We’ve all been there. A quick need to check something, but we are presented with equipment that only has a browser. Maybe its a kiosk-pc, a laptop at a friends place. Perhaps its a network that blocks all but HTTPS.
Well, never fear, you can have a speedy web interface ssh, supporting cut+paste and scroll and curses. And, it will only take you a couple of minutes.
git clone https://github.com/krishnasrinivas/wetty cd wetty sudo npm -g install
cat < /etc/systemd/system/wetty.service
# systemd unit file
#
# place in /etc/systemd/system
# systemctl enable wetty.service
# systemctl start wetty.service
[Unit]
Description=Wetty Web Terminal
After=network.target
[Service]
User=daemon
Group=daemon
WorkingDirectory=/usr/local/lib/node_modules/wetty
ExecStart=/usr/bin/node app.js -p 3000 –host 127.0.0.1 –sshuser MYNAME
[Install]
WantedBy=multi-user.target
EOF
systemctl enable wetty
systemctl start wetty
OK, at this stage you can open http://localhost:3000 in your browser.
# cat < /etc/nginx/sites-enabled/ssh.conf
server {
listen 0.0.0.0:443 ssl http2;
server_name ssh.MYDOMAIN;
include MY-tls.conf;
access_log /var/log/nginx/a-ssh.log;
error_log /var/log/nginx/e-ssh.log;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 43200000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
EOF
(I’m assuming you have a common tls config in MY-tls.conf, and set a DNS as ssh.MYDOMAIN, else set it here as normal).
OK, now when you open https://ssh.MYDOMAIN, you will get an ssh login to your host.
Run this on a protected bastion. And prosper.
More work, less toil.
Leave a Reply