httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <rbo...@rcbowen.com>
Subject Re: [users@httpd] Remote shell access via Apache
Date Fri, 28 Jan 2011 14:25:59 GMT

On Jan 28, 2011, at 9:04 AM, Skye Sweeney wrote:

> "Long talk with IT" has happened more than once with the IT staff!. But I work at a company
of 30K people and IT is non yielding. Only RSA tunnels are allowed and then only into the
company. All outgoing ports are blocked including such things as network time protocol. About
the only things that seems to get out are 80.
>  
> My fall back position is to write a custom program to take a message on port 80 and then
initiate a powerdown, but I would prefer something more capable.

If I were in that situation (and, alas, I have been) I would run an ssh server on port 80,
or do some kind of port forwarding. Somehow, in your first note I missed the fact that you
were talking about *OUTGOING* connections, which rather changes the game a little. I would
say bring up a secondary IP address on the box you want to get to, and run an ssh server on
port 80 on that address.

Failing that, yes, there are some shell-access-over-http kinds of solutions.

http://dag.wieers.com/howto/ssh-http-tunneling/ is one example of how you could persuade mod_proxy
to allow ssh connections to be tunneled through the proxy. There's some other similar recipes
at http://www.google.com/search?q=ssh+over+http

There used to be a wide variety of telnet-via-cgi and ssh-via-cgi and terminal-via-java kinds
of things out there, but in a quick search just now, I found none of them. I wonder if they
were all finally exposed as the security nightmares we always suspected, and discontinued.
I remember several java apps that would run in the browser and give you access to a shell.
But it always made me very nervous. If you must, then definitely run it over https.

--
Rich Bowen
rbowen@rcbowen.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message