Gate One 0.9 Released, Brings SSH To the Web

Riskable writes "Dan McDougall (full disclosure: That's me) just publicly released the source code to Gate One, which is an HTML5-powered terminal emulator and SSH client. It is unique in that it doesn't require any browser plugins (it uses WebSockets) and supports multiple simultaneous terminals/SSH sessions in a single browser tab. It can resume users' sessions after being disconnected, and supports both client and server-side session recording/playback (view as a log or like a video). Gate One can also be embedded into other web-based applications such as administration interfaces, serial port concentrators, virtual appliances, or whatever."

sshd

[bolthole]

When is sshd in html5 coming, then?

Re:

[Synerg1y]

are you talking about mixing a web language with a protocol?

Re:

[Pieroxy]

That would be implementing a protocol with a language actually. Which makes sense, if the language was a programming language.

Re:

[loufoque]

sshd is not a protocol, it's a daemon.

Re:

[Tsingi]

Yeah, I have no clue what sshd in html5 means
As you say, sshd is a system daemon.

Re:

[loufoque]

You can code a ssh daemon in javascript.

Re:

[thePowerOfGrayskull]

A daemon is just a program that runs in the background. A daemon can be implemented in practically any programming language.

Re:

[rwa2]

When is sshd in html5 coming, then?

It's been out for a while...
http://antony.lesuisse.org/software/ajaxterm/ [lesuisse.org]

Unfortunately, it's still blocked by work; grrr :-P

I'm newb

[tesdalld]

I looked over the source code.... so how do i use this?

Re:

[GameboyRMH]

Looks like it runs as its own service, like a single-purpose http server. So it's not really pure HTML5 then, it's a service with an HTML5 frontend.

Re:

[omnichad]

Yeah - It's Python. No mention of that in the summary. My first thought was that it used WebSockets to make a connection to the real server, not an intermediate server. Shouldn't that be possible with a little more robust coding??

Re:

[GameboyRMH]

Unless there's a way in JS to open arbitrary network connections (and I don't think there is) it's not possible, since all WebSockets traffic is actually specialized traffic that runs on port 80. JS can only do WebSockets and regular HTTP requests AFAIK.

Re:

[omnichad]

Oh, right. I guess that's why they don't just call it Sockets. Still a misleading summary.

Re:

[DragonWriter]

Unless there's a way in JS to open arbitrary network connections (and I don't think there is) it's not possible, since all WebSockets traffic is actually specialized traffic that runs on port 80. JS can only do WebSockets and regular HTTP requests AFAIK.

You can open arbitrary network sockets in JavaScript, if you are using JavaScript in an environment that supports it (node.js, for instance), but, largely for security reasons, no browser-based JS implementation (at least, that I know of) supports this.

This

Re:

[DarwinSurvivor]

Exactly. If you could open arbitrary connection in JS, then your entire internal network would be vulnerable to the simplest of JS code.

Re:

[Riskable]

Install the dependencies:

sudo pip install tornado pyopenssl kerberos

...or if you don't have pip:

sudo easy_install tornado pyopenssl kerberos

Then use git to check out the code:

git clone git@github.com:liftoff/GateOne.git

Then you can run it like so:

cd GateOne/gateone; sudo ./gateone.py

...or you could just cd into the GateOne directory and run:

sudo python setup.py install

Which will install /opt/gateone. Then you could run it like so:

sudo /opt/gateone/gateone.py

There's some (incomplete but extensive) HTML do

Re:

[oakgrove]

You must have dug really deep for that one. Don't hurt yourself.

Re:

[dolmen.fr]

This [bellard.org] is the real "Linux on the desktop".

Re:

[styrotech]

You might have a point if the Windows or Mac procedure of building and installing a Python source package off github didn't look practically identical to that.

There was nothing *nix specific about any of those instructions.

Ajaxterm

[mrops]

Use it.

Accept for bells and whistles, how is this different from Ajaxterm.

I like all the eye candy and features and no doubt they are an improvement over what ajaxterm offers, however, ajaxterm is already a plugin free html based ssh terminal. Put it behind a apache https reverse proxy and block the real ajaxterm port from internet access and you get a pretty good pure html/ajax ssh shell.

Re:

[Riskable]

Ajaxterm, when a connection is open, polls the server every second to see if the terminal has been updated on the server (long polling). Also, when you close your browser window your Ajaxterm session will end. Then there's the fact that Ajaxterm doesn't really support proper copy & paste and it has to run at a specified terminal width and height ahead of time (Gate One auto-adjusts rows/cols to fill your browser window).

