Re: Remote shell access via Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jan 28, 2011, at 9:04 AM, Skye Sweeney wrote:

> "Long talk with IT" has happened more than once with the IT staff!. But I work at a company of 30K people and IT is non yielding. Only RSA tunnels are allowed and then only into the company. All outgoing ports are blocked including such things as network time protocol. About the only things that seems to get out are 80.
>  
> My fall back position is to write a custom program to take a message on port 80 and then initiate a powerdown, but I would prefer something more capable.

If I were in that situation (and, alas, I have been) I would run an ssh server on port 80, or do some kind of port forwarding. Somehow, in your first note I missed the fact that you were talking about *OUTGOING* connections, which rather changes the game a little. I would say bring up a secondary IP address on the box you want to get to, and run an ssh server on port 80 on that address.

Failing that, yes, there are some shell-access-over-http kinds of solutions.

http://dag.wieers.com/howto/ssh-http-tunneling/ is one example of how you could persuade mod_proxy to allow ssh connections to be tunneled through the proxy. There's some other similar recipes at http://www.google.com/search?q=ssh+over+http

There used to be a wide variety of telnet-via-cgi and ssh-via-cgi and terminal-via-java kinds of things out there, but in a quick search just now, I found none of them. I wonder if they were all finally exposed as the security nightmares we always suspected, and discontinued. I remember several java apps that would run in the browser and give you access to a shell. But it always made me very nervous. If you must, then definitely run it over https.

--
Rich Bowen
rbowen@xxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux