You ever wanted a fast convenient SSH but sometimes only had a browser?

You ever wanted a fast convenient SSH but sometimes only had a browser?

We've all been there. A quick need to check something, but we are presented with equipment that only has a browser. Maybe its a kiosk-pc, a laptop at a friends place. Perhaps its a network that blocks all but HTTPS.

Well, never fear, you can have a speedy web interface ssh, supporting cut+paste and scroll and curses. And, it will only take you a couple of minutes.

git clone https://github.com/krishnasrinivas/wetty
cd wetty
sudo npm -g install

cat < /etc/systemd/system/wetty.service
# systemd unit file
#
# place in /etc/systemd/system
# systemctl enable wetty.service
# systemctl start wetty.service

[Unit]
Description=Wetty Web Terminal
After=network.target

[Service]
User=daemon
Group=daemon

WorkingDirectory=/usr/local/lib/node_modules/wetty
ExecStart=/usr/bin/node app.js -p 3000 --host 127.0.0.1 --sshuser MYNAME

[Install]
WantedBy=multi-user.target
EOF
systemctl enable wetty
systemctl start wetty

OK, at this stage you can open http://localhost:3000 in your browser.
# cat < /etc/nginx/sites-enabled/ssh.conf 
server {
    listen 0.0.0.0:443 ssl http2;
    server_name ssh.MYDOMAIN;

    include MY-tls.conf;

    access_log /var/log/nginx/a-ssh.log;
    error_log /var/log/nginx/e-ssh.log;

    location / {
	proxy_pass http://127.0.0.1:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_read_timeout 43200000;

	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;
    }

}
EOF

(I'm assuming you have a common tls config in MY-tls.conf, and set a DNS as ssh.MYDOMAIN, else set it here as normal).
OK, now when you open https://ssh.MYDOMAIN, you will get an ssh login to your host.

Run this on a protected bastion. And prosper.

More work, less toil.

Leave a Reply

Your email address will not be published. Required fields are marked *

*