this should be Gate 1.0

Re:Should be 1.0 (1)

stillnotelf (1476907) | about 3 years ago | (#37705306)

Eternal beta worked well for GMail... (although frankly I agree with you)

Re:Should be 1.0 (1)

tesdalld (2428496) | about 3 years ago | (#37705316)

Its Gate .05 because its beta. If it was Gate 1.0 it would be version cupcake.

I'm newb (1)

tesdalld (2428496) | about 3 years ago | (#37705242)

I looked over the source code.... so how do i use this?

Re:I'm newb (1)

GameboyRMH (1153867) | about 3 years ago | (#37705370)

Looks like it runs as its own service, like a single-purpose http server. So it's not really pure HTML5 then, it's a service with an HTML5 frontend.

Re:I'm newb (1)

omnichad (1198475) | about 3 years ago | (#37705458)

Yeah - It's Python. No mention of that in the summary. My first thought was that it used WebSockets to make a connection to the real server, not an intermediate server. Shouldn't that be possible with a little more robust coding??

Re:I'm newb (1)

GameboyRMH (1153867) | about 3 years ago | (#37705570)

Unless there's a way in JS to open arbitrary network connections (and I don't think there is) it's not possible, since all WebSockets traffic is actually specialized traffic that runs on port 80. JS can only do WebSockets and regular HTTP requests AFAIK.

Re:I'm newb (1)

omnichad (1198475) | about 3 years ago | (#37706086)

Oh, right. I guess that's why they don't just call it Sockets. Still a misleading summary.

Re:I'm newb (1)

DragonWriter (970822) | about 3 years ago | (#37706614)

Unless there's a way in JS to open arbitrary network connections (and I don't think there is) it's not possible, since all WebSockets traffic is actually specialized traffic that runs on port 80. JS can only do WebSockets and regular HTTP requests AFAIK.

You can open arbitrary network sockets in JavaScript, if you are using JavaScript in an environment that supports it (node.js, for instance), but, largely for security reasons, no browser-based JS implementation (at least, that I know of) supports this.

This isn't a JavaScript issue, its a browser-as-platform issue.

Re:I'm newb (1)

DarwinSurvivor (1752106) | about 3 years ago | (#37707462)

Exactly. If you could open arbitrary connection in JS, then your entire internal network would be vulnerable to the simplest of JS code.

Re:I'm newb (1)

tesdalld (2428496) | about 3 years ago | (#37705664)

I just tried to install it, coppied it all to my server and was getting ready to enjoy this neat tool. Its for linux only at this point and i only have IIS. Le Sigh.

Re:I'm newb (1)

oakgrove (845019) | about 3 years ago | (#37706622)

Try this [virtualbox.org] . You'll love it.

Re:I'm newb (1)

Riskable (19437) | about 3 years ago | (#37705686)

Install the dependencies:

sudo pip install tornado pyopenssl kerberos

...or if you don't have pip:

sudo easy_install tornado pyopenssl kerberos

Then use git to check out the code:

git clone git@github.com:liftoff/GateOne.git

Then you can run it like so:

cd GateOne/gateone; sudo ./gateone.py

...or you could just cd into the GateOne directory and run:

sudo python setup.py install

Which will install /opt/gateone. Then you could run it like so:

sudo /opt/gateone/gateone.py

There's some (incomplete but extensive) HTML documentation included in GateOne/gateone/docs/build/html/. "gateone.py --help" is also useful.

For reference, I haven't written any init scripts yet... Forthcoming (trying to get some .rpm and .deb releases out as well).

Re:I'm newb (0)

Anonymous Coward | about 3 years ago | (#37706304)

This year is certainly the year of Linux on the desktop!

Re:I'm newb (1)

oakgrove (845019) | about 3 years ago | (#37706666)

You must have dug really deep for that one. Don't hurt yourself.

Re:I'm newb (1)

dolmen.fr (583400) | about 3 years ago | (#37707362)

This [bellard.org] is the real "Linux on the desktop".

