PhillC's Journal: Wide Blue Sea in a Shell

After recently acquiring my new gadget toy, that also conveniently doubles as a mobile phone and portable music player, there were some things I wanted to do with this device. My earlier post outlined my disappointment at not being able to remove certain applications. I've also been waiting patiently for someone to hack the newest firmware, allowing me to unlock the device and thus install applications. I've been waiting two weeks now!

So, I needed to find my own solutions. One thing I wanted was a terminal program that would provide me with secure access to my web server. I'd have to do something via a browser interface.

There's a couple of third party, ready to use, online solutions out there that allow input of your IP address, username and password then try to connect via SSH to your server. An example can be found at the following address: http://churchturing.org/w/iphone-ssh/ Giving my server login details to an unknown online service? I don't think so!

The alternative was to install something like Ajaxterm, Anyterm or Webshell on the Kapital Moto TV server itself. While there's still some risk here that malicious code in any of those applications could be calling home, sending my credentials to the bad men, as they are all open source applications there has to be at least some level of trust and security.

Such a web based terminal application is going to be vulnerable to a brute force attack on my passwords. Then again someone could open PuTTY on their Windows machine, connect to my server's IP address and try exactly the same thing.

I decided to go with WebShell as it didn't require any Apache mods and installation seemed straightforward enough. Of course, things are never quite as they seem.

Here's what's needed to run WebShell:

• Python - I installed the latest version 2.5.1 direct from python.org
• OpenSSL - Again I went direct to openssl.org for version 0.9.8g, which is the latest.
• pyOpenSSL - These are Python extensions for OpenSSL. This is where the problems started. I just could not get this to install direct from source at http://pyopenssl.sourceforge.net/. Instead I possibly did the easiest thing and just installed the package from the Debian repository with apt-get install python-pyopenssl
• WebShell - The important bit. Latest version at the time of writing is 0.9.5, obtained from http://www-personal.umich.edu/~mressl/webshell/ Unzip all the files into a convenient directory and follow the two steps at the Installation page on the above website.

The installation instructions for WebShell are sparse and totally assume you know what you're doing in terms of installing the dependencies Python, OpenSSL and pyOpenSSL.

As a real quick overview, for the totally new, in general installing a Linux application from source can be achieved in the following manner:

• Download the source file you require. It will most likely end in a .tar.gz, .tar.bz2, .tgz or .zip extension.
• Copy the file into your home directory on the server.
• Unzip the file. As a starting point try a command like tar -xvf filename.extension Substitute in the real filename of course. This will extract the archive into a local directory. If this doesn't work use Google to learn more about unzipping files on Linux. You might need to use zip or bzip instead.
• Navigate into the newly created application directory using cd directoryname
• You'll now need to be logged in as root or SuperUser. Depending on your system type, su or sudo. You'll be asked for the root password, which you'll need to know before proceeding further.
• Type ./configure
• Type make install
• Type make

Now all being well you should have successfully installed your new application. These are the very simple steps I followed for installing the latest versions of Python and OpenSSL. If it doesn't work for you, I'm sorry I can't help. Not because I don't want to, but more likely because I can't. Installing from source certainly didn't work for me with pyOpenSSL, so I had to revert to the Debian repositories.

Next start WebShell using the two commands on their installation page. The first will generate a secure server certificate, the second will start WebShell. Once WebShell is started, it can be connected to remotely via your server's IP address and port 8022. e.g. https://my.server.address:8022 Take note of the S in https. Forget that and of course you won't be able to connect.

Another important thing to remember, if you'd like WebShell to run in the background, is to execute the start command in the following manner -

./webshell.py -d

Without this, WebShell will quit every time you close the regular terminal window.

Note: I'm running Debian 4.0