Ajax-Driven SSH Access for Webserver Administration
I always wanted to have a possibility of having secure and reliable "emergency ssh access" to my webserver.
When it comes to secure, there is - for sure - nothing better then using a standard client application for ssh access (like putty for windows or cmdline ssh clients on unix-based systems).
But when it comes to reliability this is definiteley not the best option. Many many Networks filter most of the ports or even worse, they're urging you to use a proxy for all internet access.
Luckily there's a really nice solution out there which is - when configured the right way - as secure as a standard ssh client and the best thing - available whereever you've got http:// access to your server.
The piece of Software is called "Ajaxterm" and is basically a Python-based Server application with an easy-to-use AJAX-Driven Webfrontend.
As the Ajaxterm Server application itself only supports unencrypted access, the following Steps are need to get a secure browser-driven ssh client application.
- Install Ajaxterm (on debian-based systems (>=etch) do: "aptitude install ajaxterm")
- Configure Ajaxterm (/etc/default/ajaxterm on debian-based linux-systems) to connect to the ssh-port you have configured for your ssh-server
- Configure your Firewall to block direct access to the Ajaxterm-Port (you do not want anyone to open an ssh-session via unencrypted http)
- Configure your Webserver to proxy requests via an https-connection to the ajaxterm-server (which by default listens on port 8022)
For lighttpd the configuration for proxying the requests would have to look somehow like this:
$HTTP["url"] =~ "^/terminal/" {
proxy.server = ("" =>
( "example" =>
( "host" => "127.0.0.1",
"port" => 8022
)
)
)
}
To force https just add something like
url.redirect = ( "^/terminal" => "https://www.example.com/terminal/" )
to your lighttpd.conf.
That's all.
Just force a reload of the lighttpd.conf now and try calling ajaxterm (e.g. https://www.example.com/terminal/).
Enigma 2 Webinterface API refactoring and Code cleanup
Recently there was a discussion - ok, basically it was no discussion but agreeing on the facts - at enigma2-devel@lists.elitedvb.net about some inconsitencies in the xml structures of the enigma2 webinterface.
I took some hours and started to refactor all of the known incosistencies.
Most people may now think, "great, go get it committed" but this time it is not THAT easy...
Even though i tried hard to break as less things as possible with the changes that will be introduced with my next big commit, some Clients using the enigma2 Webinterface API will most probably run into some minor or major problems.
Major Changes:
- /web/gettags
- All nodes renamed
- example: <e2tags><e2tag>1</e2tag><e2tag>n</e2tag></e2tags>
- /web/getlocations
- All nodes renamed
- example: <e2locations><e2location>1</e2location><e2location>n</e2location></e2locations>
Minor Changes:
- /web/timerlist
- e2dirname : renamed to e2location
- /web/getcurrent
- e2eventstart : unix timestamp instead of a local time string
- e2eventremaining : seconds instead of a "+xy min" string
- /web/about
- replaced by /web/devicefino (formerly known as the temp /web/about2) but still available with some restrictions
- e2servicenamespace : not be present anymore (only as empty xml-node for avoiding exceptions)
- <e2iswidescreen>True/False</e2iswidescreen> instead of <e2serviceaspect>string</e2serviceaspect> ( will also stay as empty node )
- the PIDs will be available via /web/getcurrent (this is where this stuff belongs to), so will e2iswidescreen
- /web/deviceinfo is able to deliver all configured network interfaces, /web/getcurrent delivers pretty much all of the information available for the currently running service
- replaced by /web/devicefino (formerly known as the temp /web/about2) but still available with some restrictions
With those changes all xml nodes will always contain the same kind of data in a defined format and vice versa.
I know this will cause work for some people out there but I promise there won't be any heavy changes like this one anymore in the future.
Along with those obvious changes there will be a bunch of backend-changes - mainly Source/Converter stuff - no one will should notice at the frontend/xml side.
Togehter this will finally bring the webinterface into a release candidate quality-state.
I will offer an ipk containing all relevant API-Changes within the nex few Days (most probably before tuesday) here.
All Developers of third party tools are called to adjust their apps accordingly until 2 009-05-04 - meaning they've got 7 days for some pretty straightforward changes.
Comments are welcome!
EDIT:
I accidently took the wrong eclipse workspace with me so i do not have the changes here to provide you with a "preview-package".
I'll provide the file later and will delay the commit 3-4 days so everyone can prepare for the changes now and test them when i've released a preview package.
UPDATE: Here's a simple tarball wich contains all changes to the API: Webinterface tarball
UPDATE 2: I missed /web/getcurrlocation - fixed in this new Tarball
For comments please use the Dreambox Forum.
Wiimote auf Abwegen
Dass man mit der Wiimote einige echt coole Dinge anstellen kann ist ja mittlerweile nichts neues mehr. Ich finde folgende zwei Videos setzen den mir bisher bekannten Dingen dann doch nochmal die Krone auf!
1.
2.
Quellcode etc gibt es beim Author der beiden Videos