Ajaxterm (1)

mrops (927562) | about 3 years ago | (#37705978)

Use it.

Accept for bells and whistles, how is this different from Ajaxterm.

I like all the eye candy and features and no doubt they are an improvement over what ajaxterm offers, however, ajaxterm is already a plugin free html based ssh terminal. Put it behind a apache https reverse proxy and block the real ajaxterm port from internet access and you get a pretty good pure html/ajax ssh shell.

Re:Ajaxterm (1)

Riskable (19437) | about 3 years ago | (#37706236)

Ajaxterm, when a connection is open, polls the server every second to see if the terminal has been updated on the server (long polling). Also, when you close your browser window your Ajaxterm session will end. Then there's the fact that Ajaxterm doesn't really support proper copy & paste and it has to run at a specified terminal width and height ahead of time (Gate One auto-adjusts rows/cols to fill your browser window).

Gate One uses WebSockets which stay open... Meaning that whenever any of your terminals have updates available those updates are immediately sent to your client. This has much lower overhead from both a bandwidth and a latency standpoint. It also lowers the CPU load on the server.

Gate One will also resume your session after you close your browser and come back... It will even do this after the Gate One daemon itself has been restarted (if you have the dtach option enabled--which is the default). Then of course there's the eye candy, multiple terminals, the ability to clone open SSH sessions without asking for a password, Kerberos single sign-on support, the sophisticated plugin system, the bookmark manager, session logging, and on and on. They're worlds apart.

Having said all that, some of my earlier builds were based on Ajaxterm so I really appreciate that the author posted it publicly! Even though the code was uncommented and used ambiguous, single-character variables for nearly everything =)

Cool (1)

pinkeen (1804300) | about 3 years ago | (#37705252)

No more downloading putty!

From what I see ncurses apps work great too.

Re:Cool (1)

mrclisdue (1321513) | about 3 years ago | (#37705322)

I'll second the coolness. Very nice work.

cheers,

Re:Cool (2, Insightful)

Anonymous Coward | about 3 years ago | (#37707268)

No more downloading putty!

Instead you need to download and install python and a python based server.

Nice job! (1)

Drivintin (917847) | about 3 years ago | (#37705264)

Honestly the first practical thing I have done with HTML5. This thing is nice, clean, and fast!

Re:Nice job! (1)

Desler (1608317) | about 3 years ago | (#37705532)

Except it's a python app with an html frontend. Not that impressive.

Re:Nice job! (1)

Tsingi (870990) | about 3 years ago | (#37705790)

I was looking for this exact thing just this morning. It's not hugely impressive, but it looks like no one else has done it. I did come across a lot of messages saying how it should be done.

Happy to see the code, I'll try it out. Much better than having to write it myself.

This isn't new. (2)

lolcutusofbong (2041610) | about 3 years ago | (#37705328)

Shellinabox [google.com] has been doing this in JavaScript for a while now. There's source and binary packages for everything from Red Hat to Debian armel.

Re:This isn't new. (0)

Anonymous Coward | about 3 years ago | (#37705366)

Um, no. This is new, and shellinabox is something quite different.

Re:This isn't new. (1)

Anonymous Coward | about 3 years ago | (#37705508)

what about FireSSH? http://firessh.mozdev.org/

Re:This isn't new. (0)

Anonymous Coward | about 3 years ago | (#37705880)

Or AnyTerm (http://anyterm.org/)?

Re:This isn't new. (-1, Offtopic)

jefe7777 (411081) | about 3 years ago | (#37706440)

CockInABox has been doing this for even longer, [tinyurl.com] in DLR on top of IronRuby. There's source and binary packages for everything from DOS 6.2 to WFW 3.11.

Re:This isn't new. (1)

oakgrove (845019) | about 3 years ago | (#37706594)

Can you automatically resume the connection when closing and reopening the browser? Gate One does this.

this changes everything :) (1)

brenddie (897982) | about 3 years ago | (#37705334)

awesome job. Cant wait to try it on the intranet

Whatever? (1)

courteaudotbiz (1191083) | about 3 years ago | (#37705350)

such as administration interfaces, serial port concentrators, virtual appliances, or whatever.

