GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Arno0x → TermGate

Arno0x / TermGate

Licence: other
A web application for running shell commands interactively on your server

Programming Languages

PHP
23972 projects - #3 most used programming language
CSS
56736 projects

TermGate

Author: Arno0x0x - @Arno0x0x

TermGate is a web application that allows you to run console (shell) commands on your remote server, including getting an interactive shell, directly from a web browser.

The initial idea was to create a PHP wrapper around the wonderful job done on the GoTTY project writen by Iwasaki Yudai. I decided to add a simple shell command call, much faster to execute for simple commands that don't need interaction or dynamic updates.

That means you can get a shell, or even an ssh client into your browser.

Check out this demo : Demo

The app is distributed under the terms of the GPLv3 licence.

Dependencies

On the server side, TermGate requires :

  • A Unix like system (Linux, BSD like, MAC OSX)
  • The sudo package, which is either installed by default on most Unix systems, or that you'll have to install yourself
  • PHP5 (or more recent)
  • GoTTY
    • Go grab a GoTTY binary release for your system. It's just one binary file, no dependencies or complex installation. Get the one file binary and drop it onto your system. It's available for almost every Unix flavor (including Raspberry Pi and MAC OSX).

TermGate also relies on one PHP5 library that you'll have to install on your own:

  • The SQLite3 library (Example on debian like systems: sudo apt-get install php5-sqlite)

Security Aspects

TermGate doesn't handle any user authentication or authorization. So you should put it behind some kind of authentication at the web server level. It is advisable to use a two factor authentication portal such as TwoFactorAuth (that I wrote :-)).

TermGate can be configured to only accept HTTPS (HTTP over SSL) connections, see the configuration file.

TermGate can be configured to allow only commands that are already stored in the "command set" database. Although it's not really a security feature, this might help controlling which commands are made available in the interface.

Installation & Configuration

  • Unzip the TermGate package in your web server's directory and ensure all files and folders have appropriate user:group ownership, depending on your installation (might be something like www-data:www-data).

  • Edit the configuration file config.php at the root path of TermGate directory and make it match your needs and your installation. Main parameters are :

    • GOTTY_PATH : Set it to the full path of the GoTTY binary you've previously installed.
    • GOTTY_TCP_PORT : Set the TCP listening port that will be used by GoTTY.
    • GOTTY_BIND_INTERFACE : Set the IP address GoTTY should bind on. If you choose to make GoTTY reachable behind an Nginx reverse-proxy (see section below), it is safer to set it to 127.0.0.1.
    • GOTTY_TERM : Set the TERM environment GoTTY will use (can be sometthing like 'vt100', 'xterm', etc.).
    • GOTTY_URL : Set the URL at which GoTTY will be reachable. Again this depends on whether or not you'll make it reachable behind Nginx, which GOTTY_TCP_PORT you set etc.
    • HTTPS_ONLY : If set to true, the application will only allow HTTPS connections.
    • RESTRICTED_COMMAND_SET : If set to true, only commands previously saved in the command set database can be executed. Also, no new command can be added, no command can be deleted. Initially, you must set it to false in order to add commands to you command set database.
    • RUN_AS_USER : By default, your web server and PHP server runs as a dedicated user (such as www-data) which is probably not the one you want to run commands as. This parameter allows you to tell which user will be used to execute commands. TermGate will need to be able to sudo to another user to execute all commands under the user's login shell. In order for this to work, it is required to modify the /etc/sudoers file. For example, if your web server is running as user www-data and you've set RUN_AS_USER to user pi, and this user's login shell is /bin/bash :
sudo echo "www-data ALL=(pi) NOPASSWD:/bin/bash" >> /etc/sudoers

[OPTIONNAL] NGINX integration

Nginx can be used as a reverse-proxy to access GoTTY. It prevents from opening another TCP port on the public facing interface of the web server. You'll have to edit your Nginx site configuration file.

Assuming the TermGate application was deployed in a location named /termgate/ on your webserver, that you set GOTTY_TCP_PORT to 3850, and that you set GOTTY_BIND_INTERFACE to 127.0.0.1, just add the following section within the "server" directive of your config file:

location /gotty/ {
    proxy_buffering off;
    proxy_pass_header Server;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;
    proxy_pass http://127.0.0.1:3850/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

Credits

Iwasaki Yudai for his fantastic GoTTY project.

If you have a feature request, bug report, feel free to contact me on my twitter page.

bitcoin Like this tool ? Tip me with bitcoins ! address

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].