1

I have a Linux based Web Server running Fedora. I have created and hosted couple of HTML pages on that.

I have info providing CLI tools that run on this server but must be accessible to all users from their browsers

I haven't started and these are my requirements

  1. How do I provide that servers shell (BASH) via HTML page? What are the softwares that make it possible?
  2. Can I provide auto-login enabled shell?

I just want to avoid multiple users having to open SSH sessions to the server. Also I can provide instructions and terminal access hand in hand using HTML pages.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
Tom Iv
  • 409
  • 1
  • 5
  • 21
  • There a some possibilities to open a shell or execute commands via PHP, but I'd really don't want to recommend that. Why is SSH not a solution? – frlan Feb 13 '14 at 15:36
  • Yes SSH is a direct solution. I'm seeking any alternate if feasible. Also the Web Server is on a Private network. Is security the only concern for PHP based solution? – Tom Iv Feb 13 '14 at 15:38
  • @bhp: Well.... security should be one of the first reasons you are not doing something on the web ;) But in fact, Whatever solution you will deploy, you have to fuzzy with user accounts and passwords, with attacks against your service and preventing them as well as user rights -- who is allowed to do what. – frlan Feb 13 '14 at 15:46
  • I agree. I just wanted to see if I could do different. Thanks. – Tom Iv Feb 13 '14 at 15:49
  • There are countless reasons why this is a *very*, very bad idea. – Etheryte Feb 13 '14 at 16:54

1 Answers1

4

ShellInABox appears to provide a colored terminal interface to browsers via Ajax. (homepage) Since it runs as a separate webserver, you may need to link your users to a different port on your site. There are surely more alternatives (other projects like this) out there.

The following advice applies regardless whether you use ShellInABox or continue to provide ssh access.

If you don't fully know and trust all your users, then assume at least one of them is a whizzkid cracker, determined to crash or break into your system. The first thing he may try to do is log in and run a forkbomb.

You should therefore do your best to sandbox users, so they cannot harm the system or each other. Restrict their access privileges (file/folder/network access) to only what is needed to achieve the tasks you allow. SELinux and AppArmor have facilities for this. You can find some more sandboxing techniques here and here. Docker is a new system that may be worth investigating.

It would be very wise to host your login server on a separate or virtual machine, distinct from your main webserver, so that any user who does manage to break out of the sandbox will not be on the same machine as your other services. (But note he will still be inside your LAN!) User-mode-linux is a less secure alternative and chroot is worse still, but better than nothing!

If users should be able to save files, then I would recommend giving each user a separate account, especially if their files should persist between sessions. Of course, as a workaround for auto-login you could provide a guest account with password guest555 for all users, but then a malicious user could bother others by deleting files or putting nasty stuff in the shell startup scripts. (I certainly don't recommend guest/guest because crackers regularly scan the net for ssh servers hosting that account!)

Community
  • 1
  • 1
joeytwiddle
  • 29,306
  • 13
  • 121
  • 110
  • I got `shellinabox` running. I have access to my server terminal via the browser, which is great. Also Docker seems to be what I intend to implement. I will explore that. Thanks. – Tom Iv Feb 14 '14 at 02:57