Enterprise Software

Use Ajaxterm for remote administration tasks

Ajaxterm offers a simple solution to those who want to run a terminal over the Web for performing remote administration tasks. Vincent Danen tells you how to get it and configure it for Apache.

Remote administration usually requires access to a terminal on a remote system, but if you don't want to permit direct ssh access, there aren't a lot of other options. And with constant port-knocking and brute-force attempts on ssh services these days, some people would prefer not to have ssh listening on a public IP, but feel like they must in order to handle remote administration tasks.

A simple solution would be to run a terminal over the Web. Most servers that need to be remotely administered tend to run Apache as well, so this is easy to accomplish using something like Ajaxterm. Ajaxterm is a terminal written in Python that uses some AJAX JavaScript for client-side processing. This is how it works: You run the ajaxterm.py script, which listens for HTTP requests on localhost, port 8022. Using some proxy commands with Apache, you can force a location such as https://www.myhost.com/term/ to forward and return requests to ajaxterm.py for full Web-based terminal support.

To begin, download and untar the Ajaxterm-0.10.tar.gz tarball, which is the current version as of this writing. Then, launch ajaxterm.py:

# ./ajaxterm.py

If you launch ajaxterm.py as root, it will execute the /bin/login command on connections; otherwise, it will open an ssh command to the localhost.

The next step is to configure Apache. Obviously, this should be wrapped in SSL and secured with a password (essentially, you will need to provide two logins in order to access the terminal). The Apache configuration should look like:

    ProxyRequests off
    <Proxy *>
        AuthUserFile /srv/www/mysite.com/.htpasswd-ssl
        AuthGroupFile /dev/null
        AuthName admin
        AuthType basic
        require valid-user
 
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPass /term/ http://localhost:8022/
    ProxyPassReverse /term/ http://localhost:8022/

This will use the /srv/www/mysite.com/.htpasswd-ssl file from which to retrieve HTTP authentication credentials. If authentication is successful, then the connection will be established. All requests are forwarded to and from http://localhost:8022/, which is the ajaxterm.py service.

Putting the following in /etc/rc.d/rc.local or a similar startup script will have ajaxterm.py launch at boot:

LANG="" /usr/local/ajaxterm/ajaxterm.py -d

Change paths to suit your installation, or use the sample initscripts provided in the tarball.

Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

3 comments
gopala.nayak
gopala.nayak

Hi, Does anyone know how to integrate ajaxterm with tomcat web application?.

mithraigor
mithraigor

I first used denyhosts while I was administering a fairly large linux WWW serving cluster, and was so impressed I installed it on my own FreeBSD system. It allows you to have ssh open and dial up the level of protection you want to block brute force attacks from outside *and* inside your network. It too is written in Python ;)

Tony K
Tony K

I've been using Ajaxterm since it forked off of the Anyterm project (Ajaxterm added the one feature most needed: the ability to paste into the terminal window). Since we block all outgoing access except ports 80 & 443, there's no other way for me to access a terminal at home from the office. It's simple, it's easy, it's as secure as you make it. This week I'm going to try it on my new Windows Media Center. :)

Editor's Picks