What is the "Whatever" part? Toasters? Refrigerators? :-)

Re:Whatever? (1)

Riskable (19437) | about 3 years ago | (#37705560)

If it ever comes up in court I'm going to refer to your comment as evidence of obviousness!

Re:Whatever? (1)

Baloroth (2370816) | about 3 years ago | (#37705574)

Rockets [slashdot.org] .

Python? (0)

Anonymous Coward | about 3 years ago | (#37705352)

The source code looks like a bunch of Python files. Somehow I expected an app written in HTML5 to be a bunch of .html files. What am I missing? Does Python run in the browser now?

Re:Python? (1)

Zancarius (414244) | about 3 years ago | (#37705538)

It looks to be written using Tornado [tornadoweb.org] , which means that the WebSocket app is served up by the Python backend. In other words, this isn't a stand alone HTML-only implementation, which would be impossible since that's not what WebSockets do.

again with the "full disclosure" ? (0)

Anonymous Coward | about 3 years ago | (#37705388)

Please learn the appropriate time and place for "full disclosure" usage.

Re:again with the "full disclosure" ? (0)

Anonymous Coward | about 3 years ago | (#37705450)

Or, you know, maybe he was using it in the journalism sense (the one that's been around a hell of lot longer) and not in the computer security sense. In which case he's right and you're a fucking moron.

Re:again with the "full disclosure" ? (0)

Anonymous Coward | about 3 years ago | (#37706154)

Could not have said it better myself.

ft

!HTML5 Powered (5, Informative)

Anonymous Coward | about 3 years ago | (#37705440)

Um, it's written in Python and runs as a service with a HTML5 frontend.

Re:!HTML5 Powered (1)

nam37 (517083) | about 3 years ago | (#37705582)

My thoughts exactly unless I'm missing something.

Re:!HTML5 Powered (1)

Anonymous Coward | about 3 years ago | (#37705658)

Meh, cheating. It uses a Python backend to do the heavy lifting, this isn't "HTML5 powered". I could make a "HTML4 Powered" one without any Javascript at all which uses form POST, frames and Meta Refresh page to act as a SSH client too if I could use a backend like this. This isn't some HTML5 voodoo magic just another pretty frontend.

Re:!HTML5 Powered (2)

Riskable (19437) | about 3 years ago | (#37706312)

I could be feeding a troll here but... The problem with writing a terminal emulator using old-school methods ("HTML4 Powered") is the latency and overhead associated with long-polling and long-held HTTP streams. It would be incredibly slow and inefficient to have more than one terminal open at a time. I know this for a fact. How?

I've written such an app [launchpad.net]

No one ever used it--not even me. Because it sucked. Without WebSockets and Web Workers such a thing will always be slow. Without HTML5's "contentEditable" ability you can't even copy & paste properly.

Re:!HTML5 Powered (0)

Anonymous Coward | about 3 years ago | (#37706536)

You missed my point, that was an extreme example. I was just saying that nothing done here couldn't have really be done before. It's not HTML5 powered, it's powered by the Python backend.

Re:!HTML5 Powered (1)

dolmen.fr (583400) | about 3 years ago | (#37707506)

The real HTML5 power would be if the SSH encryption was implemented on the client in JavaScript. I'm sure someone will soon do it.
With the current implementation the Python back-end is still a man-in-the-middle that knows the user password and can record everything.
Anyway the terminal emulation and chrome around it looks cool!

Re:!HTML5 Powered (3, Informative)

Timmmm (636430) | about 3 years ago | (#37706336)

Well obviously. The client is written in HTML5. If you knew anything at all about HTML5 you'd know it is impossible to write a "true" ssh client using HTML5. Instead this connects to a python server which then goes on to connect to the actual sshd. The point is that you don't need an ssh binary installed on the client.

