June 3, 20188 yr Does something like this exist? I need a solution for this. Desire: Access UnRAID or VM terminal/shell remotely Issue: Restricted Client Computer (Win10 at work). Cannot install software or change any settings....but I can browse internet just fine. So, I can't open a CLI and OpenSSH isn't installed. I can't VPN since that requires software to be installed. So on and so forth. What I hope exists to solve my problem: I browse to https://webssh.my.domain.com, Then am presented with simple terminal. This terminal would ONLY be capable of SSH, nothing else. Maybe it is just a Docker with SSH. From there, I can SSH into a host (UnRAID, VM, whatever). As far as the whole SSL and domain thing......I could do that with LetsEncrypt docker and Reverse Proxy......So really, whatever tool is out there could just point to an internal port and I could figure out the HTTPS/SSL domain stuff myself. Edited June 3, 20188 yr by Stupifier
June 3, 20188 yr Author 51 minutes ago, jonathanm said: Right, I already have this and use it all the time.....AT HOME. But Command Line Tools (Shellinabox) seems to open immediately into an UnRAID shell login/password........which isn't very secure to expose as an external facing service, right? I mean, it doesn't even do SSH Key-Pair to authenticate. Am I missing something about this?
June 3, 20188 yr 1 hour ago, Stupifier said: What I hope exists to solve my problem: I browse to https://webssh.my.domain.com, Then am presented with simple terminal. Shell in a box does exactly that. No, it's not particularly secure, but that's what you asked for.
June 3, 20188 yr Author 1 minute ago, jonathanm said: Shell in a box does exactly that. No, it's not particularly secure, but that's what you asked for. But that Terminal.....has Username/Password directly into UnRAID shell. I was hoping for the simple terminal to ONLY HAVE SSH so that authentication could be made over a more secure path (key-pair). In other words, is there any way for me to SSH Key-Pair Shell into a Host computer from a Restricted Client Computer which only has a Web-Browser?
June 3, 20188 yr 2 minutes ago, Stupifier said: In other words, is there any way for me to SSH Key-Pair Shell into a Host computer from a Restricted Client Computer which only has a Web-Browser? Unless I'm totally misunderstanding you, no, you can't load your private key into the web browser only machine securely. 1 hour ago, Stupifier said: As far as the whole SSL and domain thing......I could do that with LetsEncrypt docker and Reverse Proxy......So really, whatever tool is out there could just point to an internal port and I could figure out the HTTPS/SSL domain stuff myself. I assumed you were going to set up reverse proxy with authentication (htpassword) and use that.
June 3, 20188 yr Author 8 minutes ago, jonathanm said: Unless I'm totally misunderstanding you, no, you can't load your private key into the web browser only machine securely. I assumed you were going to set up reverse proxy with authentication (htpassword) and use that. Good point....I definitely could not load private key securely! AHHH! and another Good point.....Reverse Proxy authentication....yes! Ok, I think I'm sorted out now. Thank you for the patience with me
June 3, 20188 yr If you are allowed to run programs from a USB, then there are multiple solutions with ssh clients that doesn't require installation - you just run them from the USB drive. So the USB drive contains both the SSH client and the required SSH key.
June 3, 20188 yr Author 3 minutes ago, pwm said: If you are allowed to run programs from a USB, then there are multiple solutions with ssh clients that doesn't require installation - you just run them from the USB drive. So the USB drive contains both the SSH client and the required SSH key. Good idea but I forgot to say.....no USB ports on the computers (security purposes). The Command Line Tools (shellinabox) is working great though. I setup a reverse proxy to it with Single-Sign-On authorization to only allow access through my Organizr V2 landing page. Yes, it forces me to first touch my UnRAID terminal shell.....but I can SSH to elsewhere after that. Good enough for me
June 3, 20188 yr It doesn't hurt if your web forwarding starts with some service that requires 2FA where your mobile phone receives an SMS or you use Google Authenticate to produce a time-limited code. Just to make sure anything key-logging what you are doing will not receive a cart blanche access to your unRAID server.
June 3, 20188 yr Author 1 minute ago, pwm said: It doesn't hurt if your web forwarding starts with some service that requires 2FA where your mobile phone receives an SMS or you use Google Authenticate to produce a time-limited code. Just to make sure anything key-logging what you are doing will not receive a cart blanche access to your unRAID server. Good point. Thanks!
Archived
This topic is now archived and is closed to further replies.