Gate One uses WebSockets which stay open... Meaning that whenever any of your ter

Re:

[oakgrove]

Try this [virtualbox.org]. You'll love it.

Cool

[pinkeen]

No more downloading putty!

From what I see ncurses apps work great too.

Re:

[mrclisdue]

I'll second the coolness. Very nice work.

cheers,

Re:

[Anonymous Coward]

No more downloading putty!

Instead you need to download and install python and a python based server.

Nice job!

[Drivintin]

Honestly the first practical thing I have done with HTML5. This thing is nice, clean, and fast!

Re:

[Desler]

Except it's a python app with an html frontend. Not that impressive.

Re:

[Tsingi]

I was looking for this exact thing just this morning. It's not hugely impressive, but it looks like no one else has done it. I did come across a lot of messages saying how it should be done.

Happy to see the code, I'll try it out. Much better than having to write it myself.

This isn't new.

[lolcutusofbong]

Shellinabox [google.com] has been doing this in JavaScript for a while now. There's source and binary packages for everything from Red Hat to Debian armel.

Re:

[Anonymous Coward]

what about FireSSH? http://firessh.mozdev.org/

Re:

[oakgrove]

Can you automatically resume the connection when closing and reopening the browser? Gate One does this.

Re:

[Riskable]

By default Gate One runs all sessions through the dtach program which is like a mini version of screen... So you CAN resume a session started from Gate One via some other connection method (e.g. traditional ssh). I really need to document how to do this because it is a pretty cool feature.

Re:

[jefe7777]

...just a head check, to see if anyone's paying attention.

this changes everything :)

[brenddie]

awesome job. Cant wait to try it on the intranet

Whatever?

[courteaudotbiz]

such as administration interfaces, serial port concentrators, virtual appliances, or whatever.

What is the "Whatever" part? Toasters? Refrigerators? :-)

Re:

[Riskable]

If it ever comes up in court I'm going to refer to your comment as evidence of obviousness!

Re:

[Baloroth]

Rockets [slashdot.org].

!HTML5 Powered

[Anonymous Coward]

Um, it's written in Python and runs as a service with a HTML5 frontend.

Re:

[nam37]

My thoughts exactly unless I'm missing something.

Re:!HTML5 Powered

[Timmmm]

Well obviously. The client is written in HTML5. If you knew anything at all about HTML5 you'd know it is impossible to write a "true" ssh client using HTML5. Instead this connects to a python server which then goes on to connect to the actual sshd. The point is that you don't need an ssh binary installed on the client.

You could actually remove ssh from the equation, but it looks like the gate server allows you to connect to *any* ssh server, so I guess that's why they didn't do that.

Re:

[multipartmixed]

> it is impossible to write a "true" ssh client using HTML5

Not so fast. Assuming you mean HTML5 + JavaScript, I think you could, provided you were allowed to hop through an HTTP proxy that supports the CONNECT method.

For those of you about to suggest that a crypto stack written in JS would be slow -- I don't think it would be as slow as the CPU in my 15-year-old Cisco switches.

Re:

[Timmmm]

Wouldn't work. You can still only send HTTP or websockets, and websockets have hand-shaking and framing that you can't remove.

Re:

[msobkow]

Ooo. A web app. That really deserved the front page of Slashdot.

Tomorrow on Slashdot: Someone compiles a program.

Re:

[Riskable]

I could be feeding a troll here but... The problem with writing a terminal emulator using old-school methods ("HTML4 Powered") is the latency and overhead associated with long-polling and long-held HTTP streams. It would be incredibly slow and inefficient to have more than one terminal open at a time. I know this for a fact. How?

I've written such an app [launchpad.net]

No one ever used it--not even me. Because it sucked. Without WebSockets and Web Workers such a thing will always be slow. Without HTML5's "contentEdit

Re:

[heathen_01]

I could be feeding a troll here but...

People do not yet understand the power of websockets yet. Keep up the fantastic work.

Re:

[dolmen.fr]

The real HTML5 power would be if the SSH encryption was implemented on the client in JavaScript. I'm sure someone will soon do it.
With the current implementation the Python back-end is still a man-in-the-middle that knows the user password and can record everything.
Anyway the terminal emulation and chrome around it looks cool!

Re:

[Riskable]

I wanted to point out that you're absolutely right: Gate One *could* be modified to record user passwords. But then again, so could the SSH server you're connecting to. The attacker wouldn't even have to change the host keys. So with SSH you have to trust the server you're connecting to and Gate One is no different.