You could actually remove ssh from the equation, but it looks like the gate server allows you to connect to *any* ssh server, so I guess that's why they didn't do that.

Re:!HTML5 Powered (1)

multipartmixed (163409) | about 3 years ago | (#37707450)

> it is impossible to write a "true" ssh client using HTML5

Not so fast. Assuming you mean HTML5 + JavaScript, I think you could, provided you were allowed to hop through an HTTP proxy that supports the CONNECT method.

For those of you about to suggest that a crypto stack written in JS would be slow -- I don't think it would be as slow as the CPU in my 15-year-old Cisco switches.

Re:!HTML5 Powered (1)

Timmmm (636430) | about 3 years ago | (#37707982)

Wouldn't work. You can still only send HTTP or websockets, and websockets have hand-shaking and framing that you can't remove.

Re:!HTML5 Powered (0)

Anonymous Coward | about 3 years ago | (#37707718)

So people shouldn't be corrected if they're obviously wrong?

Finally, an ssh client as secure as a browser! (2)

Vellmont (569020) | about 3 years ago | (#37705530)

I've always dreamed that one day, someone will make an SSH client in a browser so all the fun XSS,, CSRF, and the bevy of other web vulnerabilities could come to SSH. SSH has just been to darn secure over the years, but now with this new application, an SSH client can be just as insecure as everything on the web. Thanks!

Re:Finally, an ssh client as secure as a browser! (1)

Pharmboy (216950) | about 3 years ago | (#37705728)

An SSH client can be insecure without it being in a web browser. It isn't the programming language that makes it insecure, it is the programmer.

  I can picture plenty of ways to use this as a lame method to exploit, but they are all more effort than the current methods. I guess someone could embed this in a hidden webpage popup, use the persons computer to then try to hack various sites via ssh, but that seems like it is more work than using a simple trojan to install a background process to do the work instead.

Re:Finally, an ssh client as secure as a browser! (2)

Vellmont (569020) | about 3 years ago | (#37706560)


It isn't the programming language that makes it insecure, it is the programmer.

It's the programmer, AND the environment the application was written in. A web browser isn't exactly a secure environment.

Re:Finally, an ssh client as secure as a browser! (2)

Animats (122034) | about 3 years ago | (#37706358)

Mod parent up.

Not everything should be done in a web browser.

Take a look at the source code which stores SSH authentication information in browser cookies. [github.com] In plaintext. In JSON. Idiots will start using this, and they'll open a back door into a remote server.

Re:Finally, an ssh client as secure as a browser! (1)

Tacvek (948259) | about 3 years ago | (#37707354)

No ssh authentication information is stored in cookies. Only the username used to authenticate to GateOne itself lives in the cookie, and it is a signed unforgeable cookie.

Re:Finally, an ssh client as secure as a browser! (2)

Riskable (19437) | about 3 years ago | (#37708118)

If you weren't in such a hurry to be negative you'd realize that the cookies are ENCRYPTED. And I'm not just talking about the fact that Gate One runs over SSL. No, the cookie Gate One uses is itself encrypted. There's a reason why the function is called set_secure_cookie().

Re:Finally, an ssh client as secure as a browser! (1)

Riskable (19437) | about 3 years ago | (#37708310)

Let's see...

XSS: Since there's no "cross-site" anything in Gate One I'd be really interested to see how this would work!
CSRF: Again, there's no "cross-site" to speak of.

The only vulnerability that concerns me with Gate One is the potential for session hijacking... To get around this Gate One uses encrypted cookies but that doesn't stop an attacker from copying the entire cookie. Then again, if the attacker has access to the cookie in such a situation they probably have access to the whole browser so it's probably moot.

Emulator? (1)

AaronLS (1804210) | about 3 years ago | (#37705540)

I'm curious why is the term "emulator" used? What about this makes in an emulator of a SSH terminal? Is it just because it's being run in a web browser?

