We’ve all been there. A quick need to check something, but we are presented with equipment that only has a browser. Maybe its a kiosk-pc, a laptop at a friends place. Perhaps its a network that blocks all but HTTPS.
Well, never fear, you can have a speedy web interface ssh, supporting cut+paste and scroll and curses. And, it will only take you a couple of minutes.
git clone https://github.com/krishnasrinivas/wetty cd wetty sudo npm -g install
cat < /etc/systemd/system/wetty.service
# systemd unit file
#
# place in /etc/systemd/system
# systemctl enable wetty.service
# systemctl start wetty.service
[Unit]
Description=Wetty Web Terminal
After=network.target
[Service]
User=daemon
Group=daemon
WorkingDirectory=/usr/local/lib/node_modules/wetty
ExecStart=/usr/bin/node app.js -p 3000 –host 127.0.0.1 –sshuser MYNAME
[Install]
WantedBy=multi-user.target
EOF
systemctl enable wetty
systemctl start wetty
OK, at this stage you can open http://localhost:3000 in your browser.
# cat < /etc/nginx/sites-enabled/ssh.conf server { listen 0.0.0.0:443 ssl http2; server_name ssh.MYDOMAIN; include MY-tls.conf; access_log /var/log/nginx/a-ssh.log; error_log /var/log/nginx/e-ssh.log; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 43200000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; } } EOF
(I’m assuming you have a common tls config in MY-tls.conf, and set a DNS as ssh.MYDOMAIN, else set it here as normal).
OK, now when you open https://ssh.MYDOMAIN, you will get an ssh login to your host.
Run this on a protected bastion. And prosper.
More work, less toil.
Leave a Reply