I would *LOVE* to put the encryption on the client end though. That would be one hell of a hack and I'm willing to give it a try. My biggest worry would be that JavaScript might just be too

Re:

[Riskable]

The problem with private keys as you suggest is that they have vulnerabilities of a different sort: They don't scale and they lack centralized administration. Someone suggested in another thread that it would be great if users could store their private SSH key on a USB thumb drive. To me, this sure sounds convenient to the user but it would be a nightmare for anyone that employed them. They could be fired for insubordination and walk right out the door with a key that lets them remotely access all of the

Finally, an ssh client as secure as a browser!

[Vellmont]

I've always dreamed that one day, someone will make an SSH client in a browser so all the fun XSS,, CSRF, and the bevy of other web vulnerabilities could come to SSH. SSH has just been to darn secure over the years, but now with this new application, an SSH client can be just as insecure as everything on the web. Thanks!

Re:

[Pharmboy]

An SSH client can be insecure without it being in a web browser. It isn't the programming language that makes it insecure, it is the programmer.

I can picture plenty of ways to use this as a lame method to exploit, but they are all more effort than the current methods. I guess someone could embed this in a hidden webpage popup, use the persons computer to then try to hack various sites via ssh, but that seems like it is more work than using a simple trojan to install a background process to do the

Re:

[Vellmont]

It isn't the programming language that makes it insecure, it is the programmer.

It's the programmer, AND the environment the application was written in. A web browser isn't exactly a secure environment.

Re:

[Animats]

Mod parent up.

Not everything should be done in a web browser.

Take a look at the source code which stores SSH authentication information in browser cookies. [github.com] In plaintext. In JSON. Idiots will start using this, and they'll open a back door into a remote server.

Re:

[Tacvek]

No ssh authentication information is stored in cookies. Only the username used to authenticate to GateOne itself lives in the cookie, and it is a signed unforgeable cookie.

Re:

[Riskable]

If you weren't in such a hurry to be negative you'd realize that the cookies are ENCRYPTED. And I'm not just talking about the fact that Gate One runs over SSL. No, the cookie Gate One uses is itself encrypted. There's a reason why the function is called set_secure_cookie().

Re:

[Riskable]

Let's see...

XSS: Since there's no "cross-site" anything in Gate One I'd be really interested to see how this would work!
CSRF: Again, there's no "cross-site" to speak of.

The only vulnerability that concerns me with Gate One is the potential for session hijacking... To get around this Gate One uses encrypted cookies but that doesn't stop an attacker from copying the entire cookie. Then again, if the attacker has access to the cookie in such a situation they probably have access to the whole browser so it'

Emulator?

[AaronLS]

I'm curious why is the term "emulator" used? What about this makes in an emulator of a SSH terminal? Is it just because it's being run in a web browser?

Re:

[Sancho]

http://en.wikipedia.org/wiki/Terminal_emulator [wikipedia.org]

That may help you understand.

Re:Emulator?

[cornface]

Because it is emulating a terminal, which back in the stone age was an actual piece of physical hardware.

Sometimes they were magical interactive typewriters which is where the abbreviation 'TTY' comes from.

Re:

[msobkow]

It won't be too many years before someone would have posted in response to your comment:

"What's a typewriter?"

Just a matter of time. My nieces were already baffled by a couple cassettes I had lying around.

Re:

[cburley]

Because it is emulating a terminal, which back in the stone age was an actual piece of physical hardware.

Sometimes they were magical interactive typewriters which is where the abbreviation 'TTY' comes from.

Pretty sure 'TTY' comes from "Teletype".

Re:

[cornface]

What do you think a Teletype is? Teletypewriter. Jesus christ.

Re:

[petermgreen]

A terminal is a peice of hardware with a keyboard and a screen or printer that you use to access a computer.

A terminal emulator is a software program that runs on a general purpose computer that has a local keyboard and mouse and emulates a terminal. Usually a fairly advanced terminal.

A ssh client is a peice of software used to log into a remote computer over ssh and connect your terminal to it.

On *nix terminal emulators and ssh clients are usually seperate but ones designed for use in other environments ar

Not all parts run in the browser

[Anonymous Coward]

Seems to be that Python is doing the real work and being a web server, and the HTML/js part interfcaes to there. Not bad, but... not ssh in html5/js either.

Does it require backend functionality?

[hydrofix]

What kind of server-side support does this require? I bet I can not just run it from a static HTML file.

