httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: [users@httpd] Remote shell access via Apache
Date Fri, 28 Jan 2011 13:51:45 GMT

On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:

> I have now been monitoring this distribution list for a month and now feel like I can
ask my question...
> Recently my company has but a filter in their firewall to prevent any access to any outside
computer over SSH or FTP. This has broken my ability to access my home computer to do such
things as powering it off during thunderstorms. Only a very few ports are open on the firewall.
These include port 80.
> Question: Is it possible to configure Apache and/or other components to allow a client
to have a simple "bash shell" into the computer running Apache? I do not need X11 or any other
graphic interfaces, just a good old shell and even that could be limited. Now before people
freak out about security, it should be known that my firewall only allows connections from
very specific MAC addresses. As long as I do not publish those, I consider my home Linux server
very safe.
> I have tried to Goggle the answer, but I have not found the right key words to home in
on a solution. I would be happy with just a few product or keyword names to help my search
or an indication that I am barking up the wrong tree!

Yes, it's possible, but it's the wrong solution. The right solution is ssh. I hear you saying
that your company forbids ssh, but I think that once you understand the risks of doing what
you're talking about here, you'll be able to communicate to your firewall admin that ssh is
*BY FAR* more secure than any other remote shell options available. This is why so many commercial
firewalls come with ports 80, 443, and 22 open by default.

I would strenuously encourage you to have a long talk with your network guy about security,
and if he/she doesn't understand the issues, have a talk with his/her boss about his/her lack
of credentials. This isn't a difficult issue - it's pretty fundamental to network security.

Rich Bowen

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message