Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Web-Based Terminal/SSH from Restricted Computer

Featured Replies

Does something like this exist? I need a solution for this.

 

Desire: Access UnRAID or VM terminal/shell remotely

 

Issue: Restricted Client Computer (Win10 at work). Cannot install software or change any settings....but I can browse internet just fine. So, I can't open a CLI and OpenSSH isn't installed. I can't VPN since that requires software to be installed. So on and so forth.

 

What I hope exists to solve my problem: I browse to https://webssh.my.domain.com,  Then am presented with simple terminal. This terminal would ONLY be capable of SSH, nothing else. Maybe it is just a Docker with SSH. From there, I can SSH into a host (UnRAID, VM, whatever).

 

As far as the whole SSL and domain thing......I could do that with LetsEncrypt docker and Reverse Proxy......So really, whatever tool is out there could just point to an internal port and I could figure out the HTTPS/SSL domain stuff myself.

Edited by Stupifier

  • Author
51 minutes ago, jonathanm said:

 

 

 

Right, I already have this and use it all the time.....AT HOME.

 

But Command Line Tools (Shellinabox) seems to open immediately into an UnRAID shell login/password........which isn't very secure to expose as an external facing service, right? I mean, it doesn't even do SSH Key-Pair to authenticate.

 

Am I missing something about this?

1 hour ago, Stupifier said:

What I hope exists to solve my problem: I browse to https://webssh.my.domain.com,  Then am presented with simple terminal.

Shell in a box does exactly that.

 

No, it's not particularly secure, but that's what you asked for.

  • Author
1 minute ago, jonathanm said:

Shell in a box does exactly that.

 

No, it's not particularly secure, but that's what you asked for.

 

But that Terminal.....has Username/Password directly into UnRAID shell. I was hoping for the simple terminal to ONLY HAVE SSH so that authentication could be made over a more secure path (key-pair).

 

In other words, is there any way for me to SSH Key-Pair Shell into a Host computer from a Restricted Client Computer which only has a Web-Browser?

2 minutes ago, Stupifier said:

In other words, is there any way for me to SSH Key-Pair Shell into a Host computer from a Restricted Client Computer which only has a Web-Browser?

Unless I'm totally misunderstanding you, no, you can't load your private key into the web browser only machine securely.

 

1 hour ago, Stupifier said:

As far as the whole SSL and domain thing......I could do that with LetsEncrypt docker and Reverse Proxy......So really, whatever tool is out there could just point to an internal port and I could figure out the HTTPS/SSL domain stuff myself.

I assumed you were going to set up reverse proxy with authentication (htpassword) and use that.

  • Author
8 minutes ago, jonathanm said:

Unless I'm totally misunderstanding you, no, you can't load your private key into the web browser only machine securely.

 

I assumed you were going to set up reverse proxy with authentication (htpassword) and use that.

 

Good point....I definitely could not load private key securely!

 

AHHH! and another Good point.....Reverse Proxy authentication....yes!

 

Ok, I think I'm sorted out now. Thank you for the patience with me :)

If you are allowed to run programs from a USB, then there are multiple solutions with ssh clients that doesn't require installation - you just run them from the USB drive. So the USB drive contains both the SSH client and the required SSH key.

  • Author
3 minutes ago, pwm said:

If you are allowed to run programs from a USB, then there are multiple solutions with ssh clients that doesn't require installation - you just run them from the USB drive. So the USB drive contains both the SSH client and the required SSH key.

 

Good idea but I forgot to say.....no USB ports on the computers (security purposes).

 

The Command Line Tools (shellinabox) is working great though. I setup a reverse proxy to it with Single-Sign-On authorization to only allow access through my Organizr V2 landing page. Yes, it forces me to first touch my UnRAID terminal shell.....but I can SSH to elsewhere after that. Good enough for me

It doesn't hurt if your web forwarding starts with some service that requires 2FA where your mobile phone receives an SMS or you use Google Authenticate to produce a time-limited code. Just to make sure anything key-logging what you are doing will not receive a cart blanche access to your unRAID server.

  • Author
1 minute ago, pwm said:

It doesn't hurt if your web forwarding starts with some service that requires 2FA where your mobile phone receives an SMS or you use Google Authenticate to produce a time-limited code. Just to make sure anything key-logging what you are doing will not receive a cart blanche access to your unRAID server.

 

Good point. Thanks!

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.