Key pairs?

[Neil Watson]

In the demo the author uses a password to login via SSH. In the documentation I see no option to use a private key.

Re:Key pairs?

[Riskable]

Private key support is forthcoming... I had it working just fine but then I had the bright idea of writing a plugin system for Gate One and making the SSH part just another plugin :)

Key-based SSH authentication and user management thereof should be there in 1.0. Really, it isn't rocket science... Just a matter of wrapping a GUI around the functions that are already there in the code.

Re:

[dolmen.fr]

I had the bright idea of writing a plugin system for Gate One and making the SSH part just another plugin :)

Key-based SSH authentication and user management thereof should be there in 1.0.

Are theese the parts that you plan to make your businness with? At least they do not seem to be in the GitHub repo...

Re:

[Riskable]

The business parts will be selling support/indemnification contacts and proprietary licenses ( so companies can embed Gate One without having to comply with the terms of the AGPLv3).

The key management parts of the code are sitting in an archive directory on my laptop at the moment. Just have to do some copying, pasting, and a little bit of logic rework.

Web 2.0

[Sduic]

So I can use HTML5 to SSH [slashdot.org] into my Linux on Javascript [slashdot.org] server, so I can play a game of TF2 with WebGL [slashdot.org]?

Now if only I could surf the web...

...but does require a server plugin

[david.given]

You need a daemon to proxy between the WebSocket connection (which, remember, isn't a straight TCP stream) and the ssh server proper. Although it appears this doesn't need to be on the machine that the ssh server is running on, so it doesn't look like too much of a hardship. Also, I can't find any reference of which of the umpteen different WebSocket variants it supports.

There's actually a number of these things out already, such as ConsoleFish [serfish.com] or ShellInABox [google.com]. There's also an HTML5 VNC client [github.com], which looks very interesting.

Re:

[Riskable]

Which variants of WebSockets does it support? Both (there's really only two real-world implementations) by way of the Tornado framework [tornadoweb.org]. In earlier builds of Gate One it only worked with the old implementation of WebSockets but once the Tornado guys started supporting the final draft of the protocol Gate One instantly supported it as well.

For reference, I am not aware of a single other web-based terminal emulator that can resume sessions after closing your browser. Even the commercial SaaS vendors don't

Re:

[david.given]

Yes, that is a neat trick --- the most obvious way I can think of of doing that is to do all the ssh processing on the client, and make the daemon a simply proxy; but a quick look at the source code shows you don't appear to be doing that. Or at least, I couldn't find it.

Unfortunately the platform I'd really like this to work on, my Kindle, doesn't support WebSockets (of any kind)...

I have, in fact, been vaguely thinking about trying to recompile a Java ssh client library under GWT and trying to make th

Re:

[Riskable]

For reference, Gate One can also be used in place of an SSH daemon. Just have it run /bin/login instead of ssh_connect.py. Example

sudo ./gateone.py --command=/bin/login

...and you've got yourself a web-based equivalent to logging into the console. This is especially handy if your server is configured to use LDAP/Kerberos authentication and for whatever reason that broke (you can still login as root this way).

Questions

[dyingtolive]

I have a few questions (so I only skimmed TFA...)

1) Does this handle the actual SSL connection server side, not client side (as certain web based IRC clients I've seen will), so then, for example, this could be used to effectively ssh to a box through an HTTP proxy, assuming the proxy was between you and the webpage, not the webpage and the target box to ssh to?

2) Assuming the answer to number 1 is yes, how does this differ from Ajaxterm? Is it less of a royal pain in the ass to configure? Is it fast

Re:

[Riskable]

1) Yes, it can be used to effectively SSH to a box through an HTTP proxy. I do it all the time! The only caveat being that some proxies don't work with WebSockets (old, garbage ones).

2) Ajaxterm uses a completely different method to communicate with the client... long-polling. Essentially, it hits the web server every second (forever--util you close the browser tab) checking for updates to your terminal. This is slow and very inefficient (high latency). Also, it would be silly to use this method to su

Re:

[dolmen.fr]

Then there's the fact that Gate One has a zillion features that are missing from Ajaxterm... The most important of which is the terminal emulation isn't nearly as buggy! LOL. For reference, I am intimately familiar with Ajaxterm as I wrote an older, similar program a few years ago that was based off of it.

BTW: I HATE debugging the terminal emulator!

Do you plan to provide a terminfo definition for your terminal?

