SourceForge.net Logo

http-console - a vt102 terminal emulator that displays to a browser

Once installed, this program makes it possible to run a shell on a remote webserver using only a webbrowser for the terminal client. It does not require any browser plugins to work, only JavaScript on the webbrowser.

Screenshot of a vim session

Screenshot

To Install

How it all works

console.html makes a POST XMLHttpRequest to update.php. It supplies the console number and any outstanding keypresses as POST vars.
update.php first checks to see if /tmp/input${consolenumber}.fifo and /tmp/output${consolenumber}.fifo exist. If they both don't exist then it runs start.sh to start up http_console for these fifos.
update.php then sends any keypresses to the http_console task via /tmp/input${consolenumber}.fifo and finally reads an html "screen" from /tmp/output${consolenumber}.fifo which it returns to the browser.
console.html then replaces the <div> Screen section with the HTML.

Options to http_console

$ http_console [options]

In addition start.sh should be available in the same directory if you want html_console to be started automatically with the correct input and output fifos when console.html is run.

If you want to change the path to the fifos you will have to update update.php and start.sh.

IMPORTANT - SECURITY ISSUES

To have even modest security you must put these files in a web directory that requires authentication and trust everybody you give the username/password to.

There is currently no way to isolate sessions. Anybody with access to the console.html/update.php pages will be able to access any fifos in /tmp and can read/monitor any other session being run.

Some isolation can be achieved by having separate directories and separate -r <path> options to http_console.

I have not found a suitable method to enable a secure system. The best I can think of is to have http_console start an ssh session to another machine rather than an su/bash session on the webserver. (This would require a small code change to http_console.c) Provided nobody has access to the webserver then it should then be possible to use a unique, non-guessable, console id. But if anyone can do even an ls /tmp then this will not work.

$Id: index.html,v 1.10 2005/04/24 21:01:21 locofungus Exp $