Here may be an easy-to-use solution. If you use Mindterm, and install the
java applet in/under your publicly accessible primary/html directory you can
get full Telnet/SSH access to your e-smith box. If you login as root, you
gain remote 'root' access. If you login as 'admin', you gain remote 'admin'
access and of course access to the Control Console where you may choose to
'Access e-smith-manager with text mode browser'. If your super security
conscious you can access via https://mycompany.com/mindterm.html as an
example. Here are step-by-step instructions:
Step 1: e-smith 4.1 disables telnet access and further requires a Telnet
program that supports SSH encryption for root access. In the
e-smith-manager > Remote Access panel select the following:
Secure shell (ssh) access: Private (or Public)
Allow administrative command line access over ssh: yes
Allow ssh access using standard passwords: yes
Step 2: MindTerm v1.99 is a SSH (both v1 and v2) client program written in
100% pure Java (non-certified). MindTerm can be run as a stand-alone program
or as an applet in a webpage. Download Mindterm from
http://www.mindbright.se/download/mindtermbin-v199.zip. (Note this is a demo
version but free for non commercial use) Check there website for more
details.
Unzip to c:\mindterm and you will find 'mindtermfull.jar', the java applet.
Step 3: Running Mindterm via a webpage
Of course there are many possibilities for implementing this applet. One way
is to incorporate it into the primary web site. To have a quick look follow
these steps:
Create an html page and cut and paste this simple applet code into the page:
<applet>
<applet archive="mindtermfull.jar"
code=mindbright.application.MindTerm.class width=580 height=400>
<param name=sepframe value="true"<!-- whether to run in a separate frame or
not -->
</applet>
Save as mindtermfull.html (or whatever you want to name your page)
Copy the two files, mindtermfull.jar and mindtermfull.html to your servers
primary/html directory. Launch the applet by simply entering the appropriate
URL in your browser. Example, http://mycompany.com/mindtermfull.html and
take it for a test drive.
Regards,
Darrell
> -----Original Message-----
> From: Dan York [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 19, 2001 7:07 AM
> To: Adam Sleight; E-smith developers list
> Subject: Re: [e-smith-devinfo] secure webadmin
>
>
> Adam,
>
> > 4.1 beta3 installed it behind a soho firewall. From behind
> my firewall I was
> > able to SSH to it no problem. Does E-Smith Inc. plan to
> someday allow remote
> > https access not just telnet and ssh?
>
> FYI, it is relatively trivial on Linux/UNIX systems to get
> secure access
> to the e-smith web manager using an ssh "tunnel". What you can do
> with ssh is create a tunnel across your ssh connection that maps a
> remote port to a local port on your machine. (I have not tried this
> with Windows implementations of ssh, so I do not know if it will work
> with them. I will be trying this today, though.)
>
> Assuming that you *are* currently able to ssh into your
> e-smith server,
> here is all you have to do:
>
> 1. On your local machine, type the following (where "<target" is the
> IP address or hostname of your e-smith server):
>
> ssh -l root -L 8000:localhost:980 -C <target> -f sleep 100000
>
> 2. Still on your local machine, point your web browser to:
>
> http://localhost:8000/
>
> You should now be prompted for a user name and password - enter the
> standard "admin" and your admin password... and you should be looking
> at the e-smith web manager!
>
> Here's an explanation of the ssh command line:
>
> -l root
> login as root
>
> -L 8000:localhost:980
> maps local (L) port 8000 to "localhost:980" as seen from the
> perspective of the machine on the other end of the ssh
> connection.
> In other words, any packets sent to local port 8000 are forwarded
> to the remote end of the ssh connection to port 980 on the remote
> "localhost". Obviously, you could change the local port
> number to
> anything you want it to be. I chose 8000 as an example.
>
> -C
> use compression
>
> <target>
> the IP address or fully-qualified domain name of the target
> computer. Whatever you would normally use to connect to your
> e-smith server. Usually, this address is at the *end* of an
> ssh command, but because of the "-f", it comes here.
>
> -f sleep 100000
> "-f" tells ssh to "fork" into the background and run some
> command. Sometimes this is used to run some X application
> which is then sent back across the ssh connection. Here I'm
> just telling it to sit and sleep. Doing this means that you
> don't have an open root prompt sitting open on your local system.
>
> I've used this to administer remote systems (from a local Linux
> machine) without any problems at all. In fact, if you were working
> with several different e-smith servers (for different clients), you
> could set up ssh tunnels to your different servers with different
> local port numbers. So, for instance, http://localhost:8000/ shows
> you the web manager for Client A, http://localhost:8001/ gets you
> to Client B, http://localhost:8002/ to Client C, etc.
>
> Hope this helps,
> Dan
>
> P.S. And at some point I'll get this into a HOWTO on e-smith.org.
>
>
> --
> Dan York, Director of Training [EMAIL PROTECTED]
> Ph: +1-613-751-4401 Mobile: +1-613-263-4312 Fax: +1-613-564-7739
> e-smith, inc. 150 Metcalfe St., Suite 1500, Ottawa,ON K2P 1P1 Canada
> http://www.e-smith.com/ open source, open mind
>
> --
> This list is archived
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
