webterm /

Filename Size Date modified Message
res
1.9 KB
2.1 KB

WebTerm

A proof-of-concept for a remote realtime interactive UNIX shell to be used via a web-browser. You can input commands as you would do when you connect to a remote machine via SSH. Command output is delivered live to the client browser via websockets.

It requires nodejs and depends on the following npm available modules:
- connect
- socket.io

Licence

This work is licensed under the Creative Commons Attribuzione - Condividi allo stesso modo 3.0 Unported License. To view a copy of this license, visit creative commons website.

Getting started

  1. Install the Dependencies:

    npm install connect 
    npm install socket.io
    
  2. Run on the server on the remote machine:

    node /path/to/webterm/server.js
    
  3. Point the client machine web browser to running webterm instance

    http://localhost:2007/
    

Security issues

At the current stage, this is very far from production-ready code and may render your remote machine vulnerable to attackers if deployment in not well conceived.

The remote shell will be able to run command as the user that launched the nodejs process. No login password will be required to login, so please be careful.

Security can be enforced:

  • using local ssh port forwarding to avoid exposing a very easy to find backdoor
  • modifying server.js code to reject unwanted commands (a very simple blacklisting mechanism has been already implemented)

But, again, this is not safe enough.

Known limitation

Being a proof of concept it has some limitation in relation with the common usage patterns of a remote shell:
- interactive program are not supported (eg. top, vi)
- it is not possible to bg/fg process, only one process at time
- it is not possible to send signal keystroke to the running process