Tag Archives: Ajaxterm

Ajaxterm – ssh access via the web-browser

Quite often I am trying to access my Linux box remotely. Unfortunately most of the time for security reasons port 22 (SSH) is closed, leaving you disconnected from your home. Facing this issue, combined with my recent idea to get back to software development, its time to remove those boundary – lets install ajaxterm to get connected again.

Ajaxterm is a Python-based software using AJAX Javascript at the client side to provide an ssh terminal within a web-browser. Combining it with Apache’s Authentication it should be quite safe as well.

So lets start – first of all I think it is quite clear that you need an external accessible IP address as well as a web-server – e.g. Apache.  Using my own domain I then created a sub-domain pointing at the same IP address as my main server. I simply use the sub-domain as a structural way accessing various services. Having a Ubuntu System, the first thing now after updating the environment is getting the ajaxterm installed by the following command:

root@jvr.at:/home/jvr# apt-get install ajaxterm

Now we should enable the Password Authentication in /etc/ssh/ssh_config by simply uncommenting the line:

PasswordAuthentication yes

The next step is to create a login/password on the Apache Authentication level by following commands (please replace “MyName” with the preferred user name and please don’t use any kind of simple passwords):

root@jvr.at:/home/jvr# mkdir /srv/ajaxterm
root@jvr.at:/home/jvr# cd /srv/ajaxterm
root@jvr.at:/srv/ajaxterm# htpasswd -cm /srv/ajaxterm/.htpasswd MyName

Okay – following a structured approach, lets create now a separate Apache configuration file for the ajaxterm: /etc/apache2/sites-available/ajaxterm with the following content:

<VirtualHost ajaxterm.jvr.at:443>
                      ServerName ajaxterm.jvr.at
                       HostnameLookups Double
                       CustomLog /var/log/apache2/access.log combined env=!dontlog
                       SetEnvIf Request_URI "^/u" dontlog
                       ErrorLog /var/log/apache2/error.log
                       Loglevel warn
                       SSLEngine On
                       SSLCertificateFile /etc/apache2/ssl/apache.pem
                     <Proxy *>
                                 AuthUserFile /srv/ajaxterm/.htpasswd
                                 AuthName EnterPassword
                                 AuthType Basic
                                 require user MyUser
                                 Order Deny,allow
                                 Allow from all
                       </Proxy>
                       ProxyPass / http://localhost:8022/
                       ProxyPassReverse / http://localhost:8022/
  </VirtualHost>

So please note that the config is based on the newly created sub-domain. Furthermore we are using SSL but also, following the “require user”  line just enabling a defined user, named MyUser, to access the ajaxterm. Since the ajaxterm is basically a local running service, we have to set up a proxy.

But wait – having said before that we use SSL – I guess we will need to install and create an SSL certificate first. Therefore follow the following commands:

root@jvr.at:/srv/ajaxterm# apt-get install ssl-cert
root@jvr.at:/srv/ajaxterm# mkdir /etc/apache2/ssl
root@jvr.at:/srv/ajaxterm# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

And finally enable the proxy, ssl and the newly created ajaxterm config file.

root@jvr.at:/srv/ajaxterm# a2enmod proxy_http
Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
Run '/etc/init.d/apache2 restart' to activate new configuration!
root@jvr.at:/srv/ajaxterm# a2enmod ssl
Module ssl already enabled
root@jvr.at:/srv/ajaxterm# a2ensite ajaxterm
Enabling site ajaxterm.
Run '/etc/init.d/apache2 reload' to activate new configuration!

Finally, just to be on the save side – we should restart the ajaxterm and the apache2 service by:

root@jvr.at:/srv/ajaxterm# /etc/init.d/ajaxterm restart
root@jvr.at:/srv/ajaxterm# /etc/init.d/apache2 restart

And now check-out your ajaxterm (hint – use https to access your service)!

2014/06/12: An additional note – some versions of ajaxterm seems to have an issue runng in daemon mode, where you receive an connection loss error. Suprisingly if you start ajaxterm from the console as a simple process it works. So to fix this issue I modified the startupscript in my Ubuntu installation in /etc/init.d/ajaxterm as follows (thats the diff):

42,43c42,43
<                         start-stop-daemon -b --start --group=$AJAXTERM_GID --pidfile $PIDFILE --exec
$DAEMON -- --port=$PORT --serverport=$SERVERPORT \
<                                 --uid=$AJAXTERM_UID >/dev/null &&
---
>                         start-stop-daemon --start --group=$AJAXTERM_GID --pidfile $PIDFILE --exec
$DAEMON -- --daemon --port=$PORT --serverport=$SERVERPORT \


>                                 --uid=$AJAXTERM_UID >/dev/null