Re:

[Riskable]

My goal is to get Gate One emulating an xterm as closely as possible. So xterm's terminfo definition should work. However, it might be the case that Gate One ends up with one or two differences that might warrant its own definition. Great question though... It is something I've definitely thought about.

Re:

[dyingtolive]

Thanks Dan. Sounds promising. I eventually gave up on Ajaxterm just because of how frustratingly slow it was. I'm gonna give your Gate One a shot and see what I think.

FireSSH

[jasonla]

FireSSH [mozilla.org] is better. The client runs locally on your machine through FF. No server plugin required. And you don't have to worry about the server hosting the HTML5 frontend going down with FireSSH, unlike this Gate One [liftoffsoftware.com]'s 404 and 500 errors.

Re:

[dbIII]

The downside of such things is trying to use them over free WiFi that blocks anything apart from port 80 - or other situations that stop you just getting in with normal ssh. Getting the server to do it all via a web page gets around that problem.

Re:

[daid303]

Port 443 I hope. You better run you web-ssh session over https instead of http.

Re:

[dbIII]

I'd hope so too but what do you do when everything other than port 80 is blocked? I'll have to admit my solution when I hit that problem was to go into the office, but there must be some measures that can be taken with cgi scripts that can prevent a proxy getting somehting meaningful out of a web ssh session on port 80.

Re:

[Riskable]

There's nothing stopping you from running Gate One on port 80 with SSL still enabled. Your proxy might block the tunnel but it's worth a shot.

Re:

[jago25_98]

Bear in mind that this may still have firewalling problems

X?

[markdavis]

OK, but if you can get X11 tunneling though and displaying in the browser, too, then I will be REALLY impressed ;)

Re:

[Riskable]

Believe it or not, I have this in the TODO for Gate One 2.0. It will require implementing the X11 protocol in JavaScript using the canvas element. It shouldn't be too difficult... Just extremely time consuming. Which is something I don't have much of these days.

ajaxterm?

[inzy]

doesn't ajaxterm already do this?

http://wiki.kartbuilding.net/index.php/Ajaxterm [kartbuilding.net]

Re:

[daid303]

Guess Slashdot is falling for buzzwords like HTML5. Other then that, it's not special at all.

Re:

[Kevin Stevens]

Yeah I was going to say, I have been using ajaxterm for a few years now. It has its quirks, but it works and gives me access to my home network. For those times when you just can't tolerate the company firewall, it will do.

Re:

[stillnotelf]

Eternal beta worked well for GMail... (although frankly I agree with you)

Re:

[tesdalld]

Its Gate .05 because its beta. If it was Gate 1.0 it would be version cupcake.

Re:

[bugnuts]

It is, but it's spelled "Gate One".

The arbitrary version is 0.9.

Re:

[Zancarius]

It looks to be written using Tornado [tornadoweb.org], which means that the WebSocket app is served up by the Python backend. In other words, this isn't a stand alone HTML-only implementation, which would be impossible since that's not what WebSockets do.

Re:

[Riskable]

Key-based authentication will be available in Gate One 1.0. It used to be there (and work) but it got lost when I wrote Gate One's plugin system and decided that SSH support should simply be a plugin (in case someone wanted to embed Gate One into something else without having all that SSH-specific stuff).

Shouldn't take me long to re-implement it so keep checking for updates.

Re:

[Riskable]

Gate One is meant to run on a server. As in, you setup a Gate One server on your network and then you connect to it from a client machine (Windows works fine for this). Another way it can be used is on a server... As a backup in case the SSH daemon stops working or, say, to embed a terminal into a web-based administration interface.

Of course, you could run it on your desktop and use it like a traditional SSH client (I do it every day when I'm working on it) but it wouldn't be as useful.

Re:

[Riskable]

Apparently you access a lot of "publicly available" SSH servers? I don't know about you but all the SSH servers I connect to on a regular basis are "private".

Regardless, key-based authentication will be there in Gate One 1.0. Passphrases and all.

Re:

[Riskable]

No need to wait... Just don't use Gate One during a period of intense solar flare activity. TRUST ME on this one! You didn't last time around and it didn't work out so well!

Re:

[Riskable]

I haven't set the website up yet (which is why I didn't link to it anywhere but a few places in the docs). There's also a note on the Github page saying this.

Re:

[Riskable]

The sound file is only temporary regardless. I'll be picking/making something else for 1.0. Probably the favicon too.

Nice catch though. Most people would never have noticed that.

Re:

[Riskable]

So I guess I should've made the website selling the product first before making the actual product? Do you work for Microsoft?