Re:Emulator? (3, Informative)

cornface (900179) | about 3 years ago | (#37705634)

Because it is emulating a terminal, which back in the stone age was an actual piece of physical hardware.

Sometimes they were magical interactive typewriters which is where the abbreviation 'TTY' comes from.

Re:Emulator? (0)

Anonymous Coward | about 3 years ago | (#37705640)

http://en.wikipedia.org/wiki/Terminal_emulator

Re:Emulator? (0)

Anonymous Coward | about 3 years ago | (#37705666)

Probably that the terminal is receiving/outputting control codes for a (say) VT100 terminal. The software emulates a VT100 terminal by interpreting/generating those codes.

http://en.wikipedia.org/wiki/Terminal_emulator

Re:Emulator? (1)

petermgreen (876956) | about 3 years ago | (#37705714)

A terminal is a peice of hardware with a keyboard and a screen or printer that you use to access a computer.

A terminal emulator is a software program that runs on a general purpose computer that has a local keyboard and mouse and emulates a terminal. Usually a fairly advanced terminal.

A ssh client is a peice of software used to log into a remote computer over ssh and connect your terminal to it.

On *nix terminal emulators and ssh clients are usually seperate but ones designed for use in other environments are often integrated together.

Re:Emulator? (0)

Anonymous Coward | about 3 years ago | (#37705892)

Just a guess, but all ssh clients (putty, etc) are terminal emulators, because they aren't actually terminals.

Not all parts run in the browser (1)

Anonymous Coward | about 3 years ago | (#37705614)

Seems to be that Python is doing the real work and being a web server, and the HTML/js part interfcaes to there. Not bad, but... not ssh in html5/js either.

Does it require backend functionality? (1)

hydrofix (1253498) | about 3 years ago | (#37705616)

What kind of server-side support does this require? I bet I can not just run it from a static HTML file.

Re:Does it require backend functionality? (1)

Desler (1608317) | about 3 years ago | (#37705744)

It requires the.python app which does all the real work.

SSH keychain support? (0)

Anonymous Coward | about 3 years ago | (#37705638)

This is useless unless it supports keys. You should always use keys (with a pass phrase) to access publicly available hosts.

  This is security 101 here.

Key pairs? (4, Interesting)

Neil Watson (60859) | about 3 years ago | (#37705644)

In the demo the author uses a password to login via SSH. In the documentation I see no option to use a private key.

Re:Key pairs? (3, Informative)

Riskable (19437) | about 3 years ago | (#37706366)

Private key support is forthcoming... I had it working just fine but then I had the bright idea of writing a plugin system for Gate One and making the SSH part just another plugin :)

Key-based SSH authentication and user management thereof should be there in 1.0. Really, it isn't rocket science... Just a matter of wrapping a GUI around the functions that are already there in the code.

Re:Key pairs? (1)

dolmen.fr (583400) | about 3 years ago | (#37707572)

I had the bright idea of writing a plugin system for Gate One and making the SSH part just another plugin :)

Key-based SSH authentication and user management thereof should be there in 1.0.

Are theese the parts that you plan to make your businness with? At least they do not seem to be in the GitHub repo...

Web 2.0 (2)

Sduic (805226) | about 3 years ago | (#37705760)

So I can use HTML5 to SSH [slashdot.org] into my Linux on Javascript [slashdot.org] server, so I can play a game of TF2 with WebGL [slashdot.org] ?

Now if only I could surf the web...

...but does require a server plugin (4, Informative)

david.given (6740) | about 3 years ago | (#37705764)

You need a daemon to proxy between the WebSocket connection (which, remember, isn't a straight TCP stream) and the ssh server proper. Although it appears this doesn't need to be on the machine that the ssh server is running on, so it doesn't look like too much of a hardship. Also, I can't find any reference of which of the umpteen different WebSocket variants it supports.

There's actually a number of these things out already, such as ConsoleFish [serfish.com] or ShellInABox [google.com] . There's also an HTML5 VNC client [github.com] , which looks very interesting.

