Remote administration usually requires access to a terminal on a remote system, but if you don't want to permit direct ssh access, there aren't a lot of other options. And with constant port-knocking and brute-force attempts on ssh services these days, some people would prefer not to have ssh listening on a public IP, but feel like they must in order to handle remote administration tasks.
To begin, download and untar the Ajaxterm-0.10.tar.gz tarball, which is the current version as of this writing. Then, launch ajaxterm.py:
If you launch ajaxterm.py as root, it will execute the /bin/login command on connections; otherwise, it will open an ssh command to the localhost.
The next step is to configure Apache. Obviously, this should be wrapped in SSL and secured with a password (essentially, you will need to provide two logins in order to access the terminal). The Apache configuration should look like:
Allow from all
ProxyPass /term/ http://localhost:8022/
ProxyPassReverse /term/ http://localhost:8022/
This will use the /srv/www/mysite.com/.htpasswd-ssl file from which to retrieve HTTP authentication credentials. If authentication is successful, then the connection will be established. All requests are forwarded to and from http://localhost:8022/, which is the ajaxterm.py service.
Putting the following in /etc/rc.d/rc.local or a similar startup script will have ajaxterm.py launch at boot:
LANG="" /usr/local/ajaxterm/ajaxterm.py -d
Change paths to suit your installation, or use the sample initscripts provided in the tarball.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.