Enterprise Software

Use Ajaxterm for remote administration tasks

Ajaxterm offers a simple solution to those who want to run a terminal over the Web for performing remote administration tasks. Vincent Danen tells you how to get it and configure it for Apache.

Remote administration usually requires access to a terminal on a remote system, but if you don't want to permit direct ssh access, there aren't a lot of other options. And with constant port-knocking and brute-force attempts on ssh services these days, some people would prefer not to have ssh listening on a public IP, but feel like they must in order to handle remote administration tasks.

A simple solution would be to run a terminal over the Web. Most servers that need to be remotely administered tend to run Apache as well, so this is easy to accomplish using something like Ajaxterm. Ajaxterm is a terminal written in Python that uses some AJAX JavaScript for client-side processing. This is how it works: You run the ajaxterm.py script, which listens for HTTP requests on localhost, port 8022. Using some proxy commands with Apache, you can force a location such as https://www.myhost.com/term/ to forward and return requests to ajaxterm.py for full Web-based terminal support.

To begin, download and untar the Ajaxterm-0.10.tar.gz tarball, which is the current version as of this writing. Then, launch ajaxterm.py:

# ./ajaxterm.py

If you launch ajaxterm.py as root, it will execute the /bin/login command on connections; otherwise, it will open an ssh command to the localhost.

The next step is to configure Apache. Obviously, this should be wrapped in SSL and secured with a password (essentially, you will need to provide two logins in order to access the terminal). The Apache configuration should look like:

    ProxyRequests off
    <Proxy *>
        AuthUserFile /srv/www/mysite.com/.htpasswd-ssl
        AuthGroupFile /dev/null
        AuthName admin
        AuthType basic
        require valid-user
        Order deny,allow
        Allow from all
    ProxyPass /term/ http://localhost:8022/
    ProxyPassReverse /term/ http://localhost:8022/

This will use the /srv/www/mysite.com/.htpasswd-ssl file from which to retrieve HTTP authentication credentials. If authentication is successful, then the connection will be established. All requests are forwarded to and from http://localhost:8022/, which is the ajaxterm.py service.

Putting the following in /etc/rc.d/rc.local or a similar startup script will have ajaxterm.py launch at boot:

LANG="" /usr/local/ajaxterm/ajaxterm.py -d

Change paths to suit your installation, or use the sample initscripts provided in the tarball.

Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks

Free Newsletters, In your Inbox