Re:...but does require a server plugin (1)

Riskable (19437) | about 3 years ago | (#37706420)

Which variants of WebSockets does it support? Both (there's really only two real-world implementations) by way of the Tornado framework [tornadoweb.org] . In earlier builds of Gate One it only worked with the old implementation of WebSockets but once the Tornado guys started supporting the final draft of the protocol Gate One instantly supported it as well.

For reference, I am not aware of a single other web-based terminal emulator that can resume sessions after closing your browser. Even the commercial SaaS vendors don't support this because they're all based on the same code base (Ajaxterm or Shellinabox from what I've seen).

Re:...but does require a server plugin (1)

david.given (6740) | about 3 years ago | (#37706564)

Yes, that is a neat trick --- the most obvious way I can think of of doing that is to do all the ssh processing on the client, and make the daemon a simply proxy; but a quick look at the source code shows you don't appear to be doing that. Or at least, I couldn't find it.

Unfortunately the platform I'd really like this to work on, my Kindle, doesn't support WebSockets (of any kind)...

I have, in fact, been vaguely thinking about trying to recompile a Java ssh client library under GWT and trying to make this work, but finding such a library that uses message-passing only and not threads is quite hard. Java likes threads.

Questions (1)

dyingtolive (1393037) | about 3 years ago | (#37705788)

I have a few questions (so I only skimmed TFA...)

1) Does this handle the actual SSL connection server side, not client side (as certain web based IRC clients I've seen will), so then, for example, this could be used to effectively ssh to a box through an HTTP proxy, assuming the proxy was between you and the webpage, not the webpage and the target box to ssh to?

2) Assuming the answer to number 1 is yes, how does this differ from Ajaxterm? Is it less of a royal pain in the ass to configure? Is it faster? Thanks

Re:Questions (1)

Riskable (19437) | about 3 years ago | (#37706484)

1) Yes, it can be used to effectively SSH to a box through an HTTP proxy. I do it all the time! The only caveat being that some proxies don't work with WebSockets (old, garbage ones).

2) Ajaxterm uses a completely different method to communicate with the client... long-polling. Essentially, it hits the web server every second (forever--util you close the browser tab) checking for updates to your terminal. This is slow and very inefficient (high latency). Also, it would be silly to use this method to support more than one terminal as you'd have your browser constantly checking for updates * num_terminals. This would gobble up bandwidth and CPU pretty quick :)

Then there's the fact that Gate One has a zillion features that are missing from Ajaxterm... The most important of which is the terminal emulation isn't nearly as buggy! LOL. For reference, I am intimately familiar with Ajaxterm as I wrote an older, similar program a few years ago that was based off of it.

BTW: I HATE debugging the terminal emulator!

Re:Questions (1)

dolmen.fr (583400) | about 3 years ago | (#37707648)

Then there's the fact that Gate One has a zillion features that are missing from Ajaxterm... The most important of which is the terminal emulation isn't nearly as buggy! LOL. For reference, I am intimately familiar with Ajaxterm as I wrote an older, similar program a few years ago that was based off of it.

BTW: I HATE debugging the terminal emulator!

Do you plan to provide a terminfo definition for your terminal?

TLA (1)

sexconker (1179573) | about 3 years ago | (#37705818)

I'll wait for Gate 1.0 because SG-1 couldn't do shit without a DHD and in SGA they were always frantically hunting for ZPMs.
And when we got to SGU no one knew WTF they were doing because by the point everything was falling apart and no one understood the language.

Re:TLA (1)

Megane (129182) | about 3 years ago | (#37706784)

CSB [google.com]

awesome (0)

Anonymous Coward | about 3 years ago | (#37706210)

awesome, very cool! - it makes it extremely easy to do web browser based secure network projects

Major issues: (0)

Anonymous Coward | about 3 years ago | (#37706244)

1) It uses a server-side proxy. We really need a browser-based ssh client that can connect directly. I know WebSockets can't do it, and that's a shame, but honestly how hard would it be for the browser guys to give us the tools to make this happen (regular TCP sockets???).

