Is there a secure web-shell for my server?
Following the security principle of trust no one, I can't use a service like http://www.serfish.com/. Is there a free software program that I can install on my Ubuntu server to give me secure shell access via a web-interface?
I would prefer a small and light-weight solution, so that I can do at least a rudimentary audit of the source code. I would also prefer something that is in the 'main' repository, so that I get the benefit of stable release upgrades.
Solution 1:
A rather freakish friend of once mine told me about Ajaxterm. WebShell is based on Ajaxterm so I supposed that would be fine, too. The Ubuntu wiki also says shellinabox could be, what you want. I have no experience whatsoever with them.
Solution 2:
I've tested AjaxTerm for a while and it works well. For my case, I had problems with special characters on french keyboard (accessing "@" character is made by pressing AltGr+0). It wouldn't go in AjaxTerm. I had to use the paste button on the ajaxterm. But it wasn't working on my chromium version on Windows XP. So I had to launch IE7 puke.
So I gave a try to shellinabox and it is working fine. The paste work with CTRL+SHIFT+V and works on chromium Windows XP. I tried on my ubuntu even if I prefer using a real SSH in a term. It seems that some char doesn't work, but can't remember which. Anyway, my problem was more accessing my box where ports are blocked, so I needed more on a Windows box.
I use shellinabox on localhost only with access from an Apache2 with Proxy redirections to the port of shellinabox. The localhost listening of shellinabox are on pure http. But the public access from web are in https with the connection handled by Apache2.
Solution 3:
On http://webssh.uni.me/ you can download the source from time to time. Every time they do an update they place a link to source and binary with the date and new version number for a couple of days. (I'm guessing they assume that after a couple of days someone must have mirrored the files.)