2) It doesn't support keys.

We really need something that solves these two problems, using encrypted keys off of a USB stick and making direction connections, so that we can do secure shell sessions from browser-only devices (e.g. ChromeBook type stuff).

Re:Major issues: (1)

Riskable (19437) | about 3 years ago | (#37706512)

Key-based authentication will be available in Gate One 1.0. It used to be there (and work) but it got lost when I wrote Gate One's plugin system and decided that SSH support should simply be a plugin (in case someone wanted to embed Gate One into something else without having all that SSH-specific stuff).

Shouldn't take me long to re-implement it so keep checking for updates.

Re:Major issues: (0)

Anonymous Coward | about 3 years ago | (#37706764)

We really need something that solves these two problems, using encrypted keys off of a USB stick and making direction connections, so that we can do secure shell sessions from browser-only devices (e.g. ChromeBook type stuff).

We might "really need" that if anyone had browser-only devices. Closest most people get is a smartphone or tablet. And there are already perfectly good SSH apps for those.

Given that this program requires a complete Python application running in the background, it is only suitable for use on full PC-type devices. And it's Linux-only. Hands up everyone using Linux on the desktop who doesn't already have, uh, an actual native terminal emulator and a native SSH client to run in it? Because last I checked both those were installed as standard on any serious Linux box.

Exactly what problem is this solving? It's a cool hack, but I fail to see any practical purpose for it.

Backdoor inside your network? (1)

sshambar (542567) | about 3 years ago | (#37706272)

Quick browse of the source makes it look like connections run through a python server... so anyone who deploys this on a gateway server (public web, but internally connected) would expose all internal ssh servers -- or at least that's how it appears.

Of course, using the web auth to connect mitigates the risk (but requires dual auth?) -- it's not obvious from the description that the connections to port 22 don't initiate from the browser's machine... and people may deploy this without appreciating the possible internal network exposure.

Back to my mindterm java client.. *sigh*

no website (1)

mdaitc (619734) | about 3 years ago | (#37706636)

you're trying to make a business out of it, but don't have a website... and you're still posting this to slashdot??

FireSSH (2)

jasonla (211640) | about 3 years ago | (#37706842)

FireSSH [mozilla.org] is better. The client runs locally on your machine through FF. No server plugin required. And you don't have to worry about the server hosting the HTML5 frontend going down with FireSSH, unlike this Gate One [liftoffsoftware.com] 's 404 and 500 errors.

X? (1)

markdavis (642305) | about 3 years ago | (#37707132)

OK, but if you can get X11 tunneling though and displaying in the browser, too, then I will be REALLY impressed ;)

Re:X? (0)

Anonymous Coward | about 3 years ago | (#37707512)

This is very close to what you're asking for. Unfortunately it only works with GTK+ apps. :-)

http://blogs.gnome.org/alexl/2011/03/15/gtk-html-backend-update/

Re:X? (0)

Anonymous Coward | about 3 years ago | (#37708340)

Tunneling X11 is the easy part. The hard part is writing a proper X11 server in javascript. But before that happens someone will take the boring, easy way out and implement something more akin to VNC, where the X11 server is on the remote, side w/ the local end just implementing a frame buffer.

A console in a browser - what's next? (0)

Anonymous Coward | about 3 years ago | (#37707156)

A browser in a console?
Oh, wait ...

Hard to buy a license (0)

Anonymous Coward | about 3 years ago | (#37707504)

When the website is down? http://liftoffsoftware.com
http://www.isup.me/liftoffsoftware.com

Says I don't have permission to access '/' on this server. Is it really misconfigured or is this the slashdot effect?

Ajaxterm beat this to it (0)

Anonymous Coward | about 3 years ago | (#37708184)

Ajaxterm (available in Debian) does this with AJAX. Works great on the iPad except you can't type into it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?